From rforno at infowarrior.org Sat Jul 3 19:11:47 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 3 Jul 2010 20:11:47 -0400 Subject: [Infowarrior] - 1918 Chaocipher Revealed Message-ID: <24C5BE5C-97D6-414D-9930-455F0524A73A@infowarrior.org> CHAOCIPHER REVEALED: THE ALGORITHM Moshe Rubin ? 2 July 2010 ADDRESS: Rechov Shaulson 59/6, Jerusalem 95400 ISRAEL; mosher at mountainvistasoft.com. ABSTRACT: Chaocipher is a method of encryption invented by John F. Byrne in 1918, who tried unsuccessfully to interest the US Signal Corp and Navy in his system. In 1954, Byrne presented Chaocipher-encrypted messages as a challenge in his autobiography ?Silent Years?. Although numerous students of cryptanalysis attempted to solve the challenge messages over the years, none succeeded. Chaocipher has been a closely guarded secret known only to a handful of persons. Following fruitful negotiations with the Byrne family during the period 2009-2010, the Chaocipher papers and materials have been donated to the National Cryptologic Museum in Ft. Meade, MD. This paper presents the first full disclosure and description of Byrne?s Chaocipher algorithm...... http://www.ciphermysteries.com/2010/07/03/the-chaocipher-revealed From rforno at infowarrior.org Sun Jul 4 08:51:48 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 4 Jul 2010 09:51:48 -0400 Subject: [Infowarrior] - BP, DHS blocking press in gulf - felony charges and fines now Message-ID: I agree w/AC here. The press is not the enemy here to anyone other than those who fear the presentation of what's happening in the Gulf. Oh wait -- I guess, the press is the enemy. :( -rick BP, Government Blocking Press from Reporting Their ?Ballet at Sea? http://blogs.alternet.org/movingtrainmedia/2010/07/03/bp-government-blocking-press-from-reporting-their-ballet-at-sea/ ... the CNN video of the AC360 segment is at the ZeroHedge link below. BP plc And The Administration Replace First Amendment With $40,000 Fine And Class D Felony Submitted by Tyler Durden on 07/03/2010 18:54 -0500 CNN's Anderson Cooper, one of the few people who apparently hasn't or isn't leaving the troubled news network (surely Ted Turner has learned by now from CNBC that his female anchors should wear transparent body suits, show belly button deep cleavage, and install a stripper pole or seventeen for those ever more elusive Nielsen points), reports some troubling developments out of New Orleans. "The coast guard today announced new rules keeping photographers, reporters and anyone else from coming within 65 feet of any response vessel or booms, out on the water or on beaches. In order to get closer you need to get direct permission from the coast guard captain of the Port of New Orleans. Shots of oil on beaches with booms - stay 65 feet away. Pictures of oil soaked booms useless laying in the water because they haven't been collected like they should. You can't get close enough to see that. And believe me, that is out there. But you only know that if you get close to it, and now you can't without permission. Violators could face a fine of $40,000 and class D felony charges. The coast guard tried to make the exclusion zone 300 feet before scaling it down to 65 feet." While Cooper's conclusion is spot on, "we are not the enemy here, those of us down here trying to accurately show what is happening down here, we are not the enemy. If we can't show what is happening, warts and all, no one will see what is happening, and that makes it very easy to hide failure and hide incompetence", it doesn't matter, and little by little, nothing else matters, except for what the administration, the Fed, and the megacorps think it is in America's best interest to be able to see, hear, read, do, and what assets they have, where they can invest... especially if all this is done in conjunction with maxing out yet another credit card to buy the latest and greatest weekly edition of the iPhone. http://www.zerohedge.com/article/bp-plc-and-administration-replace-first-amendment-40000-fine-and-class-d-felony From rforno at infowarrior.org Mon Jul 5 16:58:54 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 5 Jul 2010 17:58:54 -0400 Subject: [Infowarrior] - TSA to Block "Controversial Opinion" on the Web Message-ID: <03A98DF2-C88D-4380-A1AC-0E4609B43D30@infowarrior.org> July 3, 2010 12:53 PM TSA to Block "Controversial Opinion" on the Web http://www.cbsnews.com/8301-31727_162-20009642-10391695.html The Transportation Security Administration (TSA) is blocking certain websites from the federal agency's computers, including halting access by staffers to any Internet pages that contain a "controversial opinion," according to an internal email obtained by CBS News. The email was sent to all TSA employees from the Office of Information Technology on Friday afternoon. It states that as of July 1, TSA employees will no longer be allowed to access five categories of websites that have been deemed "inappropriate for government access." The categories include: ? Chat/Messaging ? Controversial opinion ? Criminal activity ? Extreme violence (including cartoon violence) and gruesome content ? Gaming The email does not specify how the TSA will determine if a website expresses a "controversial opinion." There is also no explanation as to why controversial opinions are being blocked, although the email stated that some of the restricted websites violate the Employee Responsibilities and Conduct policy. The TSA did not return calls seeking comment by publication time. From rforno at infowarrior.org Wed Jul 7 09:47:33 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 7 Jul 2010 10:47:33 -0400 Subject: [Infowarrior] - TSA drops policy blocking 'controversial' sites Message-ID: <48559EA8-9D09-4E62-A51D-47D7BC030F91@infowarrior.org> TSA drops policy blocking 'controversial' sites Revises 'acceptable use' for Internet access after criticism By Joseph Weber and David R. Sands 7:13 p.m., Tuesday, July 6, 2010 http://www.washingtontimes.com/news/2010/jul/6/sughed-tsa-backs-down-internet-site-policy/print/ After an uproar from conservative bloggers and free-speech activists, the Transportation Security Administration late Tuesday rescinded a new policy that would have prevented employees from accessing websites with "controversial opinions" on TSA computers at work. The ban on "controversial opinion" sites, issued late last week, was included as part of a more general TSA Internet-usage policy blocking employee access to gambling and chat sites, as well as sites that dealt with extreme violence or criminal activity. But the policy itself became controversial as the Drudge Report and a number of conservative bloggers highlighted the possibility that the policy could be used to censor websites critical of the agency or of the Obama administration in general. The American Civil Liberties Union also questioned the language. TSA spokeswoman Lauren Gaches said the agency's revised "acceptable use" policy for Internet access on the agency's network was designed to block sites "that promote destructive behavior to one's self or others." "After further review, TSA determined the 'controversial opinion' category may contain some sites that do not violate TSA's policy and therefore has concluded that the category is no longer being considered for implementation," she said in an e-mail to The Washington Times. Before abandoning the guideline, agency officials said the policy changes were intended to address "evolving cyberthreats," but did not explain exactly what was meant by "controversial opinions" and whether Internet sites with conservative or other politically oriented viewpoints would be targeted under the new guidelines. The changes were first reported over the weekend by CBS News, which obtained an internal memo sent to agency staffers. The memo was the lead item on the widely read Drudge Report site. The agency's Office of Information Technology informed TSA staffers of the change Friday via e-mail. The notice listed five categories of sites that were "inappropriate for government access" chat/messaging; criminal activity; gaming; extreme violence; and those that feature controversial opinions. The inclusion of the "controversial opinion" category immediately raised eyebrows. "There's always a danger that threats are used to justify over-broad restrictions on speech and other freedoms," said Jay Stanley, an American Civil Liberties Union privacy expert, before the TSA announced it was dropping the idea. "But it's disturbing to see the TSA get the balance all wrong on that." A number of conservative bloggers suggested the TSA policy change was an attempt by the Obama administration to target opposing viewpoints or criticism. "We have known for years that the government has talked about the possibility of censoring the Internet to thwart opinion, but this is the biggest it has ever gotten," said a posting Tuesday on the "Conservative for Change" blog site. "When will we be able to get back to when people actually had the freedom to make sound decisions for themselves and not have some government tell them how it should be?" The TSA episode was not the first time the Department of Homeland Security, which oversees the agency, has gotten into hot water with conservative critics. Conservatives objected strongly to an April 2009 directive by the department that warned law enforcement officials about a possible increase in "rightwing extremist activity." The details of the warning were first reported in The Washington Times. Homeland Security Secretary Janet Napolitano later apologized to veterans for the report, which stated the increased risks were posed in part by a few disgruntled veterans who could swell the ranks of racist militia groups. From rforno at infowarrior.org Wed Jul 7 19:03:42 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 7 Jul 2010 20:03:42 -0400 Subject: [Infowarrior] - U.S. Program to Detect Cyber Attacks on Infrastructure Message-ID: U.S. Program to Detect Cyber Attacks on Infrastructure By SIOBHAN GORMAN - The Wall Street Journal http://online.wsj.com/article/SB10001424052748704545004575352983850463108.html The U.S. government is launching an expansive program dubbed "Perfect Citizen" to detect cyber assaults on private U.S. companies and government agencies running critical infrastructure such as the electricity grid and nuclear power plants, according to people familiar with the program. The surveillance by the National Security Agency, the government's chief eavesdropping agency, would rely on a set of sensors deployed in computer networks for critical infrastructure that would be triggered by unusual activity suggesting an impending cyber attack, though it wouldn't persistently monitor the whole system, these people said. Defense contractor Raytheon Corp. recently won a classified contract for the initial phase of the surveillance effort valued at up to $100 million, said a person familiar with the project. An NSA spokeswoman said the agency had no information to provide on the program. A Raytheon spokesman declined to comment. Some industry and government officials familiar with the program see Perfect Citizen as an intrusion by the NSA into domestic affairs, while others say it is an important program to combat an emerging security threat that only the NSA is equipped to provide. "The overall purpose of the [program] is our Government...feel[s] that they need to insure the Public Sector is doing all they can to secure Infrastructure critical to our National Security," said one internal Raytheon email, the text of which was seen by The Wall Street Journal. "Perfect Citizen is Big Brother." Raytheon declined to comment on this email. However, a U.S. military official called the program "long overdue" and said any intrusion into privacy is no greater than what the public already endures from traffic cameras. It's a logical extension of the work federal agencies have done in the past to protect physical attacks on critical infrastructure that could sabotage the government or key parts of the country, the official said. U.S. intelligence officials have grown increasingly alarmed about what they believe to be Chinese and Russian surveillance of computer systems that control the electric grid and other U.S. infrastructure. Officials are unable to describe the full scope of the problem, however, because they have had limited ability to pull together all the private data. Perfect Citizen will look at large, typically older computer control systems that were often designed without Internet connectivity or security in mind. Many of those systems?which run everything from subway systems to air-traffic control networks?have since been linked to the Internet, making them more efficient but also exposing them to cyber attack. The goal is to close the "big glaring holes" in the U.S.'s understanding of the nature of the cyber threat against its infrastructure, said one industry specialist familiar with the program. "We don't have a dedicated way to understand the problem." The information gathered by Perfect Citizen could also have applications beyond the critical infrastructure sector, officials said, serving as a data bank that would also help companies and agencies who call upon NSA for help with investigations of cyber attacks, as Google did when it sustained a major attack late last year. The U.S. government has for more than a decade claimed a national-security interest in privately owned critical infrastructure that, if attacked, could cause significant damage to the government or the economy. Initially, it established relationships with utility companies so it could, for instance, request that a power company seal a manhole that provides access to a key power line for a government agency. With the growth in concern about cyber attacks, these relationships began to extend into the electronic arena, and the only U.S. agency equipped to manage electronic assessments of critical-infrastructure vulnerabilities is the NSA, government and industry officials said. The NSA years ago began a small-scale effort to address this problem code-named April Strawberry, the military official said. The program researched vulnerabilities in computer networks running critical infrastructure and sought ways to close security holes. That led to initial work on Perfect Citizen, which was a piecemeal effort to forge relationships with some companies, particularly energy companies, whose infrastructure is widely used across the country. The classified program is now being expanded with funding from the multi-billion-dollar Comprehensive National Cybersecurity Initiative, which started at the end of the Bush administration and has been continued by the Obama administration, officials said. With that infusion of money, the NSA is now seeking to map out intrusions into critical infrastructure across the country. Because the program is still in the early stages, much remains to be worked out, such as which computer control systems will be monitored and how the data will be collected. NSA would likely start with the systems that have the most important security implications if attacked, such as electric, nuclear, and air-traffic-control systems, they said. Intelligence officials have met with utilities' CEOs and those discussions convinced them of the gravity of the cyber threat against U.S. infrastructure, an industry specialist said, but the CEOs concluded they needed better threat information and guidance on what to do in the event of a major cyber attack. Some companies may agree to have the NSA put its own sensors on and others may ask for direction on what sensors to buy and come to some sort of agreement about what data they will then share with the government, industry and government officials said. While the government can't force companies to work with it, it can provide incentives to urge them to cooperate, particularly if the government already buys services from that company, officials said. Raytheon, which has built up a large cyber-security practice in recent years, is expected to subcontract out some of the work to smaller specialty companies, according to a person familiar with the project. From rforno at infowarrior.org Thu Jul 8 08:18:38 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 8 Jul 2010 09:18:38 -0400 Subject: [Infowarrior] - Confusion over 'secret code' in US military Cyberforce crest Message-ID: Confusion over 'secret code' in US military Cyberforce crest By Lewis Page Posted in Government, 8th July 2010 12:44 GMT Free whitepaper ? The Register Guide to Enterprise Virtualization http://www.theregister.co.uk/2010/07/08/cyber_command_crest_md5/ Online puzzle fiends are struggling to crack a "secret" cryptogram included in the newly-formed US military cyber command's official seal. Most of the confusion arises from an extra hyphen in the Command official mission statement. What's a good way of symbolising codes 'n' stuff, Larry? As can be seen in the image above, the Cyber Command seal's inner golden ring has the legend 9ec4c12949a4f31474f299058ce2b22a inscribed on it. This has been discussed online for some time, but Wired was the first media channel to notice it this week. The mag's online defence blog is offering a free T-shirt or a ticket to the International Spy Museum to the first person to crack the "code". In fact the string of characters is merely an MD5 hash of the Command's mission statement: USCYBERCOM plans, coordinates, integrates, synchronizes and conducts activities to: direct the operations and defense of specified Department of Defense information networks and; prepare to, and when directed, conduct full spectrum military cyberspace operations in order to enable actions in all domains, ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries. Provided that this is entered correctly into a hash generator, the Cyber Command seal string is produced. That appears to be all there is to it - a reasonably technically literate effort in the context of US military heraldry, but scarcely much of a puzzle. Some confusion has been caused by the fact that US Strategic Command, in charge of USCYBERCOM, offers a slightly altered mission statement - with a superfluous hyphen in "full spectrum". We certainly aren't the first to notice this, and anyway we prefer our Vulture T-shirts here, so we'll leave the Wired competition glory to someone else. ? From rforno at infowarrior.org Thu Jul 8 20:57:38 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 8 Jul 2010 21:57:38 -0400 Subject: [Infowarrior] - OT: Lebronapalooza....yawwwwn Message-ID: Yes, this pretty much sums up my feelings on the matter. -rick A sneak peek of the LeBron James Show Fox Sports Jeff Cawood Updated Jul 8, 2010 6:46 PM ET http://msn.foxsports.com/nba/story/sneak-peek-at-lebron-james-show-070710 On Thursday night at 9 p.m. Eastern, LeBron James will make his long awaited announcement revealing where he will play next season. The following notes were found in the trash can in the conference room after an ESPN / LeBron James Entertainment production meeting. LEBRON JAMES SHOW {SEGMENT ONE} {Voice Over Announcer -- Show Open-music that evokes images of 18th century England} King James is the greatest thing since the other side of the pillow. He even has his own version of the Bible. Six castles anxiously await, hoping they are about to be conquered by the 25 year-old King with no ring. {Stuart Scott on camera} Hello. Welcome to ESPN?s hour-long LeBron James infomercial. The United States is in the longest war in its history and there is no end in sight. The Gulf of Mexico is being destroyed and there isn?t a damn thing we can do about it. Unemployment is through the roof and still hovers around 10 percent. But on to the important stuff, exalting King James. Can I get a witness! {cue majestic sounding :05 music cut} {Topic-Has there ever been a more narcissistic athlete than King James?} {Scott on camera} We would like to welcome Chad Ochocinco, Rickey Henderson, Alex Rodriguez and Michael Jordan to our Bristol studios to answer the question that has crossed everyone?s mind the past few days: Is LeBron James the most narcissistic athlete in the history of sports? {guest argue for 7:00 like "The O?Reilly Factor"}: {Michael Jordan sound bite} "I never referred to myself as Air Jordan." {Alex Rodriguez sound bite} "I might kiss my own image in the mirror, but at least I don?t send out tweets claiming to be a King." {Chad Ochocinco sound bite} "What about me guys? Don?t forget about me...." {Scott on camera. Tease segment two. Toss to commercial break} Thanks guys. What a perfect panel to determine who, in fact, is the most narcissistic athlete of all time. When we return to ESPN?s LeBron James infomercial, we will run a heartwarming feature on LeBron James and what a great guy he is. Stay tuned ? {SEGMENT TWO} Where to? The most coveted free agent in NBA history is up for grabs. Check out his most likely landing spots and keep up with everything you need to know about the Summer of LeBron. {Back from commercial break - cue Tom Petty "It?s Good to Be King" played over LeBron James video where he looks regal} {Scott on camera} King James is a great guy for revealing his decision in such a long, drawn-out, dramatic fashion. It has nothing to do with marketing or self-promotion. It?s all for charity. Here?s a warm and fuzzy story about King James, the philanthropist. {cue sickly piano music} {3:00 feature on King James the philanthropist} {out of feature Scott voice over full-screen graphic} Here is a list of every good deed King James has ever done ? a reminder that ESPN?s coverage of the LeBron James infomercial has nothing to do with marketing or self promotion. It?s all for charity. Some people actually believe that. {ad lib good deeds} {Scott on camera: Tease Segment 3. Toss to break} King James is a great guy. And we are getting closer to the big moment. Only King James knows the locale of the NBA?s future dynasty. The King reveals his choice, coming up on ESPN?s coverage of the LeBron James infomerical. {SEGMENT THREE} {Back from commercial break. Cue Kurtis Blow ``If I Ruled the World?? played over LeBron James dunk video} {Scott on camera} Welcome back to ESPN?s continuing coverage of the LeBron James infomercial. The NBA?s free agent free-for-all is about to come to a close. Carlos Boozer signed a five year, $80 million contract with the Bulls. Chris Bosh will join Dwayne Wade in Miami. But who gives a crap about those scrubs? This is an hour-long special about King James. Let D-Wade?s agent negotiate his own show. Since we are dedicating an hour to hard news that could be reported thoroughly in less than three minutes, we?ve got a lot of time to fill. We are about to ask every NBA reporter, columnist or former NBA player we can find what they think will happen. {PRODUCER?S NOTE -- Have a variety of King James video clips ready to air under the chat in case it seems redundant and/or boring} {Scott on camera, segment 4 tease, toss to break} Now you can put a face with the newspaper writer?s name. Up next on ESPN?s coverage of the LeBron James infomercial, the King himself graces us with his presence. Sort of. He?s in an undisclosed location via satellite. You didn?t really think the King would come to Bristol, Connecticut, did you? His royal highness reveals which city he will bless, coming up next on ESPN?s continuing coverage of the LeBron James infomercial. {SEGMENT 4} {Back from commercial break. Cue Steve Martin ``King Tut?? music played over LeBron James great plays} {Scott on camera} Welcome back to ESPN?s never-ending coverage of the LeBron James infomercial. Now, for the moment you?ve all been waiting for. After 55 minutes of the kind of bloated, overindulgent flab that you?ve come to expect from the Worldwide Leader, now we are getting to the point. But first, a word from our sponsor. Remember, this is all for charity. {roll commercial break} {SEGMENT 5} {Back from commercial break. Cue theme from "Lion King" over a montage of fans in bars in Miami, New York, Chicago and Cleveland who are anxiously awaiting the King?s revelation. Try to get shots of balding guys with pony tails wearing replica jerseys. Or women who look like they are about to cry} {Scott on camera} Welcome back to ESPN?s never-ending coverage of the LeBron James infomerical. Now, at last, the bourgeoisie will know what their King has decided. King James is kind enough to join us from an undisclosed location. {cue :10 "Hail to the Chief" music} {take remote shot - LeBron enters the room and sits on a throne. His entourage stands as he enters the room. Wearing a crown. And a purple cloak.} {Scott on camera} King James, we here at ESPN are so honored that you have chosen us to assist with your public relations. Most athletes just want to be in our silly commercials, but no one has such vision as you, your highness. Now for the moment we?ve all been waiting for. Tell us, King James, where will be your next kingdom? (King James answers from remote) "Rosebud" {Scott on camera} And that will mercifully conclude ESPN?s coverage of the LeBron James infomercial. We will end the show with a kickass King James music video. I?d like to thank the Executive Producer of this show, LeBron James. Coming up next on ?30 for 30,? producer Spike Lee searches the playgrounds of New York City for the next LeBron. Thanks for watching. Good night. {roll Music video} {Insert copyright information} From rforno at infowarrior.org Thu Jul 8 21:04:35 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 8 Jul 2010 22:04:35 -0400 Subject: [Infowarrior] - Schneir: 'Cyberwar' hugely hyped Message-ID: <71369A0B-31B3-47E5-B4A7-37DE206E143C@infowarrior.org> Threat of 'cyberwar' has been hugely hyped By Bruce Schneier, Special to CNN July 7, 2010 -- Updated 1206 GMT (2006 HKT) http://edition.cnn.com/2010/OPINION/07/07/schneier.cyberwar.hyped/ Editor's note: Bruce Schneier is a security technologist and author of "Beyond Fear: Thinking Sensibly About Security in an Uncertain World." Read more of his writing at http://www.schneier.com/ (CNN) -- There's a power struggle going on in the U.S. government right now. It's about who is in charge of cyber security, and how much control the government will exert over civilian networks. And by beating the drums of war, the military is coming out on top. "The United States is fighting a cyberwar today, and we are losing," said former NSA director -- and current cyberwar contractor -- Mike McConnell. "Cyber 9/11 has happened over the last ten years, but it happened slowly so we don't see it," said former National Cyber Security Division director Amit Yoran. Richard Clarke, whom Yoran replaced, wrote an entire book hyping the threat of cyberwar. General Keith Alexander, the current commander of the U.S. Cyber Command, hypes it every chance he gets. This isn't just rhetoric of a few over-eager government officials and headline writers; the entire national debate on cyberwar is plagued with exaggerations and hyperbole. Googling those names and terms -- as well as "cyber Pearl Harbor," "cyber Katrina," and even "cyber Armageddon" -- gives some idea how pervasive these memes are. Prefix "cyber" to something scary, and you end up with something really scary. Cyberspace has all sorts of threats, day in and day out. Cybercrime is by far the largest: fraud, through identity theft and other means, extortion, and so on. Cyber-espionage is another, both government- and corporate-sponsored. Traditional hacking, without a profit motive, is still a threat. So is cyber-activism: people, most often kids, playing politics by attacking government and corporate websites and networks. These threats cover a wide variety of perpetrators, motivations, tactics, and goals. You can see this variety in what the media has mislabeled as "cyberwar." The attacks against Estonian websites in 2007 were simple hacking attacks by ethnic Russians angry at anti-Russian policies; these were denial-of-service attacks, a normal risk in cyberspace and hardly unprecedented. A real-world comparison might be if an army invaded a country, then all got in line in front of people at the DMV so they couldn't renew their licenses. If that's what war looks like in the 21st century, we have little to fear. Similar attacks against Georgia, which accompanied an actual Russian invasion, were also probably the responsibility of citizen activists or organized crime. A series of power blackouts in Brazil was caused by criminal extortionists -- or was it sooty insulators? China is engaging in espionage, not war, in cyberspace. And so on. One problem is that there's no clear definition of "cyberwar." What does it look like? How does it start? When is it over? Even cybersecurity experts don't know the answers to these questions, and it's dangerous to broadly apply the term "war" unless we know a war is going on. Yet recent news articles have claimed that China declared cyberwar on Google, that Germany attacked China, and that a group of young hackers declared cyberwar on Australia. (Yes, cyberwar is so easy that even kids can do it.) Clearly we're not talking about real war here, but a rhetorical war: like the war on terror. We have a variety of institutions that can defend us when attacked: the police, the military, the Department of Homeland Security, various commercial products and services, and our own personal or corporate lawyers. The legal framework for any particular attack depends on two things: the attacker and the motive. Those are precisely the two things you don't know when you're being attacked on the Internet. We saw this on July 4 last year, when U.S. and South Korean websites were attacked by unknown perpetrators from North Korea -- or perhaps England. Or was it Florida? We surely need to improve our cybersecurity. But words have meaning, and metaphors matter. There's a power struggle going on for control of our nation's cybersecurity strategy, and the NSA and DoD are winning. If we frame the debate in terms of war, if we accept the military's expansive cyberspace definition of "war," we feed our fears. We reinforce the notion that we're helpless -- what person or organization can defend itself in a war? -- and others need to protect us. We invite the military to take over security, and to ignore the limits on power that often get jettisoned during wartime. If, on the other hand, we use the more measured language of cybercrime, we change the debate. Crime fighting requires both resolve and resources, but it's done within the context of normal life. We willingly give our police extraordinary powers of investigation and arrest, but we temper these powers with a judicial system and legal protections for citizens. We need to be prepared for war, and a Cyber Command is just as vital as an Army or a Strategic Air Command. And because kid hackers and cyber-warriors use the same tactics, the defenses we build against crime and espionage will also protect us from more concerted attacks. But we're not fighting a cyberwar now, and the risks of a cyberwar are no greater than the risks of a ground invasion. We need peacetime cyber-security, administered within the myriad structure of public and private security institutions we already have. The opinions expressed in this commentary are solely those of Bruce Schneier. From rforno at infowarrior.org Thu Jul 8 21:05:54 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 8 Jul 2010 22:05:54 -0400 Subject: [Infowarrior] - More patent lunacy Message-ID: <1B53546A-F630-451F-9D7E-BEE13751BACC@infowarrior.org> Describing How To Create A Software Program Now Puts You At Risk Of Contributory Patent Infringement? from the for-the-purpose-of-teaching... dept http://techdirt.com/articles/20100708/04230710128.shtml A whole bunch of you have been submitting the following story from a Dutch developer who is being threatened by Landmark Digital, a BMI subsidiary which owns the patents on Shazam's music recognition technology, for writing a blog post describing how to build similar technology in your spare time. The story is a perfect example of the ridiculous situation with patents today. Basically, the guy noted that what Shazam does in recognizing music is really not that complicated, and explained how to create something similar yourself, which he did himself in a weekend. He had not released the code, but was planning to do so when the legal threats came in. The guy wondered what patents they were talking about specifically, especially considering that in Europe, the standards to patent software are much higher. In response, he was only told about two US patents (6,990,453 and 7,627,477 -- oddly, on that last one, Google still shows it as being patent pending, even though the patent was granted last year). The developer points out how silly this is: Why does Landmark Digital Services think they hold a patent for the concepts used in my code? Even if my code works pretty different from the Shazam code (from which the patents came). What they describe in the patent is a system which: 1. Make a series of fingerprints of a media file and/or media sample (such as audio, but could also be text, video, multimedia, etc) 2. Have a database/hashtable of fingerprints as lookup 3. Compare the set of hashtable hits using their moment in time it happened This is very vague, basically the only innovative idea is matching the found fingerprints linearly in time. Because the first two steps describe how a hashtable works and creating a hash works. These concepts are not new nor innovative. But, with a bit of imagination one could (possibly) argue that my code (again, written completely by myself in a weekend with some spare time) does the same thing as the patent describes. After talking it over with some attorneys, he realized that it probably wasn't worth the potential lawsuit to publish the code he wrote over the weekend, as ridiculous as that sounds. But then things got more ridiculous, as the lawyers for Landmark demanded he take down the original blog post as well, saying that it could teach others how to infringe the patent: As I'm sure you are aware, your blogpost may be viewed internationally. As a result, you may contribute to someone infringing our patents in any part of the world. While we trust your good intentions, yes, we would like you to refrain from releasing the code at all and to remove the blogpost explaining the algorithm. Great, so now we have to worry about contributory patent infringement as well? Are we really going to keep stretching third party liability to such ridiculous levels? Explaining to people how they might possibly build a simple app is now putting yourself at risk of liability? From rforno at infowarrior.org Thu Jul 8 21:58:44 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 8 Jul 2010 22:58:44 -0400 Subject: [Infowarrior] - How To Stop Cyberattacks: Diplomacy. Well, Maybe. Message-ID: <25880098-BE09-450C-BDE2-FF8D0E36EB3C@infowarrior.org> How To Stop Cyberattacks: Diplomacy. Well, Maybe. ? By Spencer Ackerman ? July 8, 2010 | ? 3:35 pm | ? Categories: Info War http://www.wired.com/dangerroom/2010/07/how-to-stop-cyberattacks-diplomacy-well-maybe/ If you attended today?s still-unfolding big cybersecurity confab in Washington, sponsored by the Armed Forces Communications & Electronics Association, you heard a parade of military officers and Obama administration officials say ? well, not a whole lot. It?s hard to defend against a cyberattack? Everyone ? civilian and military, public and private sector ? needs to work together and pool resources and information? Incentivize cooperation? The supply chain is vulnerable? U.S. Cyber Command is developing integrated planning and operational frameworks? And then there was Bruce Held. Held is the Department of Energy?s intelligence chief and he said he spoke from the perspective of a longtime intel hand. His answer to the cybersecurity problem: diplomacy. Well, sort of. For Held, it?s a probability issue. ?A static cyber defense can never win against an agile cyber offense,? he told a panel this morning discussing the prevention of catastrophic cyberattacks. ?You beat me 99 times, I will come after you 100 times. Beat me 999 times, I will come after you 1000 times, and we will beat you.? If you want to protect the nation?s electricity grid, beefing up security for it ? physical security, cybersecurity, etc. ? quickly becomes prohibitively expensive. ?You need a protection strategy,? he said, and that means you have to change the game. How? For starters, don?t compartmentalize cybersecurity as a job for the military?s new U.S. Cyber Command or the guardians of civilian networks at the Department of Homeland Security. Treat cybersecurity as component of a broad national defense strategy, rather than a techie-driven deviation from it. Unleash the diplomats and prepare the economic sanctions packages, in other words, if you want to prevent your servers from getting fried. To take it a step further: it?s about making an adversarial foreign power reconsider launching an attack. ?If you wish to influence my behavior, you have to impose risks and consequences on me,? Held continued. ?It does not have to be perfect. You just have to impact my behavior.? Someone?s been playing Diplomacy. Can you spot the presumptions behind Held?s contention? Sure you can. One: we?ll be able to attribute attacks to specific state actors. Well, will we? You can launch a cyber attack from proxy servers in third countries to conceal your identity. Brigadier General John Davis, the director of current operations for Cyber Command, said forthrightly during the same panel discussion that his ?number-one challenge? was developing ?situational awareness? of the cyberthreats that the U.S. faces. As an intel guy, Held said he thought the ?cyber people tend to make it impossible? to figure out who?s going after your networks. ?You don?t need the specific computer it?s coming from. You need to know what country it?s coming from.? But what about those third-country servers? Two: big cyberattacks are instruments of state power. Bands of hackers and cybercrooks aren?t diplomatic problems. They?re law enforcement problems. So Held at least implicitly reserved his remarks for something like a hypothetical bot attack that took out tens of millions of cellphone subscribers and then followed up with a strike on part of the nation?s electricity grid. That?s a nightmare scenario dreamed up by the Bipartisan Policy Center, an inoffensive Washington think tank earlier this year, for a kind of breathless dramatization of the threat, called Cyber Shockwave. Take a look: Something like that is unlikely to be ?just a hacker,? Held said. ?It?s close to a very unfriendly act. Some might say an act of cyber war.? General Davis indicated that Cyber Command is on a similar wavelength. One of the challenges for the new command is to ?wipe some of the routine threats off the radar,? he said, thereby allowing ?the intelligence community to focus on the sophisticated threats.? Whoa, say what? Does that mean that the new military command co-located within the National Security Agency is going to leave the most challenging cyber-defense ? and offense ? tasks to the spooks? Davis later clarified to Danger Room that he meant that the command wanted to ?put the basic cyber standards in place? across users of the military?s networks (you know, the sites ending in .mil) so the command wouldn?t waste time responding to phishing efforts. ?Don?t click on unknown or malicious software,? Davis said. ?Basic blocking and tackling.? CYBERCOM: your military tech support. Unfortunately, I wasn?t able to draw Davis out on what he meant by leaving the intel folks to focus on the ?sophisticated threats.? Cybercom remains something of a military/intelligence cipher text. Held, though, capped his point with an analogy. ?We never secured New York City from a Soviet nuclear attack,? he observed, ?but we protected it very well through the use of broader national deterrent powers.? In other words: Get ready for a Cyber Cold War. From rforno at infowarrior.org Fri Jul 9 07:14:38 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 9 Jul 2010 08:14:38 -0400 Subject: [Infowarrior] - REAL ID ... no, not that one... Message-ID: <7FF90A66-8B83-4907-B446-46960B9F723C@infowarrior.org> You'd think Activision would have come up with a better name than REAL ID...... just like how NSA calls their latest project "Perfect Citizen." -rick < -- > http://www.cryptome.org/ A few years back, Activision purchased Blizzard Entertainment (The developers of the online games World of Warcraft and Starcraft) the latter which has a sequel upcoming. On July 27th, they plan to change the way that their 12,000,000 customers public profiles work. Currently, when someone posts, it is entirely anonymous. They use their character name, which is simply an alias (much like an email). This upcoming change, known as REAL ID will make the entire community forum display the entire full names of EVERYONE and this 'feature' cannot be turned off or disabled. As you are well aware, this is going to cause massive problems and sets a terrible precedent for the gaming industry when it comes to anonymity. The official thread for feedback has females, minorities, gay and trans sexual individuals all posting out of fear asking the company not to implement these changes but they are doing so anyway. The feedback thread is located here: http://forums.worldofwarcraft.com/thread.html?topicId=25712374700&sid=1&pageNo=1 Taken from: http://forums.battle.net/thread.html?topicId=25626109041 From rforno at infowarrior.org Fri Jul 9 07:15:56 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 9 Jul 2010 08:15:56 -0400 Subject: [Infowarrior] - Italian news media on strike Message-ID: Silvio Berlusconi's 'gag law' sparks media strike in Italy Embattled prime minister hopes to pass privacy bill but editors and judges say he wants to hide from scandal ? John Hooper in Rome ? The Guardian, Friday 9 July 2010 ? Article history http://www.guardian.co.uk/world/2010/jul/09/silvio-berlusconi-media-gag-law ?The gagging law denies citizens the right to be informed? ? a front page in June condemns Silvio Berlusconi's bill. There will be no news in Italy today; or, at least, hardly any. That is not a prediction, but fact: none of the main newspapers are appearing because their reporters and editors are on a 24-hour strike. Today they are due to be joined by radio, TV and some internet journalists. The action is over a parliamentary bill proposing a law that Silvio Berlusconi's government claims safeguards privacy. Most of Italy's editors, judges and prosecutors say it is intended to shield politicians, and particularly the prime minister, whose career has been ridden with financial and sexual scandals. The so-called "gagging law" would curb the ability of police and prosecutors to record phone conversations and plant listening devices. It would also stop journalists publishing the resulting transcripts. Investigators seeking to listen in on a suspect would need permission from three judges. Regardless of circumstances, eavesdropping warrants would expire after 75 days, after which they must be renewed every three days. The National Magistrates' Association said it had very serious consequences: "The fight against crime will be much more difficult for police and investigating magistrates, while the administration of justice will be overwhelmed by bureaucratic demands that will make the operation of the system objectively impossible." The bill excludes mafia and terrorism investigations. But the police unions say it would cripple inquiries into offences such as moneylending and drug-trafficking which frequently lead investigators to organised criminals and terrorists. The media would only be able to publish a summary of the findings of an investigation after it had ended. While that may be no more onerous a restriction than applies in Britain, the editor of Italy's biggest-selling daily, Corriere della Sera, Ferruccio de Bortoli, argues it is "a bill tailor-made to shield members of the government from unwelcome investigation". He added: "If this were a normal country, and there were not these interested attempts to make the work of the prosecutors more difficult, we would be readier to countenance a measure to protect the privacy of individuals." Last year Berlusconi, aged 73, was severely embarrassed when leaks from an inquiry into corruption in the health sector revealed his private life, including parties at his Roman palazzo at which women outnumbered men by four to one. Some were prostitutes. One handed prosecutors recordings she made, allegedly of the prime minister's pillow talk, which ended up on the internet. In May Berlusconi was given a further reminder of the power of the press and the prosecution service when he reluctantly said goodbye to his industry minister, Claudio Scajola, who was reported to have been involved in a shady property deal. But recent weeks have shown the bill to be double-edged. Opposition to it has offered a cause to dissidents within Berlusconi's Freedom People (PdL) movement, dissidents led by Gianfranco Fini, the governing party's co-founder. This week, Fini, a former neo-fascist who now presents himself as a standard bearer of enlightened, Cameronian conservatism, declared there was "never enough press freedom in a great democratic nation". The gagging law is to enter the last stage of its parliamentary journey on July 29. There is speculation that, unless a compromise can be reached, the final vote could split the PdL. Fini does not have enough supporters to rob the prime minister of his majority, but if they began even to abstain they would condemn Berlusconi to a legislative nightmare of endless, razor-edge votes in parliament. Before the end of the month, however, the increasingly embattled prime minister faces another challenge, in securing approval for an emergency budget his government says is needed to save Italy going the way of Greece. It aims to narrow Italy's widening budget deficit by almost ?25bn over the next two years, mainly through spending cuts the government has deftly passed on to local authorities. This week Berlusconi called a confidence vote to force the measure through parliament. But, as he told a television interviewer yesterday, that means: "If we don't win, we go home." He would be constitutionally bound to resign if he lost.That looks unlikely. The PdL has a majority of 60 in the 630-seat lower house and one of more than 30 in the 315-seat senate. But as the likely impact of the cuts, particularly on health and welfare services, have become daily more apparent, Berlusconi's popularity has tumbled. A poll in Corriere della Sera yesterday showed his approval rating at 41% ? down nine percentage points in six weeks. It found that 57% of those interviewed had a negative opinion of his ability to govern, compared with 48% at the end of May. Most worryingly of all for the government, the poll registered a seven percentage points drop in Berlusconi's popularity among his own voters. Another factor is his handling of a scandal given wide publicity. Last month he created a place in his cabinet for one Aldo Brancher. Like so many Berlusconi followers, the new minister for decentralisation and subsidiarity had once been an executive in his business empire, where he was remanded on charges of illegally funding the Socialist party, whose leader was Berlusconi's most prominent sponsor. Though found guilty at trial and appeal, Brancher was saved at the highest level of the judicial system by technicalities. Now he is back on trial, charged this time with embezzlement. Opposition politicians claimed he was given a seat in the cabinet purely so to take advantage of a law passed in March enabling ministers to block trials while in office by first insisting on their right to appear in court and then crying off, using official duties as the reason. Five days after being sworn in, Brancher duly invoked the "law of legitimate impediment", sparking outraged criticism that forced the prime minister into a U-turn. Last week he told his colleague that he would have to go, and on Monday Brancher announced his resignation ? appropriately enough, in the court where he is being tried. The affair demonstrated there are limits to Berlusconi's power. But it highlighted another point. At the origin of Brancher's indictment was a bank scandal which began in 2005 when transcripts were published of conversations involving the then governor of the Bank of Italy. The public might have known nothing had the gagging law proposed to safeguard privacy then been in force. Courtroom notoriety December 1997 Medusa Cinema case: Berlusconi sentenced to 16 months in jail for false accounting of 10bn lire. Appealed and acquitted. May 2000 Milan court overturns a bribery conviction. Found guilty on four counts and sentenced to two years and nine months in jail. However, the statute of limitations expired for three of the charges. Acquitted on the fourth on appeal. June 2001 A court of appeal upholds the acquittal on bribery charges in connection with his acquisition of the Mondadori publishing house, but ordered his one-time attorney Cesare Previti and three others to stand trial again. October 2001 Celebrates acquittal on bribery charges with a letter to the Corriere della Sera newspaper in which he hails the verdict as a defeat for "politicised magistrates". July 2003 Compares German MEP to a concentration camp guard. February 2009 British tax lawyer David Mills sentenced to 4? years over illegal payments for Berlusconi. Sentence quashed in February 2010. June 2009 Three women claim they were paid to attend parties at Berlusconi's official Rome residence. One releases tapes of encounters. July 2010 Berlusconi introduces a law limiting the use of wiretaps by police. From rforno at infowarrior.org Fri Jul 9 07:48:24 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 9 Jul 2010 08:48:24 -0400 Subject: [Infowarrior] - SCO is baaaaack! (appeal) Message-ID: My gods I would love to be on their legal team. I could effing retire from these guys. -rick SCO Appeals. Yes. Them Again. - Updated Wednesday, July 07 2010 @ 08:24 PM EDT SCO has filed its notice of appeal. They're appealing everything, in short, or they'd like a new trial. Because three trials isn't enough when you're not having fun. Speaking of which, I confess. I'm so sick of SCO I could spit. http://www.groklaw.net/article.php?story=20100707202429776 From rforno at infowarrior.org Fri Jul 9 08:09:29 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 9 Jul 2010 09:09:29 -0400 Subject: [Infowarrior] - Microsoft opens source code to Russian secret service Message-ID: <5B1EA59A-4266-41DA-8695-54AF90BB3D22@infowarrior.org> This story was printed from ZDNet UK, located at http://www.zdnet.co.uk/ Story URL: http://www.zdnet.co.uk/news/security/2010/07/08/microsoft-opens-source-code-to-russian-secret-service-40089481/ Microsoft opens source code to Russian secret service By Tom Espiner, 8 July 2010 16:56 Microsoft has signed a deal to open its Windows 7 source code up to the Russian intelligence services. Russian publication Vedomosti reported on Wednesday that Microsoft had also given the Russian Federal Security Service (FSB) access to Microsoft Windows Server 2008 R2, Microsoft Office 2010 and Microsoft SQL Server source code, with hopes of improving Microsoft sales to the Russian state. The agreement will allow state bodies to study the source code and develop cryptography for the Microsoft products through the Science-Technical Centre 'Atlas', a government body controlled by the Ministry of Communications and Press, according to Vedomosti. Microsoft Russia president Nikolai Pryanishnikov told Vedomosti that employees of Atlas and the FSB will be able to share conclusions about Microsoft products. The agreement is an extension to a deal Microsoft struck with the Russian government in 2002 to share source code for Windows XP, Windows 2000 and Windows Server 2000, said Vedomosti. A senior security source with links to the UK government told ZDNet UK on Wednesday that the 2002 deal was part of Microsoft's Government Security Program. Nato also signed up, said the source. Having a number of different governments with access to Microsoft code meant it was possible that a government could find holes in the code and use it to exploit another nation-state's systems, said the source. ZDNet UK blogs Sentry Posts Blog From rforno at infowarrior.org Fri Jul 9 09:06:26 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 9 Jul 2010 10:06:26 -0400 Subject: [Infowarrior] - Pew Internet: Online sharing a lifelong habit for millennials Message-ID: <7134FCC2-362B-4A1F-97B2-F3F98BDA5A63@infowarrior.org> Millennials will make online sharing in networks a lifelong habit by Janna Anderson, Lee Rainie Jul 9, 2010 Overview Tech experts generally believe that today?s tech-savvy young people ? the ?digital natives? who are known for enthusiastically embracing social networking ? will retain their willingness to share personal information online even as they get older and take on more responsibilities. Experts surveyed say that the advantages Millennials see in personal disclosure will outweigh their concerns about their privacy. Learn more about the Millennial generation at http://pewresearch.org/millennials/ About the Survey The survey results are based on a non-random online sample of 895 internet experts and other internet users, recruited via email invitation, Twitter or Facebook from the Pew Research Center?s Internet & American Life Project and the Imagining the Internet Center at Elon University. Since the data are based on a non-random sample, a margin of error cannot be computed, and the results are not projectable to any population other than the experts in this sample. http://pewinternet.org/Reports/2010/Future-of-Millennials.aspx From rforno at infowarrior.org Fri Jul 9 18:17:42 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 9 Jul 2010 19:17:42 -0400 Subject: [Infowarrior] - Judge Slams RIAA, $675k Fine Ruled Unconstitutional Message-ID: <1F2CE9F4-6DE5-4E16-80A6-BB15EF57F8EE@infowarrior.org> Judge Slams RIAA, $675k Fine Ruled Unconstitutional Written by Ben Jones on July 09, 2010 http://torrentfreak.com/judge-slams-riaa-675k-fine-ruled-unconstitutional-100709/ Another break happened today in the RIAA?s case against Boston University student Joel Tenenbaum, as the $675k fine was reduced by 90%. The judge in the case criticised the RIAA and held that the jury?s damages were unconstitutional. Even the reduced fine is described as ?severe, even harsh? by the District Judge. In the US there have been two major file-sharing cases against individuals that have gone to trial. In both cases the RIAA was initially awarded hundreds and thousands of dollars in damages, but in both cases these were slashed on appeal. In the RIAA?s case against Jamie Thomas, the jury-awarded damages were reduced significantly as the excessive damages were ruled to be unconstitutional. Today, the same thing has happened with the case against Boston University student Joel Tenenbaum. The ruling issued by District Judge Nancy Gertner states that the constitutional issues are clear, and that attempting to avoid the constitutional challenges (that the damages are excessive in proportion to the crime) by reducing the damages would be the best way to handle these. The verdict comes as no surprise to many, and may even come as a relief to the RIAA, who have faced some negative publicity over the damages awarded. It?s unclear, though, if this modification will stand, as the RIAA will have to accept it. If they don?t, a retrial will be called. Judge Gertner finds a retrial likely, stating in the judgment: ?The plaintiffs in this case, however, made it abundantly clear that they were, to put it mildly, going for broke. They stated in open court that they likely would not accept a remitted award.? ?The Constitution protects not only criminal defendants from the imposition of ?cruel and unusual punishments?, but also civil defendants facing arbitrarily high punitive awards,? Gertner added. The meat of the subject can be found on page 6, though. I reduce the jury?s award to $2,250 per infringed work, three times the statutory minimum, for a total award of $67,500. Significantly, this amount is more than I might have awarded in my independent judgment. But the task of determining the appropriate damages award in this case fell to the jury, not the Court. I have merely reduced the award to the greatest amount that the Constitution will permit given the facts of this case. There is no question that this reduced award is still severe, even harsh. It not only adequately compensates the plaintiffs for the relatively minor harm that Tenenbaum caused them; it sends a strong message that those who exploit peer-to-peer networks to unlawfully download and distribute copyrighted works run the risk of incurring substantial damages awards. Tenenbaum?s behavior, after all, was hardly exemplary. The jury found that he not only violated the law, but did so willfully. Reducing the jury?s $675,000 award, however, also sends another no less important message: The Due Process Clause does not merely protect large corporations, like BMW and State Farm, from grossly excessive punitive awards. It also protects ordinary people like Joel Tenenbaum This judgment relieves some of the PR pressure around the RIAA. While they were clearly happy with the height of the damages, hoping it would intimidate filesharers, it also became a rallying cry for others. The reduced damages proposed by Judge Gertner may silence the opposition to some extent, and reduce the impact of campaigns. Joel Tenenbaum was somewhat relieved upon hearing the verdict. In a telephone interview with the Boston Globe he said: ?Obviously, it?s better news than it could have been. But it?s basically equally unpayable to me.? Even if he could pay it, none of the money ? be it $675,000, or $67,500 ? would find its way into the pockets of the artists whose songs were involved. The RIAA told TorrentFreak that the damages will be used to fund new anti-piracy campaigns instead. Whether or not there will be a retrial, the current verdict is a blow to their anti-piracy campaigns, while the Constitutional concern may preclude any further strengthening of copyright laws and punishments in the near future. Breaking story? From rforno at infowarrior.org Fri Jul 9 18:19:32 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 9 Jul 2010 19:19:32 -0400 Subject: [Infowarrior] - Blizzard backtracks on real names Message-ID: <680C7E85-4022-44FD-B1F8-CE714951A1DC@infowarrior.org> Regarding real names in forums 07/09/2010 09:47:41 AM PDT http://forums.worldofwarcraft.com/thread.html?topicId=25968987278&sid=1 Hello everyone, I'd like to take some time to speak with all of you regarding our desire to make the Blizzard forums a better place for players to discuss our games. We've been constantly monitoring the feedback you've given us, as well as internally discussing your concerns about the use of real names on our forums. As a result of those discussions, we've decided at this time that real names will not be required for posting on official Blizzard forums. It's important to note that we still remain committed to improving our forums. Our efforts are driven 100% by the desire to find ways to make our community areas more welcoming for players and encourage more constructive conversations about our games. We will still move forward with new forum features such as the ability to rate posts up or down, post highlighting based on rating, improved search functionality, and more. However, when we launch the new StarCraft II forums that include these new features, you will be posting by your StarCraft II Battle.net character name + character code, not your real name. The upgraded World of Warcraft forums with these new features will launch close to the release of Cataclysm, and also will not require your real name. I want to make sure it's clear that our plans for the forums are completely separate from our plans for the optional in-game Real ID system now live with World of Warcraft and launching soon with StarCraft II. We believe that the powerful communications functionality enabled by Real ID, such as cross-game and cross-realm chat, make Battle.net a great place for players to stay connected to real-life friends and family while playing Blizzard games. And of course, you'll still be able to keep your relationships at the anonymous, character level if you so choose when you communicate with other players in game. Over time, we will continue to evolve Real ID on Battle.net to add new and exciting functionality within our games for players who decide to use the feature. In closing, I want to point out that our connection with our community has always been and will always be extremely important to us. We strongly believe that Every Voice Matters, ( http://us.blizzard.com/en-us/company/about/mission.html ) and we feel fortunate to have a community that cares so passionately about our games. We will always appreciate the feedback and support of our players, which has been a key to Blizzard's success from the beginning. Mike Morhaime CEO & Cofounder Blizzard Entertainment From rforno at infowarrior.org Sat Jul 10 18:26:35 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 10 Jul 2010 19:26:35 -0400 Subject: [Infowarrior] - Waiter! No check, please! Message-ID: Waiter! No check, please! July 6, 2010 ? http://www.itworld.com/print/113139 My wife and I had lunch at a horrible restaurant in San Francisco Saturday called Santorini. After suffering through a hideous meal, we just wanted to get out of there, but our waiter was nowhere to be found. It was a hostage situation. Which got me thinking: Why do we cling to the obsolete ritual of paying restaurant checks the way we do? Here's the process as I understand it: 1. Waiter uses a pen to write down the customer's order on paper. 2. Waiter carries paper to the restaurant's point-of-sale (POS) device, which is just a PC running restaurant-specific software, and hand-enters the order into the computer to make it digital. 3. Customer tries to get the attention of the waiter, and makes a goofy "writing" gesture to ask for the check. 4. Waiter prints out the digital order information to put it on paper again, and delivers the printout in a vinyl folder, for some reason. 5. Customer takes a piece of plastic called a credit card out of wallet, and sticks it in a little plastic holder cleverly glued to the inside of the vinyl folder, and waits for the waiter to eventually come collect it. 6. Waiter carries the credit card and bill back to the POS system, swipes credit card, gets an OK from the credit card company, then prints out the credit card processing paperwork in duplicate. 7. Waiter carries the bill back to the table, along with the restaurant's copy of the credit card paperwork and the customer's copy all in the folder with a cheap pen (in hopes that the customer won't "accidentally" make off with the pen). Waiter is now friendly for the first time, knowing that the customer is about to make a decision about the tip. 8. Customer uses cheap pen to add tip, does math by hand to arrive at a total, then signs the check. 9. Waiter carries the paperwork back to the POS computer and hand-enters the data hand-written on the credit card information so its digital again. All this raises several questions, including: * Why are restaurants the only places where we trust strangers to carry our physical credit cards out of site to a place where there are other strangers (the physical credit cards show everything strangers need to know in order to use that credit card, including the 3-digit security code on the back)? * The information involved in the sale has to be digital for the restaurant. But why does it have to be presented on paper for the customer? * Why does everyone accept a system that involves idiotically converting data from paper to digital to paper to digital to paper and back to digital, just to process payment for a sandwich? * In age when everyone has an Internet-connected computer in their pocket or purse, why do we accept this bizarre sneakernetting of simple data back and forth in a restaurant? Obviously, the restaurant ordering system is from the Spanish Inquisition. There has got to be a better way. Maybe that better way comes from Google. Google unveiled last week a Chrome extension for Android called Android Payment Extension that enables POS functionality to happen on an Android phone. That means restaurants and other businesses could set up Google Checkout merchant accounts, use the Google Checkout Store Gadget Wizard to set up a custom template, then use the Android Payment Chrome Extension to create a cart that involves a QR code to be scanned by the customer. For restaurants, I have a better idea. As soon as customers sit down, the waiter presents the option for online ordering. Customers who select that option can punch in the restaurant's site, choose the ordering menu, select the items desired, confirm or, then buy it as if you were buying a book on Amazon.com. At the end, you could add a tip in cash or via the ordering system. All this could be handled by Google Checkout, or any number of other systems. The order is placed, the food is paid for (before it's even delivered to the table), and the customers aren't held hostage at the end. Restaurants wouldn't need as many waiters because there wouldn't be so much busywork running back and forth to the POS machine, hand-keying data and re-printing it. Customers would be happier because the waiter couldn't misunderstand their order, and they wouldn't have to wait for all that check processing gymnastics. In fact, this is pretty much how my local pizza delivery joint works. They have a web site that knows my credit card info, my address, and even lets me save my favorite orders. If they can do this for delivery, why couldn't they do it when I'm sitting in the restaurant? The Android Payment Extension is nice. But I'd love to see Google get aggressive with restaurant-specific POS processing. From rforno at infowarrior.org Sun Jul 11 10:13:54 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 11 Jul 2010 11:13:54 -0400 Subject: [Infowarrior] - Fusion Centers Reinventing The Wheel Message-ID: Do we really need to fund government centers that release stuff like this? What's wrong with some intelligence analyst just passing along any of the plain-English advisories released by the antivirus vendors on this? How much $$$ is wasted reinventing -- er, re-analysing -- stuff like this and/or rebranding stuff by others? Louisiana Fusion Center Fake Anti-Virus Malware Warning http://publicintelligence.net/ufouo-louisiana-fusion-center-fake-anti-virus-malware-warning/ From rforno at infowarrior.org Sun Jul 11 14:55:16 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 11 Jul 2010 15:55:16 -0400 Subject: [Infowarrior] - The Darknet: A Digital Copyright Revolution Message-ID: c/o MS The Darknet: A Digital Copyright Revolution By Jessica A. Wood Richmond Journal of Law & Technology Volume XVI, Issue 4 Cite as: Jessica Wood, The Darknet: A Digital Copyright Revolution, XVI Rich. J.L. & Tech. 14 (2010), http://jolt.richmond.edu/v16i4/article14.pdf . Introduction [1] We are in the midst of a digital revolution. In this "Age of Peer Production," armies of amateur participants demand the freedom to rip, remix, and share their own digital culture. Aided by the newest iteration of file sharing networks, digital media users now have the option to retreat underground, by using secure, private, and anonymous file sharing networks, to share freely and breathe new life into digital media. These underground networks, collectively termed "the Darknet[,] will grow in scope, resilience, and effectiveness in direct proportion to [increasing] digital restrictions the public finds untenable." The Darknet has been called the public's great equalizing force in the digital millennium, because it will serve as "a counterbalancing force and bulwark to defend digital liberties" against forces lobbying for stronger copyrights and increased technological controls. [2] This article proposes a digital use exception to existing copyright law to provide adequate compensation to authors while promoting technological innovation, and the creation and dissemination of new works. Although seemingly counterintuitive, content producers, publishers, and distributors wishing to profit from their creations must relinquish their control over digital media in order to survive the Darknet era. Absent a government-granted monopoly, free market forces will provide adequate incentives to producers to create quality works, and an efficient dissemination infrastructure will evolve. [3] Part I examines the prospect that, due to the Darknet, it is virtually impossible to control digital copying. Peer production is increasing and darknets are becoming more prevalent. Liability rules, stringent copyrights, and technological protection measures stifle innovation, smother creation, and force consumers further underground into darknets. The Darknet poses a particular threat because it is impossible to track or proscribe user behavior. Further, the presence of the Darknet will render technological protection measures unenforceable, or at least impracticable, as a solution for digital copyright management. Part II introduces a digital use exception for copyright to deter development of the Darknet. The proposed copyright shelter is the solution most closely aligned with the goals of copyright, and a monopoly is no longer necessary or practical to accomplish those goals in the digital realm. Part III explores methods by which content creators, publishers, and distributors can profit under this new rule. Absent copyrights for digital works, service providers will capitalize on alternative business methods and data mining. Driven by necessity, they will commission the production of new works. ... From rforno at infowarrior.org Sun Jul 11 18:51:11 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 11 Jul 2010 19:51:11 -0400 Subject: [Infowarrior] - DARPA BAA on homomorphic encryption Message-ID: <7E43E80C-98B5-4F24-8192-4CBB11C007BB@infowarrior.org> c/o IP "There?s a new DARPA BAA on homomorphic encryption: https://www.fbo.gov/utils/view?id=11be1516746ea13def0e82984d39f59b The goal is to create practical implementations of an idea that only recently has been shown to be possible in theory. That a computation could be performed over data that remains in encrypted form throughout the entire computation. In effect, the computer would execute a program without ever being able to discern any of the computed values. The possible applications of this are far reaching. For example, you could let a cloud facility do all of your computing work without any possibility that any of your private information would be divulged. " From rforno at infowarrior.org Sun Jul 11 19:31:40 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 11 Jul 2010 20:31:40 -0400 Subject: [Infowarrior] - ZeroHedge offers to support Wikileaks concept Message-ID: <08C28975-3FA1-4B5E-B8C1-7A3CB35F0CEC@infowarrior.org> (via Cryptome) Subject: WikiLeaks support, etc. Date: Sun, 11 Jul 2010 17:07:13 -0500 *** BEGIN PGP DECRYPTED/VERIFIED MESSAGE *** Dear Cryptome: We at Zero Hedge have watched with interest (and some horror) the Wikievents of the last several weeks. Of particular notice to us recently has been the complete inability (or unwillingness) of Wikileaks to release any new material not related to the self-promotion of its ubiquitous figurehead "Julian Assange." Despite a massive budget, it would seem more than an order of magnitude larger than ours, the Wikileaks enterprise seems totally unable to do more than tweet pleas for patience while sending Mr. Assange to, e.g., Brussels to debate freedom of expression. Where are the millions of documents leakers risked to liberate? This is quite sad for us to see, as we were some of the earliest and most enthusiastic supporters of Wikileaks, as individuals as well as under the umbrella of "Zero Hedge." We currently run and maintain our own servers for Zero Hedge and see in excess of 500,000 hits per day on normal days, with spikes to nearly a million if something interesting is going on. We've recently upgraded our infrastructure (multi-homed in some of the same jurisdictions Wikileaks uses, as it happens) to deal with our own growth. Consequently, we have quite a bit of spare capacity and bandwidth right now, as well as sufficient financial means to secure same for the foreseeable future. We are long time Cryptome readers, and fairly crypto and INFOSEC savvy (we even have an early member or two from the original cypherpunks list among our senior staff, though none connected with Wikileaks). We manage sensitive sources on a nearly daily basis. We fight any number of frivolous takedown and legal challenges from well resourced institutions (investment banks, hedge funds, etc.) monthly. As individuals and an organization, we seek to avoid, rather than ravenously pursue, press of any kind. (We get enough headaches from the media without even trying, thank you very much). Moreover, while we are focused on finance, we are philosophically aligned with the ORIGINAL premise and mission of Wikileaks: The liberation of raw data. Our "manifesto" might give you an idea of the sorts of goals that drive us: http://www.zerohedge.com/about We have no doubt that directly contacting Mr. Assange would serve no real purpose, as it would seem control of even an inactive Wikileaks is something Assange would never willingly relinquish. Nor, given the allegations about the personal use of donor funds, would we be willing to associate ourselves with Mr. Assange until a full accounting were made. We seriously doubt this will ever come to pass. The figures currently claimed by the organization as needed funds are FAR in excess of what is even plausibly required for such a firm- given our experience running what is now a "Top 100" Technorati site (and consistently Top 1 or Top 2 in the Business category) for the last 18 months. Unfortunately, it seems impossible to contact Wikileaks directly without passing an Assange filter first, so we have not bothered to offer our help directly to Wikileaks. We would, however, be quite interested in hearing from other members of the organization how we could help return Wikileaks to its roots. At the moment we aren't sure what form that might take. Clearing house for data? Secure submission node? Research and analysis? Managing sources and source material? Whatever the case, it is a huge pity to watch the continued squandering of Wikileaks, both as a concept and an execution. Perhaps, given your apparent status as an interim contact point for the Wikileaks rank-and-file, this note might be helpful. Please feel free to post this material as you see fit under the header "An Open Letter to Wikileaks Insiders." "Marla Singer" co-founder Zero Hedge http://www.zerohedge.com marla[at]zerohedge.com PGP Key: -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.9 (Darwin) mQGNBEoOX00BDACy65I/sjcn9FT8J4JMkcH4vI6xpDeQIWuNRlNNURstyXYCwD6b SaOzCm7DBFKgC9RhO5SXw1Fmeco+/OC5JQInGjIe+XGEtBWfRfvTP/5/pagWFnGE NvKgOZ4SCTLTzj2GuESakL7oHykiZk09d/15L8lTqezB1of++2mbVXr+pi04ojw+ Az6r43s7rHRz/SuR89JjsbL9BcrjsljU1oNFAQLRtTUUY/4+c5vEl+bThwd7f/aW RBoYWYCeGi+3fslV97A4niGdOfkXYU+iBePZJ63fmL0NSoz5t8ThAxFsdf4+Ad9y jjlBnRVDZvYwCS+nAz4dxZJhUvDWdXSsXnRN6sVtBB9Ocptr9MPl6bfS1prUbbNJ MGDKGCiYJIFwqQ7hJA9GBFUYFfe+mpf8whyj62RzdMwxlp6Bqz38sUJ0ntEAqz6S 3JkqS43E/yA8WeYfRGxOZCJ+Yv/vOkBm4CF6+L3jPv/5TgcaqahO7beGDVyQbqFm r9t+qoZTglRkh9EAEQEAAbQiTWFybGEgU2luZ2VyIDxtYXJsYUB6ZXJvaGVkZ2Uu Y29tPokB8AQQAQIAWgUCSg5fTQUJA8JnADAUgAAAAAAgAAdwcmVmZXJyZWQtZW1h aWwtZW5jb2RpbmdAcGdwLmNvbXBncG1pbWUFCwkIAgoCGQEFGwMAAAADFgIBBR4B AAAAAxUKCQAKCRDdDMsEwHJ6iQSzC/oCnxwNVO67jaAjEh7a+tvc4Na8NjPiHIUz SzndBEsqcw3Ost+l2Z7wWj5dXoksaE0MAZP3BFg38g98+vb2HVXPF+sb366WPBD7 AXpLre+X/s2O7yVgZAxmvKPo30oekVenjPCn1CZthqvWv3MKcfS5sdhjK+5w5qkw bSoUE8klxvqM7MKPnmiHchDIjhetnFoC12iTAY1E79jDpnSTFqDsrV+3pIPVVwly JYBl4dbTAtq6fhh36r7YaERn6l5smeHJZJ5CQWpOXEjjAa5m2GGxYzlYGPJo1LdW pimTmeXdc+LvigO/RIGjVmECbbU0tyfmkEKwmtj68B6rn+FUxrc59e+MrFtbVAYO rCt22l87UJZ7kcoEnJjtgL6C89eeYEJ6OCxBkVdZQzkiIIaJf7f2uJDR5Y2dIVmj B40LXqIKeUlQB2292l4ZyamwvDaw/xViRejEBODUMteLnrJpRWUCJORyvUf5ffeF AM6vmIYX3sV9AR/Y5UFFLq4YcJ7xIWC0I01hcmxhIFNpbmdlciA8bWFybGFAemVy by1oZWRnZS5jb20+iQHtBBABAgBXBQJKDl9QBQkDwmcAMBSAAAAAACAAB3ByZWZl cnJlZC1lbWFpbC1lbmNvZGluZ0BwZ3AuY29tcGdwbWltZQULCQgCCgUbAwAAAAMW AgEFHgEAAAADFQoJAAoJEN0MywTAcnqJiaIL/R0HolosoQWm+hOq6xTy2KCGTpF9 vwwa2J5WD5Lf2lRAi4muf693dHTGLXtlGFWywAhSIWkaq6X+rIK3g+cK6Ii9iH7s yk61OpFd1dVwRvX8pNUPmXqVZqkj8W9Y3OpDlJie7/6bqlB1Vezx/FWy2XR6jOI6 pbQ/T7HalhtVdEWlKZBWfivg8JkCL6zWq5mnI0PD0zmXVpqxB2DQauglTC446kK0 9HAMdIyHARGpPFBkas5JdCahCsN+fIraoBll93o2rBPr+DvzMi3p42DDemzPH8rs RhnLZ/c0cuAQK7fx8a7DGgViqGyHCezXkkEzY+Q5graJuEja6UmkQRHIJGGxJLoK OwMOY8N0l+T85dlPXmkjqsDxnkY9wZSoK42tuLnz51NMWzoNSY3xROTrCmEupSk4 7rioLoli0GhEkAW/rX+qZoa32PuiwUaIO0q9Q3LNONZiOsAiIV8lU1bmtwS4Ygm+ qLSU4Ho6ya09vaNqrrm5h59rrg7Lg9SCTyEvK7kBjQRKDl9QAQwAsTrQGqdgXcCb rpmb2gTm58yXQV3VVHGKnU7yhE/hE1ie7fyUySkM1lArUDHhgh6qSEUeQudsCwYL 5EHU8Pi966y7E/zEJSIxBgYc8arFR6DPkQwSN1hQoxQnk7eO4v+n/+cDbCT7uven J1nw4LbhkhDHIRw43spSs8LTCH81ir3PzmciY+5azwEQkklzjNzp1H+d3Ejq0du/ /rQDESy3SIa0It6r6dxJethEb0/7TgMg1iy1GmkVholsQqiIqg6cmm7PCXhP1jMW zik5DEPm/f7gszuN+fip3TeqfdUSMsKD2Ce1OXlAINpeyEvV3cUSn4RbbQwStwfG sTi1BCIfCbRYHw70Jq8lTSN55MhuNCxg2DInth0KBm7HnrTI1+7xA4l500mLK9qQ VxEbjXhCNDwuv7+FTZoWTk5ukSPZb0kAdmdn89iup6OA4xPrgTZ8ge5uuqEVvxh8 G0SSegrBeEThZBPsMeWGYU4v56xC2QZG1HrD/7kdKb20FqdQavw1ABEBAAGJA0cE GAECAbEFAkoOX1EFCQPCZwAFGwwAAADA3SAEGQEIAAYFAkoOX1AACgkQN6FL6raB 50Dmdwv+O6P3oOREF1fNWyTKLCQD7ipLJuJK0DVC5TmjFaM6muLPaHRKVF284C4u rwWADVuyPmb/iXGJPnvVzXJ6GmboYJwxSEAlns9SFoMiljD7YF/GYB68SpsdqtFz Y60augzM2efZTH6ShA+850oDyR8dMryLiB07sDrwOOdhyErcEBB1KydBqr5hscQB tPOse+sAx9f2hPBir727uPAoYxYN/ZvyJ7d98xxPysiyPRYA0QWq8ZTnqEMSXAFh elqFXnK6sE1gp3oKAh7SEG1ZodD4UbaiK60J4v+jGT18MmcS1L37nE32BUMYrVFi 5Vep4RZfxViTApH0jZayAYKxHNgYwQfFJiRBnwU+soD3dMZagzhYqHv5lr1JyLBl cX0gN8xTsvXw3ne+Z/kvG/RuipkxyjkxnHM9peVUifV26++LYd9Zaz0juB1Y5d6R RftSKXuRDRy0jo3WPYTTU3/gnViuda8+cq8RwVswxvLKk9MNaNepCJLZ/U0VxEtl uF+ww6OIAAoJEN0MywTAcnqJzCkL/2FHThW+iVaF52BEpJgLCBzabvd4keAm1jyW IOKpmf1fXK4jIef5CvDCH3L3+jjf8IoCdpjcqeUHBw5f4FllEfFbwfyf96/Js3h6 vIggoCsiz7RguZa0RdOX+KxSzwMoGiZHTD5gSkq+cfS43KCJh/XanqO1gZsgkEk7 v6KBJ/AKRpnWjwB7K0Y9yVKTAO24E19aUIJAU50/SMM+x+BOtgAFjtgpIHzttMxz r1NBWkPlWdcmjoOjQ2yR8Xg+sgZEBYXMxpsvvl+w7+vu9Co5ew2dudhx/a479Yup UL3r/syk44D1FkV36kvwcY077bzl1Ks3BrlGO/omq8QF5htYy0WmTfvbFKbVyXz9 +2iyFTqtLlHQW/KlrnsAcZKSwFeo6lPrTQHkBOvglEjt4PA3SpimS0lxeQIg+BAI z5n//UrLpBv7Fk7QAuvARv2bSnXoJrqiaMlB1zzn9cIofc+T3D2fBzg9ihQHGzaM XhXp7+2oAU4BH6aQ8yI8bsdF0vftYg== =3irm -----END PGP PUBLIC KEY BLOCK----- *** END PGP DECRYPTED/VERIFIED MESSAGE *** From rforno at infowarrior.org Mon Jul 12 07:53:49 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 12 Jul 2010 08:53:49 -0400 Subject: [Infowarrior] - Identity management is a pain in the backside Message-ID: like.....DUH. -rick Identity management is a pain in the backside http://www.theregister.co.uk/2010/07/12/practicalities_of_provisioning/ By Jon Collins, Freeform Dynamics ? Get more from this author Posted in IT at the coalface, 12th July 2010 12:14 GMT Workshop Identity management in the corporate environment is complex - not to mention, at the coalface, a pain in the backside. In the real world in which you work, password resets are one of the most commonly cited causes of help desk stress ? and that?s an identity management problem. People leaving the company and still having access to corporate systems? An identity management problem. Users stumbling onto a fileshare and finding a salary spreadsheet? Careless exec lost a phone and needs a new one? Identity management problems, both of them. We can debate what exactly identity is, but in corporate environments things are relatively mundane: any person working for a company needs access to systems and services, which should be provisioned accordingly. As the person changes roles, as systems change and new devices get deployed, access rights will need to be added, revoked and modified. Given that none of these challenges are particularly new, it would be comforting to think it was all sorted by now. A few years ago we conducted some research into system access, password control and provisioning. The scale of the problem was starkly illustrated by Figure 1 below, which showed how many applications users needed to access. Figure 1 We asked what identity management might look like by now. At the time we predicted how much easier it would be when we stopped using passwords and upgraded to multifactor techniques in general, and biometrics in particular (Figure 2). Figure 2 Perhaps you have done this. If you have, tell us if it has solved your problems, because most organisations have not. Meanwhile the complexity of identity management has increased ? organisations are more distributed, data volumes are rising, and users expect to access more applications in more places. It?s a brave new world we?re heading into, but we?re riding on the same old, creaky ship. The first step towards successful provisioning is to know what should be provisioned, and to whom. There is a triangle of relationships between people, the roles they occupy, and the systems, information and assets they are authorised to access, because you cannot authorise anything without defining who should be authorised, and why. In the real world, we make assumptions. Most organisations have more assets in use than they formally know about; many deployments take place under the radar, without the IT department being aware of them. If you are not on top of this, you can't reap the benefits of provisioning. Second, provisioning is, by its nature, event-driven. From the "people" perspective, someone joins or leaves the company, or a changes role; meanwhile, from a systems-and-service perspective, this require modification to who needs access, and to what. Third, provisioning is a process, not a one-off operation. You need someone who is responsible for putting reporting lines in place, conducting regular reviews, revisiting and even culling old access rights if you want a sustainable, process-driven approach. It would be ideal if these problems could be automated away, but they can't. Tools can help, but not if you don't take into account best practice principles such as these. The goal posts never stop moving, and identity management becomes more complex - so if you want to slay your provisioning demons, be prepared for a long battle. Otherwise, back in the real world, they will just return to bite you on the backside. ? From rforno at infowarrior.org Mon Jul 12 11:41:24 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 12 Jul 2010 12:41:24 -0400 Subject: [Infowarrior] - How Will the Cyber Command Actually Work? Message-ID: A Defense Technology Blog How Will the Cyber Command Actually Work? Posted by Paul McLeary at 7/12/2010 9:29 AM CDT http://paulmcleary.typepad.com/paul_mcleary/2010/07/how-will-the-cyber-command-actually-work.html Most journalists have learned the hard way that going to conferences about cyber security aren?t really the best way to actually collect material to write stories about cyber security. Shockingly little of value is ever uttered at these gatherings, which mostly consist of buzzwords like ?digital natives,? and vague promises of trying to find ?synergy? between different branches of government and private industry. Things weren?t much different at last week?s 2nd Annual Cybersecurity Symposium sponsored by the Armed Forces Communications and Electronics Association, but since the conference was packed with a roster of A-list names in the cyber security game, there were several notable exceptions. Director of Intelligence & Counter Intelligence for the U.S. Dept. of Energy Bruce Held warned the audience that just building firewalls and other defenses against intrusion just won't be enough, since ?a static cyber defense can never win against an agile cyber offense.? In other words, no matter how many attacks the United States will be able to repel in the coming years, there will always be more on the way. ?You beat me 99 times, I will come after you 100 times," he said, "beat me 999 times, I will come after you 1000 times, and we will beat you.? Another panelist, Ed Mueller, who serves as Chairman of The President's National Security Telecommunications Advisory Committee added that while the United States has ?made a big push over the last several years to become more tactical? when it comes to thwarting cyber attacks, the government needs to continue to innovate, and that ?this bridge between private [industry] and public [government] is absolutely essential.? True enough, but when you look at the way the government?and the military in particular?is approaching the issue, the sheer volume of different offices and cyber commands not only confounds, but overwhelms. Just look at the participants of the final panel of the day, complete with their job titles as printed in the conference?s schedule: Maj Gen. Suzanne Vautrinot, USAF - Director of Plans & Policy (J5) U.S. Cyber Command (USCYBERCOM); Maj Gen George Allen, USMC, Deputy Director, Marine Corps Forces Cyber Command (MARFORCYBER), & Director, Command, Control, Communications & Computers (C4) & CIO; RDML Robert E. Day, Jr., USCG Director, Coast Guard Cyber Command; Brig. Gen. Greg Brundidge, USAF Director, Communications & Information (J6) & Deputy Director for Cyber, EUCOM Plans & Ops Center (EPOC) U.S. European Command (USEUCOM); COL (Promotable) Mark R. Quantock, U.S. Army, Nominated for Director of Operations (G-3), Army Forces Cyber Command (ARFORCYBER) Given the pervasive nature of the threat, it's heartening to see each service branch taking the problem so seriously. Conversely, one wonders how all of these different Cyber commands are going to coalesce into one big, happy family under USCYBERCOM. Even discussing the problem is complcated. The new Cyber Command?s director of plans and policy, Maj. Gen. Vautrinot, flat out said that ?nobody here has one job,? since those tasked with heading up their services? cyber operations are ?dual-hatted? to Cyber Command. Brig. Gen. Gregory Brundidge added that the services have to ?harmonize? their efforts, and quickly. He mentioned that when he was deployed to Iraq, the services ?were fighting to get information because everyone was reporting up through their own services. If there is one lesson we?ve learned over the years, it?s that anything that brings our efforts closer together and harmonizes things is going to get us much farther along in our journey?what we?re all grappling with today is how ? we bring all these things together that we have created in our own cocoons,? he said. While it sounded like everyone involved recognizes the problems created by so many commands trying to report up though the chain to USCYBERCOM, no one was able to offer any ideas as to how this will actually happen in practice. One wonders if, at this point, such a thing is even possible. From rforno at infowarrior.org Mon Jul 12 17:31:13 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 12 Jul 2010 18:31:13 -0400 Subject: [Infowarrior] - Collage: Defeating Censorship with User-Generated Content Message-ID: Collage: Defeating Censorship with User-Generated Content http://gtnoise.net/projects/7-anti-censorship/7-collage-defeating-censorship-with-user-generated-content Oppressive regimes and even democratic governments restrict Internet access. Existing anti-censorship systems often require users to connect through proxies, but these systems are relatively easy for a censor to discover and block. This project offers a possible next step in the censorship arms race: rather than relying on a single system or set of proxies to circumvent censorship ?rewalls, we explore whether the vast deployment of sites that host user-generated content can breach these ?rewalls. We have developed Collage, which allows users to exchange messages through hidden channels in sites that host user-generated content. Collage has two components: a message vector layer for embedding content in cover traf?c; and a rendezvous mechanism to allow parties to publish and retrieve messages in the cover traf?c. Collage uses user-generated content (e.g., photo-sharing sites) as ?drop sites? for hidden messages. To send a message, a user embeds it into cover traf?c and posts the content on some site, where receivers retrieve this content using a sequence of tasks. Collage makes it dif?cult for a censor to monitor or block these messages by exploiting the sheer number of sites where users can exchange messages and the variety of ways that a message can be hidden. Our evaluation of Collage shows that the performance overhead is acceptable for sending small messages (e.g., Web articles, email). Applications use Collage to send and receive messages, by hiding these messages inside user-generated cover content (e.g., images, tweets, etc.) and publishing them on user-generated content hosts like Flickr or Twitter. At the receiver, Collage fetches the cover content from content hosts and decodes the message. By hiding data inside user-generated content as they traverse the network, Collage escapes detection by censors. Software Release We will be releasing Collage within the next few weeks. Publications ? Chipping Away at Censorship with User-Generated Content S. Burnett, N. Feamster, and S. Vempala USENIX Security Symposium. August 2010 From rforno at infowarrior.org Mon Jul 12 19:28:31 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 12 Jul 2010 20:28:31 -0400 Subject: [Infowarrior] - WH meeting will stress economic side of cybersecurity Message-ID: <41DD6604-A49E-4DD9-BE79-5741CBE6043F@infowarrior.org> White House meeting will stress economic side of cybersecurity By Gautham Nagesh - 07/12/10 02:13 PM ET Cyber czar Howard Schmidt will hold a meeting on Wednesday with Secretary of Commerce Gary Locke and Department of Homeland Security Secretary Janet Napolitano, where he is expected to discuss how to improve private-sector cybersecurity through economic incentives. The stated purpose of the meeting is to discuss the activities since President Barack Obama unveiled the administration?s ?Cyber Space Policy Review? last May. Among those invited is Larry Clinton, president of the Internet Security Alliance, which represents a range of critical private security industries concerned about cybersecurity. Clinton said the policy review was the first government document that began to address cybersecurity as an economic rather than operational issue. ?Cybersecurity obviously has technical components, but it?s more of a strategic and operational problem. You have to look at things from that economic perspective,? Clinton told Hillicon Valley on Monday. ?For example, if you take a technical operational perspective, you?re really focusing on how cyber-attacks occur, not why they occur.? Clinton said the reason cyber-attacks are so plentiful is that all of the economic incentives currently favor the hackers, at least with regards to private-sector attacks. He said cyber-attacks on private networks are ?comparatively easy to launch, cheap to launch, the amount you can steal is enormous, and the chances of getting caught are miniscule.? That?s because ? according to Clinton ? security is inherently a generation behind the attackers, and the increasingly interwoven nature of the Internet means private companies are forced to guard a perimeter that?s virtually limitless. ?It?s so easy and so profitable to have these cyber-attacks, it doesn?t matter how good the firewalls are,? Clinton said. ?People will attack because the incentive is so enormous to do so.? Clinton said the Obama administration is the first to see the issue from this perspective, which has long been advocated by industry. He said Secretary of State Hillary Clinton laid out some elements of the new policy approach during a speech in January following reports of hackers in China targeting the e-mail accounts of human rights activists. Clinton also noted that Locke?s presence at Wednesday?s meeting is another indication the administration is seeking industry cooperation. He said he expects the administration to consider tax, liability and insurance incentives among other steps to encourage industry to increase its network security. Source: http://thehill.com/blogs/hillicon-valley/technology/108203-white-house-meeting-will-stress-economic-side-of-cybersecurity From rforno at infowarrior.org Tue Jul 13 13:51:19 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 13 Jul 2010 14:51:19 -0400 Subject: [Infowarrior] - U.S. Appeals Court Strikes Down FCC Indecency Policy Message-ID: <28ABE441-FF53-4181-AF0E-0CD335875E47@infowarrior.org> U.S. Appeals Court Strikes Down FCC Indecency Policy By Patricia Hurtado and Bob Van Voris - Jul 13, 2010 http://www.bloomberg.com/news/2010-07-13/fcc-fleeting-expletive-policy-struck-down-by-u-s-appeals-court-as-vague.html July 13 (Bloomberg) --A federal appeals court in New York struck down the U.S. Federal Communications Commission?s indecency policy, saying it violates the First Amendment right to free speech because it?s ?unconstitutionally vague.? The court considered the agency?s censure of ?fleeting expletives? on live television shows. The U.S. Supreme Court ruled last year in a challenge to the policy by media companies that the ?pervasiveness of foul language? and the ?coarsening to public entertainment? justified the commission?s more stringent regulation of broadcast programs. The high court directed the appeals court in Manhattan to consider the constitutionality of the policy, resulting in today?s ruling. ?We now hold that the FCC?s policy violates the First Amendment because it is unconstitutionally vague, creating a chilling effect that goes far beyond the fleeting expletives at issue here,? the three-judge appeals panel wrote. The case is Fox Television Stations Inc. v. FCC, 06-1760, Second Circuit Court of Appeals (Manhattan). To contact the reporter on this story: Patricia Hurtado in New York at pathurtado at bloomberg.net; Bob Van Voris in New York at rvanvoris at bloomberg.net. From rforno at infowarrior.org Tue Jul 13 14:08:53 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 13 Jul 2010 15:08:53 -0400 Subject: [Infowarrior] - Backlash grows vs. full-body scanners Message-ID: <6B136B0F-A197-421E-9D91-13C97D4333D9@infowarrior.org> Backlash grows vs. full-body scanners Fliers worry about privacy, health risks By Gary Stoller USA TODAY http://www.usatoday.com/printedition/news/20100713/1abodyscans13_st.art.htm Opposition to new full-body imaging machines to screen passengers and the government's deployment of them at most major airports is growing. Many frequent fliers complain they're time-consuming or invade their privacy. The world's airlines say they shouldn't be used for primary security screening. And questions are being raised about possible effects on passengers' health. "The system takes three to five times as long as walking through a metal detector," says Phil Bush of Atlanta, one of many fliers on USA TODAY's Road Warriors panel who oppose the machines. "This looks to be yet another disaster waiting to happen." The machines ? dubbed by some fliers as virtual strip searches ? were installed at many airports in March after a Christmas Day airline bombing attempt. The Transportation Security Administration (TSA) has spent more than $80 million for about 500 machines, including 133 now at airports. It plans to install about 1,000 by the end of next year. The machines are running into complaints and questions here and overseas: ?The International Air Transport Association, which represents 250 of the world's airlines, including major U.S. carriers, says the TSA lacks "a strategy and a vision" of how the machines fit into a comprehensive checkpoint security plan. "The TSA is putting the cart before the horse," association spokesman Steve Lott says. ?Security officials in Dubai said this month they wouldn't use the machines because they violate "personal privacy," and information about their "side effects" on health isn't known. ?Last month, the European Commission said in a report that "a rigorous scientific assessment" of potential health risks is needed before machines are deployed there. It also said screening methods besides the new machines should be used on pregnant women, babies, children and people with disabilities. The U.S. Government Accountability Office said in October that the TSA was deploying the machines without fully testing them and assessing whether they could detect "threat items" concealed on various parts of the body. And in March, the office said it "remains unclear" whether they would have detected the explosives that police allege Umar Farouk Abdulmutallab tried to detonate on a jet bound for Detroit on Christmas. TSA spokeswoman Kristin Lee says the agency completed testing at the end of last year and is "highly confident" in the machines' detection capability. She also says their use hasn't slowed screening at airports and that the agency has taken steps to ensure privacy and safety. The TSA is deploying two types of machines that can see underneath clothing. One uses a high-speed X-ray beam, and the other bounces electromagnetic waves off a passenger's body. Passengers can refuse screening by the machines and receive a pat-down search by a security officer, screening by a metal detector, or both, the TSA says. From rforno at infowarrior.org Tue Jul 13 14:15:13 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 13 Jul 2010 15:15:13 -0400 Subject: [Infowarrior] - 'Hollywood Accounting' Losing In The Courts Message-ID: 'Hollywood Accounting' Losing In The Courts If you follow the entertainment business at all, you're probably well aware of "Hollywood accounting," whereby very, very, very few entertainment products are technically "profitable," even as they earn studios millions of dollars. A couple months ago, the Planet Money folks did a great episode explaining how this works in very simple terms. The really, really, really simplified version is that Hollywood sets up a separate corporation for each movie with the intent that this corporation will take on losses. The studio then charges the "film corporation" a huge fee (which creates a large part of the "expense" that leads to the loss). The end result is that the studio still rakes in the cash, but for accounting purposes the film is a money "loser" -- which matters quite a bit for anyone who is supposed to get a cut of any profits. For example, a bunch of you sent in the example of how Harry Potter and the Order of the Phoenix, under "Hollywood accounting," ended up with a $167 million "loss," despite taking in $938 million in revenue. This isn't new or surprising, but it's getting attention because the income statement for the movie was leaked online, showing just how Warner Bros. pulled off the accounting trick:..... < - > http://www.techdirt.com/articles/20100708/02510310122.shtml From rforno at infowarrior.org Tue Jul 13 21:01:48 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 13 Jul 2010 22:01:48 -0400 Subject: [Infowarrior] - =?windows-1252?q?Rules_Seek_to_Expand_Diagnosis_o?= =?windows-1252?q?f_Alzheimer=92s?= Message-ID: July 13, 2010 Rules Seek to Expand Diagnosis of Alzheimer?s http://www.nytimes.com/2010/07/14/health/policy/14alzheimer.html?hp=&pagewanted=print By GINA KOLATA For the first time in 25 years, medical experts are proposing a major change in the criteria for Alzheimer?s disease, part of a new movement to diagnose and, eventually, treat the disease earlier. The new diagnostic guidelines, presented Tuesday at an international Alzheimer?s meeting in Hawaii, would mean that new technology like brain scans would be used to detect the disease even before there are evident memory problems or other symptoms. If the guidelines are adopted in the fall, as expected, some experts predict a two- to threefold increase in the number of people with Alzheimer?s disease. Many more people would be told they probably are on their way to getting it. The changes could also help drug companies that are, for the first time, developing new drugs to try to attack the disease earlier. So far, there are no drugs that alter the course of the disease. Development of the guidelines, by panels of experts convened by the National Institute on Aging and the Alzheimer?s Association, began a year ago because, with a new understanding of the disease and new ways of detection, it was becoming clear that the old method of diagnosing Alzheimer?s was sorely outdated. The current formal criteria for diagnosing Alzheimer?s require steadily progressing dementia ? memory loss and an inability to carry out day-to-day activities, like dressing or bathing ? along with a pathologist?s report of plaque and another abnormality, known as tangles, in the brain after death. But researchers are now convinced that the disease is present a decade or more before dementia. ?Our thinking has changed dramatically,? said Dr. Paul Aisen, an Alzheimer?s researcher at the University of California, San Diego, and a member of one of the groups formulating the new guidelines. ?We now view dementia as a late stage in the process.? The new guidelines include criteria for three stages of the disease: preclinical disease, mild cognitive impairment due to Alzheimer?s disease and, lastly, Alzheimer?s dementia. The guidelines should make diagnosing the final stage of the disease in people who have dementia more definitive. But, the guidelines also say that the earlier a diagnosis is made the less certain it is. And so the new effort to diagnose the disease earlier could, at least initially, lead to more mistaken diagnoses. Under the new guidelines, for the first time, diagnoses will aim to identify the disease as it is developing by using results from so-called biomarkers ? tests like brain scans, M.R.I. scans and spinal taps that reveal telltale brain changes. The biomarkers were developed and tested only recently and none have been formally approved for Alzheimer?s diagnosis. One of the newest, a PET scan, shows plaque in the brain ? a unique sign of Alzheimer?s brain pathology. The others provide strong indications that Alzheimer?s is present, even when patients do not yet have dementia or even much memory loss. Dr. Aisen says he foresees a day when people in their 50s routinely have biomarker tests for Alzheimer?s and, if the tests indicate the disease is brewing, take drugs to halt it. That is a ways off but, he said, but ?it?s where we are heading.? ?This is a major advance,? said Dr. John Morris, an Alzheimer?s researcher at Washington University in St. Louis who helped formulate the guidelines. ?We used to say we did not know for certain it was Alzheimer?s until the brain is examined on autopsy.? Dr. Ronald Petersen, an Alzheimer?s researcher at the Mayo Clinic in Minnesota and chairman of the Alzheimer?s Association?s medical and scientific advisory council, said adding biomarkers to a diagnosis would be a big improvement. Today, he says, when a patient comes with memory problems, doctors might say that the person has a chance of developing Alzheimer?s in the next decade, a chance of not getting much worse for several years, and a chance of actually getting better. Tests like brain scans, Dr. Petersen said, ?will allow us to be much more definitive.? If the tests show changes characteristic of Alzheimer?s disease, a doctor can say, ?I think you are on the Alzheimer?s road.? That can be a difficult conversation, but it can allow patients and their families to plan. ?At least it?s a conversation the physician can have with the patient,? Dr. Petersen said. Alzheimer?s experts welcomed the new criteria. ?Over all, I think this is a giant step in the right direction,? said Dr. P. Murali Doraiswamy, a psychiatry professor and Alzheimer?s disease researcher at Duke University who was not involved with making the guidelines. ?It moves us closer to the cause of the disease rather than just looking at symptoms.? But, he added, it also is a huge change. ?This has implications for everybody alive, anybody who is getting older,? Dr. Doraiswamy said. Among other things, he said, it will encourage a lot more testing. And, Dr. Doraiswamy said, ?diagnosis rates, like testing rates, only go in one direction ? up.? Doctors will have to learn new terms ? preclinical Alzheimer?s; prodromal, or early stage, Alzheimer?s. Patients going to see a doctor with memory problems might be offered biomarker tests, which can be expensive. The ripple extends beyond doctors and patients, Dr. Doraiswamy said. The new diagnostic criteria also have consequences for lawyers, insurance companies and workers? compensation programs. And, he said, people have to be prepared for unintended consequences, which always occur when the diagnosis of a disease is changed. For now, he said: ?We ought to be cautious that we don?t stimulate all this testing before we can give people something to manage their disease. There is no point in giving them just a label.? From rforno at infowarrior.org Wed Jul 14 06:55:22 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 14 Jul 2010 07:55:22 -0400 Subject: [Infowarrior] - Hacking the Electric Grid? You and What Army? Message-ID: Hacking the Electric Grid? You and What Army? ? By Michael Tanji ? July 13, 2010 | ? 2:00 pm | ? Categories: Info War http://www.wired.com/dangerroom/2010/07/hacking-the-electric-grid-you-and-what-army/ Grid-hacking is back in the news, with the unveiling of ?Perfect Citizen,? the National Security Agency?s creepily named effort to protect the networks of electrical companies and nuclear power plants. People have claimed in the past to be able to turn off the internet, there are reports of foreign penetrations into government systems, ?proof? of foreign interest in attacking U.S. critical infrastructure based on studies, and concerns about adversary capabilities based on allegations of successful critical infrastructure attacks. Which begs the question: If it?s so easy to turn off the lights using your laptop, how come it doesn?t happen more often? The fact of the matter is that it isn?t easy to do any of these things. Your average power grid or drinking-water system isn?t analogous to a PC or even to a corporate network. The complexity of such systems, and the use of proprietary operating systems and applications that are not readily available for study by your average hacker, make the development of exploits for any uncovered vulnerabilities much more difficult than using Metasploit. To start, these systems are rarely connected directly to the public internet. And that makes gaining access to grid-controlling networks a challenge for all but the most dedicated, motivated and skilled ? nation-states, in other words. Let?s pretend for a moment that hackers were planning to attack the United States. What would they need to do to gather enough information necessary to take out the electrical power in key parts of the country? They don?t want to fiddle at the edges, mind you. They want to have enough data to build the technical capability necessary to shut out the lights in Washington or New York or California at precisely the time and for exactly the duration they want. For starters, they would need to know things like: Where are the power plants? What kind of plants are they? What sort of fuel do they use? Who built them and when? What sort of materials and technology were used when they were built? Who manufactured the generators, turbines and other key equipment? Whose SCADA software are they running? Who runs the plants? How does fuel, people, supplies get into or out of the plant? What sort of security do they have? And perhaps most importantly: Which plants supply power to which parts of the country? Where to begin? Even in places like the United States, where there isn?t much you cannot find online, you?re not going to be able to get the depth and detail you need to turn off the lights with a simple network connection. You?re going to have to deploy national-level resources: * HUMINT (human intelligence, aka spies) to collect both open and private (though not necessarily classified) material about plant construction and operation. In the United States, we?re pretty good at announcing who won a contract to do what. In less open societies, it is going to take time to identify who is most likely to have the information you need and then more time to try and figure out the best way to get them to provide that information to you (if they?ll do it at all). * IMINT (imagery intelligence, aka satellite or aerial pictures) to help analysts and engineers determine what sort of plant it is, give some idea as to where its various components may be located, the number of people it takes to run it, etc. * SIGINT (signals intelligence, aka intercepted communications) to pick up key words, terms and conversations by those who built or are building the plant, who are working at the plant, who provide supplies and transport workers to the plant, to hear what local media and officials are saying about plant operations, reliability, etc. * MASINT (measurement and signature intelligence) to gauge from afar things like temperature, magnetic fields, vibrations, exhaust and other meaningful emanations. These can be used to help determine what is likely to be happening behind walls that a human source might not be able to reach (or understand), and to help confirm (or dispute) what other intelligence sources report. The point being: A purely online approach is simply not going to provide you with the type and volume of information you are going to need to accomplish your mission. Which is why, if you are trying to deny an adversary access to such information, you need organizations like the NSA (and others in the intelligence community) involved. These are the sorts of missions they are supposed to be undertaking: defending us against national-level threats. Sending forth agents to ?spy out the land? costs money, takes people, requires logistics, takes time; all things that can be detected and exploited no matter how ?cyber? some portions of the effort may be. The real problem with Perfect Citizen is not in its goals, but in its sponsor. Intelligence agencies do some amazing things, but intelligence-involvement in civilian systems is a bad idea for many reasons. The head of NSA said as much just last year; of course that was before he put two hats as both the Director of NSA and Commander of U.S. Cyber Command. The argument that the NSA is the perfect place for such a program because of the skills of its employees is certainly compelling, but it does nothing to overcome the fact that NSA is predominantly an intelligence agency. We have a Cyber Command now, and a Cabinet-level Department charged with protecting the Homeland, which allegedly has its own cybersecurity capabilities and responsibilities. True, Perfect Citizen could rightfully fall into the bucket of responsibilities of NSA?s defensive mission, but as argued recently, you cannot convince most people that the left and right hands of the agency are not working together, and that?s a problem if you are into things like liberty and freedom from unnecessary government intrusion and such. Having worked at the NSA and for related organizations, I know perfectly well how seriously agency employees take their responsibility to not ?spy on Americans,? but I also know that in a panic, real or contrived, people will cave with the best of intentions. If the government truly believes that we need a strong intelligence presence inside our critical infrastructure systems, they should consider taking some less expensive, less risky, and more practical steps: * Use the federal government?s Intergovernmental Personnel Act program to shift grid-protecting expertise to DHS. The true measure of a government organization?s power is its ability to get the best talent on the job, on demand and by name. Anything else is just filling the ranks with ?those who can be spared.? * Get as many industry geeks security clearances so that information sharing is more equitable. Government is notoriously parsimonious when it comes to providing information of any value, while it simultaneously harps on industry to give more. Clearing the the bosses isn?t enough; if technical management cannot see for themselves what the real threats are, there is no hope for the implementation of practical solutions. * Implement a simple, anonymous info-brokerage system to reduce the burden associated with providing information. It?ll also eliminate the public stigma and legal jeopardy (via shareholder or customer lawsuits) private sector organizations risk should word of vulnerabilities or breaches become public. * Come up with a system of rewards for industry participation in data sharing and infrastructure security efforts. Two quick ideas: tax breaks for demonstrably improving IT security, and conditional relief from certain regulatory burdens for active, meaningful participation in sharing efforts. Absent additional information, it is hard to determine the full extent of what Perfect Citizen will provide in the way of improved security or situational awareness of foreign threats. Longtime observers of government involvement in this business cannot help but think that we are listening to the echo of past historical failures in this area and ignoring new ideas and promising research that could produce meaningful solutions that don?t involve letting spooks in the wire. From rforno at infowarrior.org Wed Jul 14 07:27:05 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 14 Jul 2010 08:27:05 -0400 Subject: [Infowarrior] - RIAA Profit/Loss from Lawsuits Message-ID: <0E2BBA18-DCA0-4D4C-BD4D-07AA00908209@infowarrior.org> ...with a biz plan that generates this kind of return, is it any wonder they're in trouble? Oh, wait - their CEO is still raking in a few million in salary, so I guess he's doing something right in their eyes!!! Go team, go!! -rick Ha ha ha ha ha. RIAA paid its lawyers more than $16,000,000 in 2008 to recover only $391,000!!! The RIAA's "business plan" is even worse than I'd guessed it was. The RIAA paid Holmes Roberts & Owen $9,364,901 in 2008, Jenner & Block more than $7,000,000, and Cravath Swain & Moore $1.25 million, to pursue its "copyright infringement" claims, in order to recover a mere $391,000. [ps there were many other law firms feeding at the trough too; these were just the ones listed among the top 5 independent contractors.] Embarrassing. If the average settlement were $3,900, that would mean 100 settlements for the entire year. As bad as it was, I guess it was better than the numbers for 2007, in which more than $21 million was spent on legal fees, and $3.5 million on "investigative operations" ... presumably MediaSentry. And the amount recovered was $515,929. And 2006 was similar: they spent more than $19,000,000 in legal fees and more than $3,600,000 in "investigative operations" expenses to recover $455,000. So all in all, for a 3 year period, they spent around $64,000,000 in legal and investigative expenses to recover around $1,361,000. http://recordingindustryvspeople.blogspot.com/2010/07/ha-ha-ha-ha-ha-riaa-paid-its-lawyers.html From rforno at infowarrior.org Wed Jul 14 13:33:24 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 14 Jul 2010 14:33:24 -0400 Subject: [Infowarrior] - July 2010 ACTA draft leaked Message-ID: <90248EB5-56BE-4445-AE7F-C605FBC97D48@infowarrior.org> Here is the full consolidated text of the ACTA agreement, dated July 1st 2010. This is the full text from the Luzern round of negotiations, including the name of the negotiating parties along with their positions. It apparently comes from the civil liberties committee (LIBE) of the European Parliament. < -- > http://www.laquadrature.net/en/new-acta-leak-2010-07-13-consolidated-text-luzern-round From rforno at infowarrior.org Wed Jul 14 20:08:37 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 14 Jul 2010 21:08:37 -0400 Subject: [Infowarrior] - Bellovin: Comments on WH Trusted ID Scheme Message-ID: Comments on the National Strategy for Trusted Identities in Cyberspace Jul 12, 2010 9:28 AM PDT By Steven Bellovin http://www.circleid.com/posts/comments_on_the_national_strategy_for_trusted_identities_in_cyberspace/ The White House has recently released a draft of the National Strategy for Trusted Identities in Cyberspace. Some of its ideas are good and some are bad. However, I fear it will be a large effort that will do little, and will pose a threat to our privacy. As I've written elsewhere, I may be willing to sacrifice some privacy to help the government protect the nation; I'm not willing to do so to help private companies track me when it's quite useless as a defense. The fundamental premise of the proposed strategy is that our serious Internet security problems are due to lack of sufficient authentication. That is demonstrably false. The biggest problem was and is buggy code. All the authentication in the world won't stop a bad guy who goes around the authentication system, either by finding bugs exploitable before authentication is performed, finding bugs in the authentication system itself, or by hijacking your system and abusing the authenticated connection set up by the legitimate user. All of these attacks have been known for years. The stress on authentication as a major defensive component is not new. It was in the report "Securing Cyberspace for the 44th Presidency"; I commented on that when it was first released. My caveats about too much emphasis on authentication still stand. What's new here is some detailed design principles. Fundamentally, the current draft is proposing a federated authentication system, with many different identity providers. But that's not new; it's been tried a number of times in the past, by such groups as the Liberty Alliance. Such efforts have been notable for their lack of success in the market. If this system is to be truly voluntary, as the draft states, why should this effort succeed? (Of course, whether or not the scheme proposed will actually be voluntary is open to some debate. The draft says the government will not "require individuals to obtain high-assurance digital credentials if they do not want to engage in high-risk online transactions with the government or otherwise". In other words, you don't have to participate, as long as you're willing to forgo things like online banking, electronic filing of tax returns, perhaps working in certain jobs, etc.) One very good thing the draft suggests is the use of attribute credentials rather than identity credentials. If done properly, that can provide very good privacy protection. To be effective, though, the government needs mechanisms?yes, strong privacy laws and regulations?that encourage use of attributes without identity whenever possible. We need ways to discourage collection of identity information unless identity is actually needed to deliver the requested service. There has been a lot of academic work on unlinkable credentials, such as Stefan Brands' schemes and those by Jan Camenisch and Anna Lysyanskaya. It is disappointing that the White House draft did not allude to such schemes. In fact, I'm concerned that there is no desire for true technical privacy mechanisms; the mention of forensics as a major goal worries me. If we're going to have multiple credentials, as the draft envisions, a lot of attention needs to be paid to making these identities usable. The report notes the problem but suggests that identity providers should conduct studies on the subject, presumably to ensure that their offerings are usable. That's wrong; users deal with their own authentication agent, which in turn talks to providers without the user knowing or caring very much about how that is done. But that means that the authentication agent, in the computer, phone, or what have you, needs to be designed for usability. Of course, by centralizing authentication you've created a new, critical resource: the authentication manager. What better target for a malicious hacker.... Given all this, should we be focusing on authentication? Apart from the forensics issue (and I think that that is a major goal, though it is hardly stressed), I fear that people are looking under the lamppost for their keys. While there are certainly some challenges to doing authentication at such scale, it is a much simpler problem than buggy code. I suspect that this is being proposed because it looks doable, even though it will do little to solve the real problems and will create other risks. By Steven Bellovin, Professor of Computer Science at Columbia University. From rforno at infowarrior.org Wed Jul 14 21:26:22 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 14 Jul 2010 22:26:22 -0400 Subject: [Infowarrior] - GAO List of Airline Fees - 2010 Message-ID: <8CCFA5D8-3DDB-46A7-A1E9-AA0DE736509B@infowarrior.org> Other Airline-Imposed Fees of 17 Airlines http://abcnews.go.com/images/Travel/airline_fees.pdf From rforno at infowarrior.org Thu Jul 15 09:06:59 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 15 Jul 2010 10:06:59 -0400 Subject: [Infowarrior] - DARPA issues call for computer science devotees Message-ID: <98446A38-2623-4AE4-80DD-BF90B2C80F16@infowarrior.org> DARPA issues call for computer science devotees DARPA wants university-based researchers to come up with the next big computer science idea ? for the military By Layer 8 on Wed, 07/14/10 - 5:54pm. http://www.networkworld.com/community/node/63697 The Defense Advanced Research Projects Agency is looking for a few good computer science researchers who might be interested in developing systems for the US military. The move is seen, in part anyway, as a way for the agency to win more heart and minds of the advanced science community. Specifically, DARPA said proposed research should investigate innovative approaches that enable revolutionary advances in science, devices, or systems. 15 genius algorithms that aren't boring Anyone it picks would join the 2011 Computer Science Study Group (CSSG) which meets at varying times during the year to "rapidly identify ideas in the field of computer science that will provide revolutionary advances, rather than incremental benefit, to the Department of Defense(DoD)." DARPA says up to 12 participants selected for the 2011 CSSG. As of calendar year 2010, 59 professors from 39 universities are either CSSG participants or alumni, DARPA added. DARPA said: "Participants in this 2011 CSSG will be encouraged to consider their research interests in light of DoD challenges in the field of computer science, and then to further explore the synergies in their research programs to develop novel ideas and applications that will lead to fundamental advances in the field rather than incremental change." The CSSG will consist of a Base Period of twelve months followed by two Option Periods. Option Period 1 is for a period of time from 12 to up to 24 months. DARPA said it anticipates an additional Option Period 2 for a period of time of up to 12 months. For base period performance commencing around April 2011, funding will be in an amount not to go over $100,000. The restrictions? An eligible participant must be a junior faculty member at a US higher education institution. Participants should be no more than seven years beyond receiving a doctoral degree, pretenure junior faculty, with demonstrated exceptional potential for world?class contributions to the field of computer science. From rforno at infowarrior.org Thu Jul 15 11:36:42 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 15 Jul 2010 12:36:42 -0400 Subject: [Infowarrior] - =?windows-1252?q?Cybersecurity_Progress_after_Pre?= =?windows-1252?q?sident_Obama=92s_Address?= Message-ID: <8680FC19-0672-43DA-8130-B3B2EC7BB42D@infowarrior.org> Cybersecurity Progress after President Obama?s Address July 14, 2010 I. Introduction In his address in May 2009, President Obama announced his intention to make cybersecurity a priority for his Administration with a ?new comprehensive approach to securing America?s digital infrastructure.? In the 14 months following that address and the release of the President?s Cyberspace Policy Review (CPR), the Administration has taken concrete steps to achieve that goal, making cyberspace more secure. The Cyberspace Policy Review included a number of near-term action items which built upon the Comprehensive National Cybersecurity Initiative (CNCI). The following is a progress report related to those action items and high-priority CNCI initiatives, and additional achievements of the past 14 months. < -- > http://www.whitehouse.gov/administration/eop/nsc/cybersecurity/progressreports/july2010 From rforno at infowarrior.org Thu Jul 15 11:42:05 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 15 Jul 2010 12:42:05 -0400 Subject: [Infowarrior] - Droid X actually self-destructs if you try to mod it Message-ID: Droid X actually self-destructs if you try to mod it by Devin Coldewey on July 14, 2010 http://www.mobilecrunch.com/2010/07/14/droid-x-actually-self-destructs-if-you-try-to-mod-it/ Well, I might have recommended a Droid X for big-phone-lovin? fandroids out there? but now that I?ve read about Motorola?s insane eFuse security system, I?m going to have to give this one a big fat DON?T BUY on principle. I won?t restate all my reasons for supporting the modding, hacking, jailbreaking, and so on of your legally-owned products here ? if you?re interested in a user?s manifesto, read this ? but suffice it to say that deliberately bricking a phone if the user fiddles with it does not fall under the ?reasonable? category of precautions taken by manufacturers. Really. If you want to make it difficult to hack, that?s fine. You think your software should be enough, that?s fine. But once I pay money for the item, it?s mine, and disabling my device because you don?t like what I?m doing with it falls under the category of sabotage. Here?s what eFuse does. This information is a couple days old but it?s worth reading if you?re interested in Android, development, or open standards in general. Besides, I just found out about it, so you have to read my words whether you like it or not. or you could just stop reading. Either way. Anyway: If the eFuse failes to verify this information then the eFuse receives a command to ?blow the fuse? or ?trip the fuse?. This results in the booting process becoming corrupted and resulting in a permanent bricking of the Phone. This FailSafe is activated anytime the bootloader is tampered with or any of the above three parts of the phone has been tampered with. It requires a hardware fix, apparently, only available through Motorola, of course. This is the equivalent of a MacBook detonating some core component if you try to install an OS to dual boot. Will many users run into this problem? Probably not, but Android is a platform that not only was founded on the idea of openness, but thrives because of it. The grey market of sideloaded apps and custom ROMs will only get more popular and more easily accessed as people realize that their phones are tiny computers waiting to be customized. That idea is anathema to Motorola and clearly they will continue to stoop to unreasonable means to ?protect? their hardware ? which you bought and paid for. So here?s my official recommendation: don?t buy a Droid phone and don?t recommend them to your friends. There are too many good options out there that aren?t locked down by nefarious means. Look up a Galaxy phone or wait for the next awesome thing to come along. Vote with your wallet and tell Motorola ?open or GTFO.? From rforno at infowarrior.org Thu Jul 15 15:00:06 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 15 Jul 2010 16:00:06 -0400 Subject: [Infowarrior] - What's in Financial Reform Bill? Message-ID: What's in Financial Reform Bill? Most Americans Don't Know Reuters | 15 Jul 2010 | 03:07 PM ET http://www.cnbc.com/id/38262799 The broadest overhaul of US financial rules since the Great Depression won final approval in the Senate on Thursday. Yet over 70% of Americans know nothing about the legislation. < --- > Now that the bill is set to become law, here's a rundown of the key elements: TITLE I. Systemic Risk A council of regulators chaired by the secretary of the Treasury would be created to monitor big-picture risks in the financial system. The Financial Stability Oversight Council could identify firms that threaten stability and subject them to tighter oversight by the Federal Reserve. The Fed and the council could break up firms that have not responded to earlier measures and pose an urgent threat. TITLE II. Ending Bailouts The bill would set up an "orderly liquidation" process that the government could use in emergencies, instead of bankruptcy or bailouts, to dismantle firms on the verge of collapse. The goal is to end the idea that some firms are "too big to fail" and avoid a repeat of 2008, when the Bush administration bailed out AIG and other firms but not Lehman Brothers. Lehman's subsequent bankruptcy froze capital markets. Under the new rule, firms would have to have "funeral plans" that describe how they could be shut down quickly. The Federal Deposit Insurance costs for running liquidations would be covered in the short term by a Treasury credit line, then recouped by sales of the liquidated firms' assets. In case of shortfalls, costs could be further covered by claw-backs of any payments to creditors that exceeded liquidation value, and fees charged to other large firms. The FDIC could guarantee the debts of solvent insured banks to prevent bank runs. But this could only happen if the boards of the FDIC and the Fed decided financial stability was threatened, Treasury approved the terms, and the president activated a rapid process for congressional approval. TITLE III. Supervising Banks The U.S. Office of Thrift Supervision, which was widely criticized in the run-up to the 2007-2009 credit crisis, would be closed and most of its duties shifted to the Comptroller of the Currency. Banks would be barred from converting their charters to escape regulatory enforcement actions. The FDIC's deposit insurance coverage would be permanently raised to $250,000 per individual from $100,000. TITLE IV. Hedge Funds Private equity and hedge funds with assets of $150 million or more would have to register with the Securities and Exchange Commission, exposing them to more scrutiny. Venture capital funds would be exempted from full registration. Investment advisers would have to manage assets of $100 million or more to be federally regulated, an increase from the present $30 million level. The change would shift some of the oversight for small firms from the SEC to the states. TITLE V. Insurance A new federal office would be created to monitor, but not regulate, the insurance industry, which is now policed only at the state level. The move would appease opponents of centralized regulation by keeping real power out of Washington's hands, while giving big insurers that want a single regulator a foothold they might be able to expand from in the future. TITLE VI. Volcker Rule And Bank Standards Under a rule proposed by White House economic adviser Paul Volcker, the bill would bar proprietary trading unrelated to customers' needs at banks that enjoy government backing, with some of the details of implementation left up to regulators. Banks could continue to invest up to 3 percent of their Tier 1 capital in private equity and hedge funds, not to exceed 3 percent of any single fund's total ownership interest. Private equity and hedge fund interests above the new caps would have to be divested over time, under the Volcker rule. In addition, the largest banks' ability to expand would be limited by a new cap on share of industry-wide liabilities. Non-bank financial firms supervised by the Fed would face limits on proprietary trading and fund investing as well. Bank holding companies within five years would have to stop counting trust-preferred securities and other hybrids as Tier 1 capital, a key measure of a bank's balance sheet strength. Firms with assets under $15 billion could count current holdings of hybrids as Tier 1 capital, but not any new ones. The bill would also require credit exposure from derivative transactions to be added to banks' lending limits. In addition, bank capital standards could not sink below those already on the books, and a 15-to-1 leverage standard could be imposed on firms that threaten financial stability. The bill would also make bank holding companies follow higher capital standards observed by bank subsidiaries. Analysts expect the Volcker rule and related changes to cut profit at firms such as Bank of America, Goldman Sachs, Morgan Stanley and JPMorgan Chase. TITLE VII. Over-The-Counter Derivatives The bill would impose regulation for the first time on the $615 trillion over-the-counter derivatives market, including credit default swaps like those that dragged down AIG. Much OTC derivatives traffic would be rerouted through more accountable and transparent channels such as exchanges, electronic trading platforms and central clearinghouses. Banks would also have to spin off the riskiest of their swap-clearing desk operations, but could keep many swaps in-house, including derivatives to hedge their own risks. Some end-users of OTC derivatives would be exempted from central clearing requirements. Swap-dealers' ownership interests in clearinghouses would be limited. JPMorgan, Bank of America and other commercial banks could face structural changes from the bill, while it could boost business for clearing and trading venues such as CME and IntercontinentalExchange, analysts said. TITLE VIII. Payment, Clearing And Settlement Supervision of firms that settle payments among financial institutions would be broadened. TITLE IX. Protecting Investors On brokers and how they interact with investors, the SEC, after a study, could order brokers who give investing advice to follow a higher standard of client care. On credit rating agencies, a new SEC office to regulate the agencies would be created. The SEC would have two years to study the widely criticized industry. Afterward, unless it comes up with a better idea, the agency would have to implement a plan to form a government panel to assign agencies to debt issuers for initial ratings of new structured securities. Rating agencies would also be exposed to more legal risk. On debt securitization, lenders that make loans and then sell them off as securities would have to retain at least 5 percent of the loans' risk on their books, unless the loans meet certain standards for reducing risk. The SEC's enforcement powers would be beefed up and its funding levels raised. On executive pay, shareholders periodically could cast non-binding votes on top managers' compensation packages, while their role in electing directors would also be enhanced. Corporations would have to allow claw-backs of executive pay if it was based on inaccurate financial information. TITLE X. Protecting Consumers A new government watchdog would be established to regulate mortgages, credit cards and other consumer financial products. The Consumer Financial Protection Bureau would be a separate unit within the Fed and funded by the central bank. It would consolidate consumer programs now dispersed across several agencies. Its director would be nominated by the president and confirmed by the Senate. The CFPB would answer, in some instances, to the Financial Stability Oversight Council. Car dealers, who fought for and won an exemption, would be beyond the watchdog's reach. Fees charged on debit-card transactions would be limited. TITLE XI. Federal Reserve The Fed's emergency lending would be exposed to congressional scrutiny, but not its decisions on interest rates. New limits would be placed on the Fed's so-called 13(3) emergency lending authority TITLE XII. Financial Access Programs would be supported to help people without bank accounts to open them and to improve access to small loans and enhance financial literacy. TITLE XIII. Funding The costs of the reform bill would be met by funds raised from shutting down the $700 billion Troubled Asset Relief Program, and increasing the amounts of money that banks must pay to insure their deposits. An earlier funding plan that targeted a new tax at large Wall Street banks and financial firms was dropped after some Senate Republicans complained about it. TITLE XIV. Mortgage Reform Mortgage lenders would have to assess borrowers' ability to repay before making a loan. Pre-payment penalties against borrowers and bonuses to lenders known as "yield spread premiums" would be barred, with violators facing penalties. Other new protections would be set up for borrowers aimed at ending predatory and abusive mortgage lending practices. Copyright 2010 Reuters. Click for restrictions. URL: http://www.cnbc.com/id/38262799/ From rforno at infowarrior.org Thu Jul 15 21:33:13 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 15 Jul 2010 22:33:13 -0400 Subject: [Infowarrior] - Junkware (uninstallable) on Droid-X Message-ID: <8ECFA837-D58E-41D3-91EC-9E5F827CC04F@infowarrior.org> Yeah, junkware worked so well on the PC world, why not try it again on mobile devices? Epic Fail. --rf 'Junkware' comes standard on Verizon, T-Mobile smart phones July 15, 2010 | 5:24 pm http://latimesblogs.latimes.com/technology/2010/07/android-junkware.html Remember the golden days of personal computing when you'd bring home that expensive wonder box, remove the machine from its Styrofoam swaddling, plug it in, switch it on and -- hey! What's this? AOL? Quicken SE? A 3-D chess game with a license that expires after a few plays? Well, customers who bought Motorola's new Droid X smart phone or Samsung's Vibrant, both of which launched Thursday, may feel a tinge of deja vu. The Droid X comes loaded with several nonstandard applications for Google's Android, most of which cannot be removed. Among the phone's so-called junkware is a Blockbuster video app and a demo for an Electronic Arts game called Need for Speed: Shift. The software from the struggling movie retail chain includes a store locator and a section to download mobile movies from Blockbuster's catalog. This app cannot be uninstalled from the phone's software library using any traditional means. Users can delete it from the home screen, but it lives on -- permanently part of the software embedded on the device. The EA racing game, which provides limited functionality and a large button on the introduction screen urging players to buy the full version, can be removed. Skype, which is included with other Android handsets Verizon sells, is a permanent fixture, as is a utility called City ID. The latter program provides location information about phone numbers on the incoming call screen. But it works for only 15 days before asking users to pay $1.99 per month. Verizon spokesman Ken Muche said the carrier and Motorola "worked together on what apps shipped with phone to give customers a broad feel for what it can do." He didn't respond to a follow-up e-mail asking whether any money had changed hands in those agreements. The T-Mobile Vibrant phone from Samsung, meanwhile, has four of these extra apps staring you in the face. One is the movie "Avatar," permanently loaded onto the device in case you are a giant fan. Another is a live video channel called MobiTV -- good for only 30 days. The third is a link to install an EA game called The Sims 3: Collector's Edition. The last is an outdated version of Amazon's Kindle app. There's also Slacker Radio, which cannot be used before providing an e-mail address, and a button leading to Gogo Inflight Internet's website, which includes a one-month trial for Web surfing (only on plans that provide the service). Try as you might, none of these apps can be uninstalled. "T-Mobile put each of these partnerships into place to deliver a great mobile entertainment experience on the device," T-Mobile spokesman David Henderson said in an e-mail. Android, an open-source system, is attracting a growing number of developers to build apps. Standing out from the more than 60,000 apps in Google's Marketplace requires some ingenuity -- or at least some good connections. However, Android isn't the only operating system that's victim to junkware. HTC's HD2, a Windows Mobile phone for T-Mobile, also includes some unusual software picks, including a Blockbuster app. So who's to blame for this annoying bloat? "I'd say the carriers might be more nefarious on this than the device manufacturers," said Steve Drake, a mobile analyst for IDC. "The carriers have the final say about what goes on there" because they generally handle promotion, support and distribution of the phones. The exception to this is Apple, Drake added. Because the company has its own stores for distribution and technical support, the iPhone maker has avoided many of the pitfalls of the standard U.S. carrier-manufacturer relationship. "What goes in the box is a fight between the carrier and the device manufacturer that you wouldn't believe," Drake said. "A lot of it can be driven from a revenue perspective." -- Mark Milian From rforno at infowarrior.org Fri Jul 16 06:52:05 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 16 Jul 2010 07:52:05 -0400 Subject: [Infowarrior] - DC rattled by area's largest recorded earthquake Message-ID: <7138E518-C24C-4A9D-890F-A168F7C21D73@infowarrior.org> Don't ask me, I slept through it. -rick D.C. rattled by area's largest recorded earthquake 'It started as a low audible rumble that built to a crescendo' http://today.msnbc.msn.com/id/38274327/ns/us_news-life/ WASHINGTON ? The largest earthquake ever recorded within 30 miles of Washington, D.C., rattled the capital early Friday, waking many residents but causing no reported damage. The quake hit at 5:04 a.m. ET with a magnitude of 3.6, according to the U.S. Geological Survey. It was centered near Rockville, Md., the USGS National Earthquake Information Center said. NBC News reported that the quake was felt in the D.C.-area, Maryland, Virginia, West Virginia and Pennsylvania. Amy Vaughn, a spokesperson for USGS, told WRC-TV that the quake was the largest recorded within 50 kilometers (31 miles) of Washington since a database was created in 1974. The previous record within that time period was a 2.6 magnitude temblor in 1990. "So this is pretty significant for your area," Vaughn told WRC-TV. Story continues below More below Advertisement | ad info Sponsored links Marketplace Gloria Jackson, a police communications supervisor for the Montgomery County Police Department, said the department has received numerous calls about the earthquake, but that no injuries or significant property damage had been reported as of 5:35 a.m. ET. NBC News correspondent Jim Miklaszewski said he felt the quake for about 10 seconds at his Maryland home, which is located about 25 miles north of the capital. "It started as a low audible rumble that built to a crescendo and shook the house and rattled the windows," he added. NBC News colleague Tom Costello told TODAY that the quake reminded him of a "massive freight train" passing by. From rforno at infowarrior.org Fri Jul 16 21:24:37 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 16 Jul 2010 22:24:37 -0400 Subject: [Infowarrior] - BP buys up gulf scientists Message-ID: <621F5186-6690-48D5-BED1-757B3DAAD00E@infowarrior.org> BP buys up Gulf scientists for legal defense, roiling academic community Published: Friday, July 16, 2010, 5:00 AM Updated: Friday, July 16, 2010, 4:14 PM Ben Raines, Press-Register http://blog.al.com/live/2010/07/bp_buys_up_gulf_scientists_for.html For the last few weeks, BP has been offering signing bonuses and lucrative pay to prominent scientists from public universities around the Gulf Coast to aid its defense against spill litigation. BP PLC attempted to hire the entire marine sciences department at one Alabama university, according to scientists involved in discussions with the company's lawyers. The university declined because of confidentiality restrictions that the company sought on any research. The Press-Register obtained a copy of a contract offered to scientists by BP. It prohibits the scientists from publishing their research, sharing it with other scientists or speaking about the data that they collect for at least the next three years. "We told them there was no way we would agree to any kind of restrictions on the data we collect. It was pretty clear we wouldn't be hearing from them again after that," said Bob Shipp, head of marine sciences at the University of South Alabama. "We didn't like the perception of the university representing BP in any fashion." BP officials declined to answer the newspaper's questions about the matter. Among the questions: how many scientists and universities have been approached, how many are under contract, how much will they be paid, and why the company imposed confidentiality restrictions on scientific data gathered on its behalf. Shipp said he can't prohibit scientists in his department from signing on with BP because, like most universities, the staff is allowed to do outside consultation for up to eight hours a week. More than one scientist interviewed by the Press-Register described being offered $250 an hour through BP lawyers. At eight hours a week, that amounts to $104,000 a year. Scientists from Louisiana State University, University of Southern Mississippi and Texas A&M have reportedly accepted, according to academic officials. Scientists who study marine invertebrates, plankton, marsh environments, oceanography, sharks and other topics have been solicited. The contract makes it clear that BP is seeking to add scientists to the legal team that will fight the Natural Resources Damage Assessment lawsuit that the federal government will bring as a result of the Gulf oil spill. The government also filed a NRDA suit after the Exxon Valdez spill. In developing its case, the government will draw on the large amount of scientific research conducted by academic institutions along the Gulf. Many scientists being pursued by BP serve at those institutions. Robert Wiygul, an Ocean Springs lawyer who specializes in environmental law, said that he sees ethical questions regarding the use of publicly owned laboratories and research vessels to conduct confidential work on behalf of a private company. Also, university officials who spoke with the newspaper expressed concern about the potential loss of federal research money tied to professors working for BP. With its payments, BP buys more than the scientists' services, according to Wiygul. It also buys silence, he said, thanks to confidentiality clauses in the contracts. "It makes me feel like they were more interested in making sure we couldn't testify against them than in having us testify for them," said George Crozier, head of the Dauphin Island Sea Lab, who was approached by BP. Richard Shaw, associate dean of LSU's School of the Coast and Environment, said that the BP contracts are already hindering the scientific community's ability to monitor the affects of the Gulf spill. "The first order of business at the research meetings is to get all the disclosures out. Who has a personal connection to BP? We have to know how to deal with that person," Shaw said. "People are signing on with BP because the government funding to the universities has been so limited. It's a sad state of affairs." Wiygul, who examined the BP contract for the Press-Register, described it as "exceptionally one-sided." "This is not an agreement to do research for BP," Wiygul said. "This is an agreement to join BP's legal team. You agree to communicate with BP through their attorneys and to take orders from their attorneys. "The purpose is to maintain any information or data that goes back and forth as privileged." The contract requires scientists to agree to withhold data even in the face of a court order if BP decides to fight such an order. It stipulates that scientists will be paid only for research approved in writing by BP. The contracts have the added impact of limiting the number of scientists who're able to with federal agencies. "Let's say BP hired you because of your work with fish. The contract says you can't do any work for the government or anyone else that involves your work with BP. Now you are a fish scientist who can't study fish," Wiygul said. A scientist who spoke to the Press-Register on condition of anonymity because he feared harming relationships with colleagues and government officials said he rejected a BP contract offer and was subsequently approached by the National Oceanic and Atmospheric Administration with a research grant offer. He said the first question the federal agency asked was, "'is there a conflict of interest,' meaning, 'are you under contract with BP?'" Other scientists told the newspaper that colleagues who signed on with BP have since been informed by federal officials that they will lose government funding for ongoing research efforts unrelated to the spill. NOAA officials did not answer requests for comment. The agency also did not respond to a request for the contracts that it offers scientists receiving federal grants. Several scientists said the NOAA contract was nearly as restrictive as the BP version. The state of Alaska published a 293-page report on the NRDA process after the Exxon Valdez disaster. A section of the report titled "NRDA Secrecy" discusses anger among scientists who received federal grants over "the non-disclosure form each researcher had signed as a prerequisite to funding." "It's a very strange situation. The science is already suffering," Shaw said. "The government needs to come through with funding for the universities. They are letting go of the most important group of scientists, the ones who study the Gulf." ? 2010 al.com. All rights reserved. From rforno at infowarrior.org Sat Jul 17 22:39:58 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 17 Jul 2010 23:39:58 -0400 Subject: [Infowarrior] - Government Wants Your Individual Obesity Rating By 2014 Message-ID: <42A3BA92-6A8E-4F5A-AF49-3F3415AB4F08@infowarrior.org> Government Wants Your Individual Obesity Rating By 2014 Submitted by KC Kelly Ph.D. on 2010-07-16 http://www.huliq.com/10017/government-wants-your-individual-obesity-rating-2014 All Americans, by 2014 will be required to have an individual obesity rating electronically recorded. It has been determined that under the new health stimulus law passed by President Barack Obama recently, that all Americans, by 2014, will be required to have electronic health records which will include their height, weight and body mass index (BMI). BMI is a formula that calculates ones body measurements, including height and weight, in order to come up with an individual obesity rating. Calculation of BMI is the preferred method of the Centers for Disease Control and Prevention (CDC) for measuring obesity and coming up with an obesity rating, which is the measure of a person?s body fat percentage. Regina Benjamin, the U.S. Surgeon Genera stated that according to the CDC, ?BMI provides a reliable indicator of body fatness for most people and is used to screen for weight categories that may lead to health problems.? America has been criticized for being a nation that actually promotes obesity and hence leads American's to have health issues. The new health regulation also stipulates that the electronic records, including BMI will be able to quickly send individual health records as public health data to state and federal health agencies such as the HHS and the CDC. The new obesity-rating regulation will be enforced in every American's electronic health record. The regulation states that it must, ?Calculate body mass index. Automatically calculate and display body mass index (BMI) based on a patient?s height and weight.? In addition, these electronic health records will be available for viewing on a national exchange. Seems a bit invasive, say many, but there will be security measures in place on these electronic records to try to help with privacy. The 2009 economic stimulus law, already in place, has made some additions. The most major; this new regulation and requirement for obesity ratings within electronic records. This is the government's first step towards adopting a new universal requirement for electronic health records (EHRs) by 2014. Secretary Kathleen Sebelius and Dr. David Blumenthal, the National Coordinator for Health Information Technology for Health and Human Services (HHS), shared on Tuesday that under the stimulus law, health care providers, including doctors and hospitals, must establish "meaningful use" of EHRs by 2014 in order to qualify for federal subsidies. If they do not comply, they will risk getting penalized in the form of diminished Medicare and Medicaid payments. As outlined in Section 3001 of the stimulus law, it reads, "The National Coordinator shall, in consultation with other appropriate Federal agencies (including the National Institute of Standards and Technology), update the Federal Health IT Strategic Plan (developed as of June 3, 2008) to include specific objectives, milestones, and metrics with respect to the following: (i) The electronic exchange and use of health information and the enterprise integration of such information.??(ii) The utilization of an electronic health record for each person in the United States by 2014." From rforno at infowarrior.org Sun Jul 18 09:46:48 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 18 Jul 2010 10:46:48 -0400 Subject: [Infowarrior] - =?windows-1252?q?France=92s_Three-Strikes_Law_for?= =?windows-1252?q?_Internet_Piracy_Hasn=92t_Brought_Any_Penalties?= Message-ID: <2EA7D901-C5DB-4E20-A740-7444B3D78A4D@infowarrior.org> July 18, 2010 France?s Three-Strikes Law for Internet Piracy Hasn?t Brought Any Penalties http://www.nytimes.com/2010/07/19/technology/internet/19iht-CACHE.html By ERIC PFANNER PARIS ? In the World Cup final between Spain and the Netherlands, the referee, Howard Webb, handed out a record 14 yellow cards. Nonetheless, the game turned nasty, as the players apparently concluded that Mr. Webb was all bark and no bite. Is something similar happening in the French government?s high-profile battle against digital piracy of music, movies and other media content? Nearly three years ago President Nicolas Sarkozy proposed what was to have been the world?s toughest crackdown on illegal file-sharing. After two years of political, judicial and regulatory setbacks, the legislation was approved last September, authorizing the suspension of Internet access to pirates who ignored two warnings to quit. Early this year, the government set up an agency to implement the law. Since then, not a single warning has been sent out; not a single broadband connection has been cut. At a news conference in June, the president of the agency, Marie-Fran?oise Marais, said it was ?technically and legally ready? to take action. The first warnings would be sent out ?before long,? she added. But she did not give a date, and news reports have shown growing unease about the legislation. Even some lawmakers in Mr. Sarkozy?s party have expressed doubts. Jean-Claude Larue, the head of a trade group representing video game publishers, questioned the cost of tracking pirated works, after officials of the new agency said they planned to pursue only the most prolific pirates, rather than all violators. He told the magazine L?Express that monitoring 100 games would cost more than ?400,000, or $517,000, a year. ?That?s a lot, and we want to be sure that Hadopi will deal with all the cases,? he said, referring to the French acronym for the new agency. Meanwhile, Jean-Fran?ois Cop?, leader in the National Assembly of Mr. Sarkozy?s party, the Union for a Popular Movement, or U.M.P., recently said he saw ?weaknesses? in the three-strikes law, adding that his position on the issue of piracy had ?evolved? since the vote, according to the newspaper Le Figaro. Mr. Cop? was speaking during a meeting to introduce a U.M.P. digital policy paper that appeared to challenge the rationale for the three-strikes approach. It states, ?Illegal downloading will be marginalized not by restrictive legislation but by technological progress and changing patterns of usage.? Digital music is indeed changing, both on the legal and illegal sides, as Internet users wake up to the convenience of cloud-based services offering on-demand listening, rather than the bother of downloading and storing music in their own computers or MP3 players. As consumer preferences and technology change, some people in the music industry are proposing new ways to deal with piracy. For example, PRS for Music, a royalty collection agency in Britain, proposed a levy on Internet service providers, based on the amount of pirated music that passes through their networks. The British government also recently approved legislation for a three-strikes approach. But, as in France, the measure has yet to be implemented. The French government seems unlikely to scrap the system, given the amount of political energy that has been expended. Some rights holders , are keeping the faith. ?This is a complex law and it needs time to clear every step of the implementation process,? said Marc Guez, general manager of an agency that collects licensing fees on behalf of record labels. ?Obviously, we would have been pleased if some steps were reached sooner than they were, but the major steps now have been reached.? Meanwhile, piracy persists. According to at least one study, by the U From rforno at infowarrior.org Sun Jul 18 09:49:04 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 18 Jul 2010 10:49:04 -0400 Subject: [Infowarrior] - Thousands More BitTorrent Users To Be Sued In The U.S. Message-ID: <0E8E952A-EB01-4B61-8A36-C45CEAC41062@infowarrior.org> Thousands More BitTorrent Users To Be Sued In The U.S. Written by Ernesto on July 18, 2010 http://torrentfreak.com/thousands-more-bittorrent-users-to-be-sued-in-the-u-s-100718 The troubles for U.S. based BitTorrent users who share movies without permission is far from over. The United States Copyright Group (USCG) has called in the help of 15 law firms to file lawsuits against BitTorrent users who refuse to settle. For those who are willing to pay, the USCG has set up a portal where alleged file-sharers can conveniently pay their settlements online. In March the U.S. Copyright Group imported the mass litigation ?pay up or else? scheme to the United States. The initial targets were relatively unknown indie films, but this changed when the makers of the Oscar-winning Hurt Locker joined the lucrative scheme, suing 5,000 alleged file-sharers all at once. Through legal action the copyright holders hope to compensate for the losses they claim piracy is causing. For the lawyers involved, the quest for settlements is also a profitable one as they get to keep 70% of the recouped money. The USCG is coordinating the scheme and has been preparing for the huge amounts of settlements they expect to come in. They?ve now set up a payment portal where ?victims? can conveniently pay off their debts online. All the defendants have to do is enter their Record ID and they are ready to settle. To ensure that the defendants pay up quickly instead of considering a court case, the USCG uses a variety of threats and persuasion tactics. In the Far Cry case the alleged downloaders were offered an initial settlement amount of ?just? $1,500. However, this would increase to $2,500 if they failed to pay up within three weeks. A classic persuasion tactic, which was followed by a threat that going to court could lead to a fine of up to $150,000. Up until now around 15,000 BitTorrent users have been sued as ?John Does?. Several of the defendants have already received settlement requests after their ISPs were ordered by the Court to give up their information. However, not all alleged file-sharers have been willing to settle immediately. To deal with these defiant defendants, the USCG has now called in the help of 15 law firms across the United States that will act as local counsel and pursue those who refuse to pay. The Hollywood Reporter claims that this will result in an ?explosion of lawsuits around the nation? starting in August. Although it?s not impossible, we have reason to doubt that there will indeed be thousands of cases against individuals. For one, the cost of this operation would be huge, and without doing a trial case it might turn into a financial disaster for the lawyers if their evidence doesn?t hold up. If anything, we believe that USCG is more likely to go after a handful of select individuals with poor defenses first, in order to set an example and to make clear where they stand. Perhaps the announcement should just be seen as a threat to those who are thinking about not settling their case? More news about the new round of lawsu From rforno at infowarrior.org Sun Jul 18 15:14:30 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 18 Jul 2010 16:14:30 -0400 Subject: [Infowarrior] - "Dmn Vulnerable Linux" distribution Message-ID: Damn Vulnerable Linux ? The most vulnerable and exploitable operating system ever! Jul. 17, 2010 (6:37 am) By: Matthew Humphries http://www.geek.com/articles/news/damn-vulnerable-linux-the-most-vulnerable-and-exploitable-operating-system-ever-20100717/ Usually, when installing a new operating system the hope is that it?s as up-to-date as possible. After installation there?s bound to be a few updates required, but no more than a few megabytes. Damn Vulnerable Linux is different, it?s shipped in as vulnerable a state as possible. The idea behind DVL is to offer an operating system for learning and research for security students. As the DVL website explains: Damn Vulnerable Linux (DVL) is everything a good Linux distribution isn?t. Its developers have spent hours stuffing it with broken, ill-configured, outdated, and exploitable software that makes it vulnerable to attacks. DVL isn?t built to run on your desktop ? it?s a learning tool for security students. At 1.8GB the ISO can be used as a Live CD, or installed as a virtual machine using a package like VirtualBox or VMWare. Once installed it can be used as a training environment for teaching, ?reverse code engineering, buffer overflows, shellcode development, web exploitation, and SQL injection?. Old versions of software including Apache, MySQL, PHP, FTP and SSH daemons are included as well as the tools needed to exploit them such as GCC, GDB, NASM, strace, ELF, Shell, DDD, LDasm, and LIDa. The idea for producing DVL came from Thorsten Schneider who runs the TeutoHack lab at Bielefeld University in Germany. The hacker lab includes a closed network which a laptop can be hooked up to for research into IT security, hacking, and malware. Throsten also teaches ethical hacking such as his lecture course Ethical Hacking ? Binary Auditing & RCE. DVL is free to download, but be warned this is a highly exploitable version of the Linux operating system and should only be used for teaching and experimentation. From rforno at infowarrior.org Mon Jul 19 07:14:32 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 19 Jul 2010 08:14:32 -0400 Subject: [Infowarrior] - WaPo: Top Secret America Message-ID: <8FF9A575-34DA-45D3-B096-349DB8B601A5@infowarrior.org> (The release of the WaPo investigation that's got the US intelligence community "on alert" ---rick) A hidden world, growing beyond control The top-secret world the government created in response to the terrorist attacks of Sept. 11, 2001, has become so large, so unwieldy and so secretive that no one knows how much money it costs, how many people it employs, how many programs exist within it or exactly how many agencies do the same work. These are some of the findings of a two-year investigation by The Washington Post that discovered what amounts to an alternative geography of the United States, a Top Secret America hidden from public view and lacking in thorough oversight. After nine years of unprecedented spending and growth, the result is that the system put in place to keep the United States safe is so massive that its effectiveness is impossible to determine. The investigation's other findings include: * Some 1,271 government organizations and 1,931 private companies work on programs related to counterterrorism, homeland security and intelligence in about 10,000 locations across the United States. * An estimated 854,000 people, nearly 1.5 times as many people as live in Washington, D.C., hold top-secret security clearances. * In Washington and the surrounding area, 33 building complexes for top-secret intelligence work are under construction or have been built since September 2001. Together they occupy the equivalent of almost three Pentagons or 22 U.S. Capitol buildings - about 17 million square feet of space. * Many security and intelligence agencies do the same work, creating redundancy and waste. For example, 51 federal organizations and military commands, operating in 15 U.S. cities, track the flow of money to and from terrorist networks. * Analysts who make sense of documents and conversations obtained by foreign and domestic spying share their judgment by publishing 50,000 intelligence reports each year - a volume so large that many are routinely ignored. < - > http://projects.washingtonpost.com/top-secret-america/articles/a-hidden-world-growing-beyond-control/ From rforno at infowarrior.org Mon Jul 19 07:34:13 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 19 Jul 2010 08:34:13 -0400 Subject: [Infowarrior] - Nokia buys Motorola Wireless Unit Message-ID: <426AED90-1D0E-46D6-9A85-240DF8017741@infowarrior.org> Nokia Siemens to Pay $1.2 Billion for Motorola Unit July 19, 2010, 8:04 AM EDT http://www.businessweek.com/news/2010-07-19/nokia-siemens-to-pay-1-2-billion-for-motorola-unit.html July 19 (Bloomberg) -- Nokia Siemens Networks, the world?s second-largest maker of wireless phone systems, said it will pay $1.2 billion for wireless network assets from Motorola Inc. to expand in North America and Japan. The joint venture of Nokia Oyj and Siemens AG will gain more than 50 customer relationships, it said in a statement today. Nokia Siemens said it would gain about 7,500 employees in the deal, which is predicted to close by year end. The transaction will enhance profitability and cash flow, it said. Nokia Siemens Networks, based in Espoo, Finland, wants to boost its presence in North America to compete with larger rival Ericsson AB and faster-growing competitors such as China?s Huawei Technologies Co. Nokia Siemens unsuccessfully bid twice for assets belonging to Toronto-based Nortel Networks Corp. during the past year after the telecommunications-equipment maker filed for bankruptcy protection and sold off units. ?It?s a positive for Nokia Siemens,? Pierre Ferragu, a London-based analyst with Sanford C. Bernstein, said in an interview. ?It?s good for them to get a foothold in North America, especially as this is going to be the strongest telecoms market? over the medium term, he said. Ferragu has a ?market perform? rating on Nokia and an ?outperform? rating on Motorola. Trimming Expenses Nokia Siemens has been cutting jobs and shutting offices to adjust to falling demand and price competition from Ericsson and Huawei. Nokia Siemens Chief Executive Officer Rajeev Suri said in November the company planned to expand through acquisitions and partnerships while trimming its existing operations. ?More scale for NSN makes sense,? Jason Willey, an equity analyst at Standard & Poor?s, said in an interview July 16. ?They have a hole where they really need stronger ties to customers in the U.S. and anything they could do to improve their scale and presence there would be a positive.? Nokia Siemens said the acquisition will strengthen its ties to operators Verizon Wireless, Sprint Nextel Corp. in the U.S., KDDI Corp. in Japan, China Mobile Ltd., and Vodafone Group Plc. The wireless business at Nokia Siemens is rooted in the GSM standards used by most carriers outside the U.S. and east Asia. Motorola sells GSM systems as well as gear based on CDMA, which is used by some North American and east Asian carriers and so- called fourth-generation technologies LTE and WiMAX. Motorola, based in Schaumburg, Illinois, is hanging on to a technology it developed called iDEN, it said in the statement. Spinoff Motorola?s sale of the wireless-network unit prepares it for a broader restructuring. The company is planning to spin off its mobile-phone and set-top box operations into a company that will be led by co-Chief Executive Officer Sanjay Jha. The spinoff is on schedule for the first quarter, Jha said last month. ?They?re getting rid of this asset for a very good price and it?s a good step towards the break-up plan? which will help them to be well capitalized next year,? Ferragu said. Sales from the wireless networks business fell 7 percent to $896 million last quarter from a year earlier, accounting for 18 percent of Motorola?s total revenue. The division?s operating profit climbed to $112 million from $62 million a year earlier, helped by contracts it won from companies such as China Mobile. Over the past decade, telecommunications-equipment companies have combined to cope with declines in spending by some customers. France?s Alcatel SA acquired Lucent Technologies Inc. in 2006 to create Alcatel-Lucent, a Paris-based rival to Nokia Siemens. New Technologies Nokia Siemens is the world?s second-largest maker of wireless phone systems behind Ericsson and roughly even with Huawei, according to Redwood City, California-based researcher Dell?Oro Group. Motorola is the fourth-largest company in CDMA wireless systems, according to the researcher. ?The margins that Ericsson has been able to squeeze out of Nortel?s wireless business and the demand in that business has so far been stronger than we expected,? Willey said. ?This indicates that some of those older technologies are going away slower than people expected -- there?s still more investment to be made in things like CDMA and iDEN.? --With assistance from Jeffrey McCracken. Editors: Robert Valpuesta, Simon Thiel. To contact the reporter on this story: Diana ben-Aaron in Helsinki at dbenaaron1 at bloomberg.net; Hugo Miller in Toronto at hugomiller at bloomberg.net. To contact the editor responsible for this story: Vidya Root in Paris at vroot at bloomberg.net; Peter Elstrom at pelstrom at bloomberg.net From rforno at infowarrior.org Mon Jul 19 18:30:05 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 19 Jul 2010 19:30:05 -0400 Subject: [Infowarrior] - CSIS: A Human Capital Crisis in Cybersecurity Message-ID: <5CF98490-84F5-4951-BEC1-DD4830405435@infowarrior.org> Capital Crisis in Cybersecurity Prepublication: A Human Capital Crisis in Cybersecurity By Karen Evans & Franklin S. Reeder Jul 16, 2010 Commission on Cybersecurity for the 44th Presidency, Technology and Public Policy Program http://csis.org/publication/prepublication-a-human-capital-crisis-in-cybersecurity From rforno at infowarrior.org Mon Jul 19 19:47:45 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 19 Jul 2010 20:47:45 -0400 Subject: [Infowarrior] - Google's Wi-Spying and Intelligence Ties Prompt Call for Congressional Hearing Message-ID: Google's Wi-Spying and Intelligence Ties Prompt Call for Congressional Hearing http://www.prnewswire.com/news-releases/googles-wi-spying-and-intelligence-ties-prompt-call-for-congressional-hearing-98769559.html SANTA MONICA, Calif., July 19 /PRNewswire-USNewswire/ -- Citing new information about Google's classified government contracts and the Internet giant's admitted Wi-Spying activity, Consumer Watchdog today said it is more imperative than ever for the Energy and Commerce Committee to conduct hearings into possible privacy violations by Google. In a letter to Committee Chairman Henry Waxman and Ranking Member Joe Barton, the nonpartisan, nonprofit public interest group's John M. Simpson wrote: "Based on today's Washington Post, it appears that Google holds classified U.S. government contracts to supply search and geospatial information to the U.S. government. In addition, White House records show that Google executives have been holding meetings with U.S. national security officials for undisclosed reasons. Finally, it also appears that Google's widely criticized efforts to collect wireless network data on American citizens were not inadvertent, contrary to the company's claims." "As history has repeatedly shown, alliances between the U.S. intelligence community and giant corporations that collect data on American citizens can be a toxic combination where the U.S. Constitution is concerned," the letter said. In a June 9 letter to the Energy and Commerce Committee, Google director for public policy Pablo Chavez asserted that Google "mistakenly included code in our software that collected samples of 'payload data'" from private WiFi networks. But review of a patent application from Google covering the gathering of WiFi data published Jan. 28 shows that the data collection program was a very deliberate effort to assemble as much information as possible about U.S. residential and business WiFi networks. The letter continued: "...what the patent does show is that Google's recent claims about how the Street View program was designed are not accurate, and that the company always intended to collect and store the 'packets' of wireless data that contain so-called payload information. "The patent makes repeated reference to 'capturing' packets, including paragraph [0055], which states that the system will enable geolocations so long as the equipment being used 'is able to capture and properly decode a packet...' "This raises serious questions about whether Google has engaged in a reckless effort to amass private data without giving any thought to the possible misuse of that information, and whether it can be trusted to safeguard the information it collects from the prying eyes of the U.S. government." Read the patent here: http://insidegoogle.com/wp-content/uploads/2010/07/US20100020776.pdf Read the letter here: http://insidegoogle.com/wp-content/uploads/2010/07/LtrWaxman071910.pdf In addition, White House visitor logs show that Alan Davidson, Google's Director of Public Policy and Government Affairs, has had at least three meetings with officials of the National Security Council since the beginning of last year. One of the meetings was with White House senior director for Russian affairs Mike McFaul, while another was with Middle East advisor Daniel Shapiro. It has also been widely reported that Google has been working in "partnership" with the National Security Agency, the very same government body that illegally intercepted the private communications of millions of Americans during the Bush administration. Consumer Watchdog, formerly the Foundation for Taxpayer and Consumer Rights is a nonprofit, nonpartisan consumer advocacy organization with offices in Washington, DC and Santa Monica, Ca. Consumer Watchdog's website is www.consumerwatchdog.org. Visit our new Google Privacy and Accountability Project website: http://insidegoogle.com. From rforno at infowarrior.org Tue Jul 20 07:21:33 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 20 Jul 2010 08:21:33 -0400 Subject: [Infowarrior] - WaPo #2: National Security Inc Message-ID: <564A85F2-75FA-48BA-9D35-8A14F0CAB1AD@infowarrior.org> National Security Inc. In June, a stone carver from Manassas chiseled another perfect star into a marble wall at CIA headquarters, one of 22 for agency workers killed in the global war initiated by the 2001 terrorist attacks. The intent of the memorial is to publicly honor the courage of those who died in the line of duty, but it also conceals a deeper story about government in the post-9/11 era: Eight of the 22 were not CIA officers at all. They were private contractors. To ensure that the country's most sensitive duties are carried out only by people loyal above all to the nation's interest, federal rules say contractors may not perform what are called "inherently government functions." But they do, all the time and in every intelligence and counterterrorism agency, according to a two-year investigation by The Washington Post. What started as a temporary fix in response to the terrorist attacks has turned into a dependency that calls into question whether the federal workforce includes too many people obligated to shareholders rather than the public interest -- and whether the government is still in control of its most sensitive activities. In interviews last week, both Defense Secretary Robert M. Gates and CIA Director Leon Panetta said they agreed with such concerns. The Post investigation uncovered what amounts to an alternative geography of the United States, a Top Secret America created since 9/11 that is hidden from public view, lacking in thorough oversight and so unwieldy that its effectiveness is impossible to determine. It is also a system in which contractors are playing an ever more important role. The Post estimates that out of 854,000 people with top-secret clearances, 265,000 are contractors. There is no better example of the government's dependency on them than at the CIA, the one place in government that exists to do things overseas that no other U.S. agency is allowed to do. < -- > http://projects.washingtonpost.com/top-secret-america/articles/national-security-inc/print/ From rforno at infowarrior.org Tue Jul 20 07:57:02 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 20 Jul 2010 08:57:02 -0400 Subject: [Infowarrior] - OT Nostalgia: MacPaint Source Code Message-ID: Ahh, memories .... and 'old world' programming style. :) -rick http://www.businessweek.com/technology/ByteOfTheApple/blog/archives/2010/07/apple_donates_macpaint_source_code_to_computer_history_museum.html Apple Donates MacPaint Source Code To Computer History Museum Posted by: Arik Hesseldahl on July 20, 2010 Apple Donates MacPaint Source Code To Computer History Museum One of the earliest bits of software that made the original Macintosh computer so interesting to use and unusual for its time was a drawing program called MacPaint. Released in 1984 with the Mac, it is fondly remembered not only by those who used it, but also by computer scientists for numerous first-of-a-kind innovations. Those who spend a lot of time using Adobe Photoshop constantly use such features as the lasso tool for selecting non-rectangular shapes, and the paint bucket for filling closed areas with a pattern, and later, color. Both first appeared in MacPaint. The program was unique at the time for its ability to create graphics that could then be used in other applications. Apple is today officially donating the source code to the Computer History Museum in San Jose, California. You can read more about the donation on the Museum?s website here. (http://www.computerhistory.org/highlights/macpaint/) < - > What you?ll find are actually two files, one containing the source code of MacPaint itself, the other containing QuickDraw, which Hertzfeld calls ?the single most important component of the original Macintosh technology.? It was a key enabling technology not only for MacPaint but for the entire Mac interface, and by itself amounts to about one-third of the source code for the original Macintosh operating system. MacPaint was last updated in 1988, with version 2.0. Apple, and later its software subsidiary Claris continued to sell it until 1998. Hertzfeld has much more to say about MacPaint here, on his fascinating Mac-history site Folklore.org. And there are some interesting screenshots of MacPaint in action here. From rforno at infowarrior.org Tue Jul 20 09:52:18 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 20 Jul 2010 10:52:18 -0400 Subject: [Infowarrior] - Appeals Court: Facts Are Not Copyrightable Message-ID: Appeals Court Reminds Documentary Makers That Facts Are Not Copyrightable from the and-again dept http://techdirt.com/articles/20100716/02273310241.shtml Two years ago, we wrote about how a court had ruled against a documentary filmmaker who was upset that the producers of the Hollywood film We Are Marshall hadn't paid them for the story. The documentary filmmakers had made a (what else?) documentary about the story of the football team at Marshall, where a plane crash killed the team, and then the school rebuilt its football program. The Warner Bros. film was about the same story, but as we pointed out at the time, facts aren't copyrightable, and anyone can make a film based on historical facts. It is true that Hollywood studios often will pay for the "rights" to a story from a newspaper or author, even though they don't need to secure the "rights" that way. They do so for a variety of reasons, such as getting more in-depth access to the writers for accuracy purposes or just for general endorsement. But there's no legal requirement to do so. The district court explained all of this to documentary filmmakers, but they appealed anyway, and now the appeals court has dumped the lawsuit as well, agreeing with the lower court, and explicitly pointing out you can't copyright facts. Simply because you made a documentary about a historical story, it doesn't give you ownership of that story. On top of that, it points out that there really aren't very many similarities between the stories, other than they're both based on the same historical situation, so there's no copyright infringement claim at all. The documentary filmmakers also tried a "breach of contract" claim, because Warner Bros. had talked to them about licensing the "rights" to the documentary (again, even though there's no legal reason to do so). But they never came to an agreement. And that's why the breach of contract argument fails. There was no contract to breach. It really is quite a statement on the "ownership of culture" ecosystem we've built up when some documentarians act as if making a documentary about a real historical story somehow gives them the rights to stop others from making a film about that story. From rforno at infowarrior.org Tue Jul 20 16:34:48 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 20 Jul 2010 17:34:48 -0400 Subject: [Infowarrior] - BP Pushes Doctored Image of "Command Center" Message-ID: <37207D96-A79E-4164-AAD3-39E20E939D17@infowarrior.org> http://www.cbsnews.com/stories/2010/07/20/national/main6695900.shtml NEW YORK, July 20, 2010 BP Pushes Doctored Image of "Command Center" Company Apparently Used Photoshop to Insert Images onto Blank Screens; Original Photo May Be from 2001 (CBS) A photo posted by BP supposedly showing the company's oil spill command center was really a Photoshopped collage and may have been based on a shot taken in 2001. The image was posted on BP's Web site and was distributed by the Associated Press - which charged $35 for it - and possibly other news services. It appeared prominently on CBSNews.com. The image showed the silhouettes of three men (or two in a cropped version) sitting in front of a bank of screens showing underwater operations around the busted BP oil well that has caused one of the biggest environmental disasters in U.S. history. Sloppy jagged edges around the men's silhouettes and the edges of the screens suggest that some of the screen images were added to the photo for effect. Blogger John Aravosis, who first first reported on the faked picture Monday night and on Tuesday pointed out evidence that another BP photo was faked. BP responded by posting what it said was the original, unedited photo, showing several blank screens. A spokesman, speaking to the Washington Post, blamed the photographer for inserting the screen images and insisted BP had done nothing wrong by pushing the altered photo. But Aravosis has raised additional questions. Data embedded in the digital image indicate that it was originally taken in March, 2001. And a professional photographer would likely have done a better job of Photoshopping the additional material into his original photo. From rforno at infowarrior.org Tue Jul 20 16:40:51 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 20 Jul 2010 17:40:51 -0400 Subject: [Infowarrior] - Politico.Com's questionable edits Message-ID: <8BDBCD85-2C06-4FCF-8D30-604FC0848A23@infowarrior.org> Politico Incorrect What the politics Web site deletes from its articles without telling anyone. By Jeremy Singer-Vine Updated Tuesday, July 20, 2010, at 3:56 PM ET http://www.slate.com/id/2260973/pagenum/all/ PoliticoLast month, Politico reported on the fallout from the mess Gen. Stanley McChrystal had made for himself in his interview with Michael Hastings in Rolling Stone. A day later, the Columbia Journalism Review noticed that Politico had removed two key sentences from its article. The deleted passage had speculated that a freelance reporter such as Hastings "would be considered a bigger risk to be given unfettered access, compared with a beat reporter, who would not risk burning bridges by publishing many of McChrystal's remarks." Politico said the edit was made for concision. Yet it got me wondering: How often does Politico, in the din of the news cycle, make significant changes to its copy after publishing it?without telling readers? Part of the answer, of course, depends on your definition of the word "significant." But part of it is simply math. To get the raw numbers, I wrote a series of fairly simple computer programs to monitor changes to all major Politico articles at regular intervals. (Here is more detail than you probably care to know about the programs.) After three weeks and nearly 400 articles, I have my answer: about 3 percent of the time. By the end of last week, 217 of the 382 articles (57 percent) tracked had been changed in some way. Because the program detects even the most trivial changes, like the deletion of superfluous white space, the vast majority of these changes were unremarkable. Amid hundreds of these trivial changes, however, we found 12 noteworthy alterations. That amounts to 3.1 percent of the articles we monitored. (We've posted the list in reverse-chronological order.) In the McChrystal meta-controversy?the one about Politico's deletions, not McChrystal's quotes?Politico deputy Managing Editor Tim Grieve said that he deleted the freelancers-vs.-beat-reporters sentences "solely for the purposes of keeping the story tight and readable" during a "substantial rework" of the article. Politico often updates articles continuously, its editors say, as a story evolves. Sometimes, but not always, a story will receive a second timestamp (marked in red) to indicate to readers that it has been updated. Probably the most baffling series of unacknowledged corrections visited an appreciation of the late Sen. Robert Byrd, an article Politico could have started preparing before it even launched. The initial version, published at 6:49 p.m. on June 28, included this account of Byrd's gradual decline in legislative power: But first in 1986, Byrd surrendered the Majority Leadership, and twelve years later, the chairmanship of the Appropriations Committee?for the good of the Senate and his party. The next morning, at 6:13, Politico updated this sentence, extending his chairmanship of the Appropriations Committee for another decade: But in 1986, Byrd surrendered the majority leadership, and 22 years later, the chairmanship of the Appropriations Committee?for the good of the Senate and his party. In fact, Byrd stepped down as chairman of the Appropriations Committee in 2008, not 1998. But wait! At 7:51 a.m., the sentence changed again: But at the end of 1988, Byrd surrendered the majority leadership, and 10 years later, the chairmanship of the Appropriations Committee?for the good of the Senate and his party. Almost there! But Politico again miscalculated the year Byrd surrendered his Appropriations Committee chairmanship. At 9:24 a.m., the sentence made one more attempt at scaling Mount Accurate: But at the end of 1988, Byrd surrendered the majority leadership, and 20 years later, the chairmanship of the Appropriations Committee?for the good of the Senate and his party. Actually, Republicans controlled the Senate from 1981 to 1987, so Byrd had surrendered the majority leadership for those years, too?a fact the article doesn't acknowledge until 10 paragraphs later. At least we know that, whatever he did, it was always for the good of the Senate and his party. Among the pool of articles we monitored, Politico issued just three corrections. One notified readers that Howard Kurtz did not publish the first report of a massage therapist's sexual-harassment allegations against Al Gore. One regarded the participants in a recent climate meeting. And one acknowledged that the site misidentified the author of a letter to President Obama. On the other hand, Politico failed to acknowledge changes it made on roughly a dozen articles, depending on how you count it. (See our list of deletions, corrections, and changes to judge for yourself.) After we contacted Politico with our list of unacknowledged corrections, the site's editors appended correction notices to six additional articles: the Byrd obituary, "House Adds $23B to War Funding Bill," "Gore Story Goes Mainstream," "Don't Let Midterms Take Us Back," "How Old Is Too Old?," and "A Conservative Dismisses Right-Wing Black Panther 'Fantasies'." The Web provides countless ways to deal with corrections?inline notices, hyperlinks, RSS feeds, and so on. Scott Rosenberg, Salon.com co-founder and director of MediaBugs.org, last week published four basic guidelines for online corrections. They're by no means the only solution, but they form a solid framework: ? Append a note to any article that's been corrected, explaining the change; ? Keep a list of these changes, linking to the corrected articles, at a fixed location on the site; ? Post a brief corrections policy, with information about how readers can report errors they find; ? Make sure that your corrections listing page and your corrections policy (whether they're on the same or different pages) are part of your site navigation?they should be accessible by one click from any page on your site. By this standard, Politico fails on all four counts. The site has no plans to publish a corrections policy, Editor-in-Chief John Harris said: "I'm not sure there needs to be a black-and-white policy." But Politico "ought to think about" keeping a running list of corrections, and its unwritten policy. Politico's unwritten policy is to append notices to articles "where something substantive was not correct," Harris said. In many of the stories cited in the sidebar, Harris acknowledged, "there was no thought or judgment applied." Since its launch, Politico has garnered widespread attention?and some derision?for its obsessive and detailed coverage. In many respects, it serves as a wire service for the digital age. But in the service of its "Win the Morning, Win the Afternoon, Win the Evening" strategy, Politico seems to have rewritten the old wire-service motto. It's no longer, "Get it first, but first get it right." For Politico, it's more like, "Get it first, and if you don't get it quite right, quietly change it later." From rforno at infowarrior.org Wed Jul 21 07:26:43 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 21 Jul 2010 08:26:43 -0400 Subject: [Infowarrior] - =?windows-1252?q?Drones_in_U=2ES=2E_skies_=96_to_?= =?windows-1252?q?keep_eye_on_us=3F?= Message-ID: <2A067BE9-6210-40B3-8814-50425AF8FC09@infowarrior.org> I normally don't run stuff from such "news" organisations but this article does raise some interesting questions. Of course, one does wonder if such an article would run at this site if a different party was in-charge of the country, but that's not something we need to debate here. What's important is the issue being discussed. -rick Drones in U.S. skies ? to keep eye on us? Posted: July 20, 2010 8:00 pm Eastern ? 2010 http://www.wnd.com/index.php?fa=PAGE.view&pageId=181749 In May of last year, David Kilcullen, a counterinsurgency adviser to Gen. David Petraeus from 2006 to 2008, co-authored a strategic analysis ("Death from Above, Outrage Down Below," New York Times, May 17, 2009). He emphasized that the "public outrage" among Pakistan's civilians caused by our drone attacks "is hardly limited to the region in which they take place." Extensively reported by the news media, "the persistence of these attacks on Pakistani territory offends people's deepest sensibilities, alienates them from their government, and contributes to Pakistan's instability." A year later, in Foreign Policy in Focus (fpif.org, May 19), Conn Hallinan, reporting on the increase in drone strikes in Pakistan, notes that the continuing controversy over the actual number of corollary civilian deaths "is a sharply debated issue." Neither President Obama, who authorizes them, nor the CIA, which does the actual killing, directly gives us the numbers. As for the Pakistani government's figures, Hallinan continues: "The word 'civilian' is a slippery one, because no one knows exactly what criteria the United States uses to distinguish a 'militant' from a civilian. Is someone with a gun a 'militant?' Since large numbers of males in the frontier regions of Pakistan carry guns, that definition would target a huge number of people." I mentioned this life-ending ambiguity in drone strikes to a person who claims to be concerned with human-rights abuses. Shrugging, she said: "I don't have to worry about that. The drones aren't coming here; and since they're pilotless, there are no American casualties. So I'm all for their use." But drones are indeed in our skies. Constitutionalist John Whitehead ? who is also a careful master researcher ? points out ("Drones Over America: Tyranny at Home," Rutherford.org, June 28), that "unbeknownst to most Americans, remote-controlled pilotless aircraft have been employed domestically for years now. They were first used as a national security tool for patrolling America's borders, and then as a means of monitoring citizens." When did government officials start ignoring our national charter ? and why does it continue? Find out in "Who Killed the Constitution?" He cites a 2006 news story, moreover, that "one North Carolina county is using a UAV (Unmanned Aerial Vehicle) equipped with low-light and infrared cameras to keep watch on its citizens. The aircraft has been dispatched to monitor gatherings of motorcycle riders at the Gaston County fairgrounds from just a few hundred feet in the air ? close enough to identify faces." As John Whitehead also reports, "Drones (are) a $2 billion cornerstone of the Obama administration's war efforts." And Defense Secretary Robert Gates adds, "The more we have used them, the more we have identified their potential in a broader and broader set of circumstances." So broad that ? and this is Whitehead's core discovery ? "the Federal Aviation Administration (FAA) is facing mounting pressure from state governments and localities to issue flying rights for a range of UAVs to carry out civilian and law-enforcement activities." You think a UAV won't be interested in you, innocent of any conceivable (even by the CIA) terrorist connections? Do not underestimate an all-seeing, suspicious government. "State police," writes Whitehead, "hope to send them up to capture images of speeding cars' license plates." And, in 2007, "insect-like drones were seen hovering over political rallies in New York and Washington, seemingly spying on protesters." As I was writing about drones watching over us, I found a triumphant breakthrough ("Unmanned Phantom Eye Demonstrator Unveiled," spacedaily.com, July 13): "The Boeing Company has unveiled the hydrogen-powered Phantom Eye unmanned airborne system." Said Darryl Davis, president of Boeing Phantom Works, at the St. Louis unveiling ceremony: "Phantom Eye is the first of its kind and could open up a whole new market in collecting data and communications. ... The capabilities in Phantom Eye's design will offer game-changing opportunities for our military, civil and commercial customers." Will we citizens have any say in whether we want to be part of this continually omnivorous government game? Whitehead gives you the answer: "Unfortunately, to a drone, everyone is a suspect because drone technology makes no distinction between the law-abiding individual and the suspect. Everyone gets monitored, photographed, tracked and targeted." (Column continues below) But not terminally targeted like the innocent civilians during Predator and Reaper strikes in Pakistan, Afghanistan and Yemen. However, the Obama administration has made it clear that, like its predecessor, it has decided the battlefield against terrorism can be anywhere ? including the United States. And should there be another 9/11 or a successful suicide bomber in New York's Times Square, the government ? with its ever-increasing, undeniable evidence of homegrown jihadists (who look just like your neighbors) may use UAVs not only for surveillance but in the self-defense of us all. Drones have already committed extra-judicial killings outside our borders. Are we immune at home? Whitehead summons James Madison: "A standing military force with an overgrown Executive will not long be safe companions to liberty. The means of defense against foreign danger have been always the instruments of tyranny at home." Are the drones to remain beyond the American rule of law? It's past time to begin to find out. So far, we are told nothing credible of whom we are targeting, and why, in other countries. We should at least be let in on the rules of this grim game as it may affect our own fate. Failing our responsibility as citizens, we have become almost entirely complicit in the extent and depth of our being continually surveilled at home outside the Constitution. Will drones continue to hover outside the Constitution? Barack Obama knows. Nat Hentoff is a nationally renowned authority on the First Amendment and the Bill of Rights and author of many books, including "The War on the Bill of Rights and the Gathering Resistance." From rforno at infowarrior.org Wed Jul 21 07:20:50 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 21 Jul 2010 08:20:50 -0400 Subject: [Infowarrior] - WaPo #3: The secrets next door Message-ID: <03575C85-3BB5-403B-A95B-73B463EED1D6@infowarrior.org> The secrets next door Tuesday, July 20, 2010; 11:46 PM In suburbs across the nation, the intelligence community goes about its anonymous business. Its work isn?t seen, but its impact is surely felt. The brick warehouse is not just a warehouse. Drive through the gate and around back, and there, hidden away, is someone's personal security detail: a fleet of black SUVs that have been armored up to withstand explosions and gunfire. Along the main street, the signs in the median aren't advertising homes for sale; they're inviting employees with top-secret security clearances to a job fair at Cafe Joe, which is anything but a typical lunch spot. The new gunmetal-colored office building is really a kind of hotel where businesses can rent eavesdrop-proof rooms. Even the manhole cover between two low-slung buildings is not just a manhole cover. Surrounded by concrete cylinders, it is an access point to a government cable. "TS/SCI," whispers an official, the abbreviations for "top secret" and "sensitive compartmented information" - and that means few people are allowed to know what information the cable transmits. All of these places exist just outside Washington in what amounts to the capital of an alternative geography of the United States, one defined by the concentration of top-secret government organizations and the companies that do work for them. This Fort Meade cluster is the largest of a dozen such clusters across the United States that are the nerve centers of Top Secret America and its 854,000 workers. Other locations include Dulles-Chantilly, Denver-Aurora and Tampa. All of them are under-the-radar versions of traditional military towns: economically dependent on the federal budget and culturally defined by their unique work. The difference, of course, is that the military is not a secret culture. In the clusters of Top Secret America, a company lanyard attached to a digital smart card is often the only clue to a job location. Work is not discussed. Neither are deployments. Debate about the role of intelligence in protecting the country occurs only when something goes wrong and the government investigates, or when an unauthorized disclosure of classified information turns into news. The existence of these clusters is so little known that most people don't realize when they're nearing the epicenter of Fort Meade's, even when the GPS on their car dashboard suddenly begins giving incorrect directions, trapping the driver in a series of U-turns, because the government is jamming all nearby signals. Once this happens, it means that ground zero - the National Security Agency - is close by. But it's not easy to tell where. Trees, walls and a sloping landscape obscure the NSA's presence from most vantage points, and concrete barriers, fortified guard posts and warning signs stop those without authorization from entering the grounds of the largest intelligence agency in the United States. < -- > http://projects.washingtonpost.com/top-secret-america/articles/secrets-next-door/print/ From rforno at infowarrior.org Wed Jul 21 07:47:03 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 21 Jul 2010 08:47:03 -0400 Subject: [Infowarrior] - Did the Credit Rating Agencies Go Extinct? Message-ID: <781C08C8-3324-4035-ACD0-449A0D17CA3B@infowarrior.org> Bond Sale? Don't Quote Us, Request Credit Firms By ANUSHA SHRIVASTAVA http://online.wsj.com/article/SB10001424052748704723604575379650414337676.html The nation's three dominant credit-ratings providers have made an urgent new request of their clients: Please don't use our credit ratings. The odd plea is emerging as the first consequence of the financial overhaul that is to be signed into law by President Obama on Wednesday. And it already is creating havoc in the bond markets, parts of which are shutting down in response to the request. Standard & Poor's, Moody's Investors Service and Fitch Ratings are all refusing to allow their ratings to be used in documentation for new bond sales, each said in statements in recent days. Each says it fears being exposed to new legal liability created by the landmark Dodd-Frank financial reform law. The new law will make ratings firms liable for the quality of their ratings decisions, effective immediately. The companies say that, until they get a better understanding of their legal exposure, they are refusing to let bond issuers use their ratings. That is important because some bonds, notably those that are made up of consumer loans, are required by law to include ratings in their official documentation. That means new bond sales in the $1.4 trillion market for mortgages, autos, student loans and credit cards could effectively shut down. There have been no new asset-backed bonds put on sale this week, in stark contrast to last week, when $3 billion of issues were sold. Market participants say the new law is partly behind the slowdown. "We are at a standstill right now," said Bingham McCutchen partner Ed Gainor, who specializes in asset-backed securities. Several companies are shelving their bond offerings "indefinitely," according to Tom Deutsch, executive director of the American Securitization Forum, which represents the market for bonds backed by assets such as auto loans and credit cards. He said he knew of three offerings scheduled for coming weeks that are now on hold. The change caught the ratings agencies by surprise. The original Senate version of the bill didn't include the provision. It was only on June 30, when the Dodd-Frank bill was passed, that the exemption was removed. The Senate passed the amended version on July 15. The offices of Sen. Christopher Dodd (D-Conn.) and Rep. Barney Frank (D-Mass.) didn't immediately respond to a request for comment. Rating firms have warned that sections of the legislation concerning ratings' firms legal liability could cause them to pull back from certain parts of the market. In an April 21 conference call, Moody's Chief Executive Raymond McDaniel told investors that "we remain concerned that the bill's liability provisions would lead to unintended consequences that could negatively impact the credit markets." If greater liability provisions were passed, he continued, "we would implement appropriate changes." He added that Moody's, a unit of Moody's Corp., would rethink whether it still made sense in a new regulatory environment to give ratings "for as many small and perhaps marginal issuers as possible." The confusion comes as investors, bankers and ratings companies across Wall Street seek to digest the intricacies of the new law, the most sweeping since the 1930s. The overhaul touches on virtually every part of the financial-services world, part of an effort by lawmakers to head off another financial crisis. Ratings providers became a lightning rod for criticism after the financial crisis. Their overly rosy assessments of many bonds, particularly complex securities and bonds backed by subprime mortgages, were blamed for helping fuel the meltdown of the credit markets. In response, the Dodd-Frank bill revamped how the government treated credit-ratings firms, which receive a special government designation that allows them certain privileges and market access Once the bill is signed into law, advice by the services will be considered "expert" if used in formal documents filed with the Securities and Exchange Commission. That definition would make them legally liable for their work, meaning that it will be easier to sue an firm if a bond doesn't perform up to the stated rating. That is a change from the current law, which considers ratings merely an opinion, protected like any other media such as a newspaper. Prior to the Dodd-Frank bill, issuers were allowed to include the description of the ratings in the offering documents without the consent of the rating firms. Now, they will have to get written permission. And the rating providers are concerned that giving such consent exposes them to liability they haven't been exposed to in the past. Unlike many parts of the larger financial-overhaul bill, these changes go into effect as soon as it is signed into law. The speed of the move has spooked the three firms. All issued statements in recent days saying they will continue to issue bond ratings. But they said they won't allow those ratings to be used in formal documents accompanying bond sales, known as prospectuses and registration statements. One solution to the logjam is for sellers of bonds to offer their deals privately. That means they would offer ratings that can be used in private transactions but not in deals registered with the SEC and sold to the general public. The private market is much smaller and more expensive than the public one. On Friday, S&P, a unit of McGraw-Hill Cos., issued a release saying it would "explore mechanisms outside of the registration statement to allow ratings to be disseminated to the debt markets." ?Aaron Lucchetti contributed to this article. Write to Anusha Shrivastava at anusha.shrivastava at dowjones.com From rforno at infowarrior.org Wed Jul 21 08:02:37 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 21 Jul 2010 09:02:37 -0400 Subject: [Infowarrior] - FCC wakes up on US broadband Message-ID: FCC: 14-24 Million Without Broadband Agency finally takes off their rose-colored glasses. 06:35PM Tuesday Jul 20 2010 by Karl Bode http://www.dslreports.com/shownews/FCC-1424-Million-Without-Broadband-109473 As we've complained about for years, the FCC has traditionally made broadband policy decisions based on flawed and incomplete data. Part of the 1996 Telecom Act required that the agency release quarterly reports on the status of broadband deployment. Unfortunately for consumers, that data has always been essentially useless -- with the FCC declaring any zip code that has just one served broadband customer in it to be "wired" for service. This rose-colored-glasses methodology has dictated FCC policy for years. Our new, more "sciency" FCC is slowly changing that, doing things like actually testing user connections instead of just taking ISP lobbyists at the word in terms of delivered speeds. The FCC's also been studying broadband availability in more detail, and today released their conclusions (see pdf news release and the .doc full study). The report ditches the inaccurate zip code determination, and takes the long-overdue step of bumping the minimum definition of broadband from just 200 kbps, to at least 4 Mbps downstream and 1 Mbps upstream. According to the new, real-data-loving FCC, between 14 and 24 million Americans still lack access to broadband -- with the FCC declaring the chance of them getting it anytime soon to be "bleak." The FCC also found that less than half of all broadband connections are capable of receiving a high definition video stream (even fewer, 2%, can transmit such a stream). "Taking account of the millions of Americans who, despite years of waiting, still have little prospect of getting broadband deployed to their homes, we must conclude that broadband is not being deployed to all Americans in a reasonable and timely fashion," stated FCC chief Julius Genachowski in a statement. Of course admitting you have a problem is only the first step to recovery, and unsurprisingly the FCC recommends a list of things to fix the problem they're already doing. Most of those things are part of the fairly underwhelming national broadband plan, including freeing up more spectrum, fixing the USF, collecting better data, and streamlining access to poles and rights of way. Also like our national broadband plan, the report talks a lot about competition, but none of the recommendations do much in the way of improving it. From rforno at infowarrior.org Wed Jul 21 08:04:04 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 21 Jul 2010 09:04:04 -0400 Subject: [Infowarrior] - Get ready for LightSquared broadband Message-ID: <2AB25CD4-39D1-4406-A58F-53026331064F@infowarrior.org> Get ready for LightSquared broadband (Verizon and AT&T not fans) By Matthew Lasar | Last updated about 14 hours ago http://arstechnica.com/telecom/news/2010/07/get-ready-for-lightsquared-broadband-verizon-and-att-not-fans.ars It's being billed as "the nation's first wholesale-only integrated wireless broadband and satellite network." LightSquared is a new, coast-to-coast 4G-LTE wireless broadband operation backed up by satellite coverage. The company will provide wholesale wireless to ISPs and cable operators?even device makers, content providers, and just about anybody else. And the venture will do so as the "first truly open and net neutral wireless network," according to LightSquared's elatedly worded press release, with build-out expected to produce over 100,000 "direct and indirect private sector jobs within five years." LightSquared will function as "a disruptive force" in U.S. wireless "by democratizing wireless broadband services," the firm's new Chair and CEO Sanjiv Ahuja proclaimed on Tuesday. "We're providing everyone, including underserved communities, with a fast, reliable experience regardless of where they are located in the United States. This network will return our country to its rightful position as a leader in wireless broadband technology and solidify its reputation as the center of global innovation." Anybody can We spoke with LightSquared spokesperson Tom Surface and asked him about that "open and net neutral" phrase. Surface emphasized that those last two words shouldn't be confused with "net neutrality." But the idea is that all comers will be able to buy into LightSquared's capacity on a wholesale basis for resale to the public, even a big-box retail store. "Anybody can use our network," Surface promised. When we suggested Best Buy as a hypothetical wholesale customer, he called that a "good example," but went mum about actual prospects. "We are in direct talks with these potential partners," Surface told us. Still, the potential win here is pretty obvious. By selling wholesale broadband access to entities that you don't usually associate with the broadband business, there's huge potential to get high-speed access into less populated regions where there aren't any traditional ISPs, but are plenty of retailers who might consider filling the gap. I was pleased This consortium came into existence following the Harbinger Capital Partners investment group's acquisition of SkyTerra Communications (now LightSquared). SkyTerra will provide the spectrum for this venture. Nokia Siemens will design the network, install equipment, and manage the operation, which consists of about 40,000 cellular base stations. And the whole shebang will cover over 92 percent of the U.S. population by 2015, the new company pledges. Even FCC Chair Julius Genachowski has given the news his public blessing. "I was pleased to learn of the formation of LightSquared today," Genachowski announced. "This new nationwide 4G wireless broadband network represents more than $7 billion of new investment, with the potential to create more than 100,000 new private-sector jobs within five years. Today's announcement shows that FCC policies are helping grow the U.S. economy by catalyzing investment and job creation." Three conditions That last piece of credit-taking stems from the fact that the Commission approved this deal, although not everybody's crazy about some of the conditions to which Harbinger agreed. Condition one has Harbinger promising that SkyTerra will not enter into an agreement to make its 1525 to 1660.5 MHz band spectrum available to any entity that happens to be "the largest or second largest wireless provider" in the U.S., without receiving prior Commission approval. Those unnamed providers would be AT&T and Verizon, who now rake in over 60 percent of mobile wireless sector revenue, according the FCC's latest mobile competition report. Approval, the fine print adds, "shall be at the sole discretion of the Commission (or one of its Bureaus, acting on delegated authority)." On top of that, SkyTerra will not provide more than 25 percent of its terrestrial network access to those aforementioned providers without the Commission's prior blessing. That's condition three. The point, again, is to "promote competition and more access to the less densely populated areas," Surface reiterated. Big isn't bad Needless to say, AT&T and Verizon take strong exception to these measures, based as they are, AT&T charges, on a "big is bad" set of assumptions about revenue. "Singling AT&T out for disparate secondary market treatment through conditions that create regulatory hurdles that discourage other spectrum holders from attempting to make spectrum or even excess wholesale capacity available to AT&T is simply unacceptable," the company complained to the agency in mid-April. Ditto says Verizon, which has gotten into a bit of a tussle over the issue with smaller carrier Sprint. The latter company supports the network restriction conditions (which would not apply to Sprint, obviously). Like AT&T, Verizon says they should be rescinded, but short of that the company wants them applied to the entire wireless sector. "Verizon Wireless's new proposal," Sprint insists, "is simply a collateral attempt to nullify the narrowly tailored conditions SkyTerra proposed to enhance the public interest benefits of the transaction." The wireless giant's "proposal to extend the conditions across the industry demonstrates its lack of conviction in its own arguments against them." Even various Senators have gotten into the act?Kay Bailey Hutchison (R-TX), Jim DeMint (R-SC) and two others questioning the propriety of the conditions and the FCC's legal authority in this area. The FCC is "presently reviewing" AT&T, Verizon, and Sprint's positions on this issue, Genachowski wrote back to them the same day. According to LightSquare's filings, the venture plans trial market test runs in Phoenix and Denver early next year. From rforno at infowarrior.org Wed Jul 21 09:48:18 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 21 Jul 2010 10:48:18 -0400 Subject: [Infowarrior] - The Web Means the End of Forgetting Message-ID: The Web Means the End of Forgetting http://www.nytimes.com/2010/07/25/magazine/25privacy-t2.html July 19, 2010 The Web Means the End of Forgetting By JEFFREY ROSEN Four years ago, Stacy Snyder, then a 25-year-old teacher in training at Conestoga Valley High School in Lancaster, Pa., posted a photo on her MySpace page that showed her at a party wearing a pirate hat and drinking from a plastic cup, with the caption ?Drunken Pirate.? After discovering the page, her supervisor at the high school told her the photo was ?unprofessional,? and the dean of Millersville University School of Education, where Snyder was enrolled, said she was promoting drinking in virtual view of her under-age students. As a result, days before Snyder?s scheduled graduation, the university denied her a teaching degree. Snyder sued, arguing that the university had violated her First Amendment rights by penalizing her for her (perfectly legal) after-hours behavior. But in 2008, a federal district judge rejected the claim, saying that because Snyder was a public employee whose photo didn?t relate to matters of public concern, her ?Drunken Pirate? post was not protected speech. When historians of the future look back on the perils of the early digital age, Stacy Snyder may well be an icon. The problem she faced is only one example of a challenge that, in big and small ways, is confronting millions of people around the globe: how best to live our lives in a world where the Internet records everything and forgets nothing ? where every online photo, status update, Twitter post and blog entry by and about us can be stored forever. With Web sites like LOL Facebook Moments, which collects and shares embarrassing personal revelations from Facebook users, ill-advised photos and online chatter are coming back to haunt people months or years after the fact. Examples are proliferating daily: there was the 16-year-old British girl who was fired from her office job for complaining on Facebook, ?I?m so totally bored!!?; there was the 66-year-old Canadian psychotherapist who tried to enter the United States but was turned away at the border ? and barred permanently from visiting the country ? after a border guard?s Internet search found that the therapist had written an article in a philosophy journal describing his experiments 30 years ago with L.S.D. According to a recent survey by Microsoft, 75 percent of U.S. recruiters and human-resource professionals report that their companies require them to do online research about candidates, and many use a range of sites when scrutinizing applicants ? including search engines, social-networking sites, photo- and video-sharing sites, personal Web sites and blogs, Twitter and online-gaming sites. Seventy percent of U.S. recruiters report that they have rejected candidates because of information found online, like photos and discussion-board conversations and membership in controversial groups. < -- > From rforno at infowarrior.org Wed Jul 21 10:50:53 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 21 Jul 2010 11:50:53 -0400 Subject: [Infowarrior] - Clapper: Military Intel Budget to be Disclosed Message-ID: <363FD5C6-4D22-4605-B762-E504CF333256@infowarrior.org> Clapper: Military Intel Budget to be Disclosed July 21st, 2010 by Steven Aftergood http://www.fas.org/blog/secrecy/2010/07/clapper_mip.html The size of the annual budget for the Military Intelligence Program (MIP), which has been classified up to now, will be publicly disclosed, said Gen. James R. Clapper, Jr., the nominee to be the next Director of National Intelligence. He said that he had personally advocated and won approval for release of the budget figure. ?I pushed through and got Secretary [of Defense Robert M.] Gates to approve revelation of the Military Intelligence Program budget,? Gen. Clapper told Senator Russ Feingold at his confirmation hearing before the Senate Intelligence Committee yesterday. Since 2007, the DNI has declassified and disclosed the size of the National Intelligence Program (NIP) at the end of each fiscal year, in response to a legislative requirement. But despite its name, the NIP is not literally the whole ?national intelligence program.? Rather, it is one of the two budget constructs, along with the MIP, that make up the total U.S. intelligence budget. Thus, when former DNI Dennis Blair said last September that the total intelligence budget was around $75 billion, he was referring to the sum of the NIP (which was $49.8 billion at that time) plus the MIP. ?I thought, frankly, we were being a bit disingenuous by only releasing or revealing the National Intelligence Program, which is only part of the story,? said Gen. Clapper. ?And so Secretary Gates has agreed that we could also publicize that [i.e., the MIP budget]. I think the American people are entitled to know the totality of the investment we make each year in intelligence.? The MIP budget figure has not yet been formally disclosed. A Freedom of Information Act request for the number that was filed in October 2009 by the Federation of American Scientists remains open and pending. From rforno at infowarrior.org Wed Jul 21 12:53:51 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 21 Jul 2010 13:53:51 -0400 Subject: [Infowarrior] - Dell ships motherboard with malicious code Message-ID: <1642C568-4DFF-4E5E-93F2-7CA568936966@infowarrior.org> http://www.zdnet.com/blog/security/dell-ships-motherboard-with-malicious-code/6901?tag=nl.e550 Dell ships motherboard with malicious code By Ryan Naraine | July 21, 2010, 8:37am PDT Dell has confirmed that some of its PowerEdge server motherboards were shipped to customers with malware code on the embedded server management firmware. The infected motherboard was found on replacement Dell PowerEdge R410 rack servers, according to a post on a Dell support forum. A Dell representative confirmed the issue after a customer received a call warning about the infected motherboard. As part of Dell?s quality process, we have identified a potential issue with our service mother board stock, like the one you received for your PowerEdge R410, and are taking preventative action with our customers accordingly. The potential issue involves a small number of PowerEdge server motherboards sent out through service dispatches that may contain malware. This malware code has been detected on the embedded server management firmware as you indicated. We take matters of information security very seriously and believe that any impact to a customer?s information security is unlikely. To date we have received no customer reports related to data security. Systems running non-Windows operating systems are not vulnerable to this malware and this issue is not present on motherboards shipped new with PowerEdge systems. The company did not provide any additional details From rforno at infowarrior.org Wed Jul 21 22:24:20 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 21 Jul 2010 23:24:20 -0400 Subject: [Infowarrior] - More doctored BP photos come to light Message-ID: <8C93E69B-5756-4EBE-88D7-314E87398DF1@infowarrior.org> More doctored BP photos come to light By Steven Mufson Washington Post Staff Writer Wednesday, July 21, 2010; 8:54 PM http://www.washingtonpost.com/wp-dyn/content/article/2010/07/21/AR2010072105833_pf.html The search for doctored BP photos is on. And it's a bit like finding Waldo in the famous game. On Wednesday, for the second time this week, a blog has identified an altered photograph about BP's oil spill response on the company's Web site. The Gawker Web site said it received a tip about a BP photo, taken from inside a helicopter, that shows a panorama of vessels working on the sea surface near the damaged well. The view through the windows makes it appear as though the helicopter is in the air. But the astute tipster noticed a small glimpse of a control tower in a corner of the photograph. A poor Photoshop job left some white space around the shoulder of one of the pilots next to a patch of sea that was a brighter shade of blue than other parts of the gulf. In addition, zooming in on the helicopter's gauges reveals that the helicopter is not in the air at all; the dashboard indicates that the door and ramp are open and the parking brake engaged, Gawker noted. The pilot appears to be holding a pre-flight checklist. BP spokesman Scott Dean sent The Post the original photograph. The Waldos don't jump out at you. The helicopter was actually on the deck of a vessel at the spill site so the panorama of ships in the distance was there in the original photo. But the photographer, who is working on contract to BP, pasted in blue sea where the edge of the landing pad was showing. He also adjusted colors and contrast so that the interior of the helicopter was brighter, Dean said. While the changes were minor, the embarrassment was major, coming at a time when the oil giant is trying to convince the American public that it is being open and transparent about the oil spill. The helicopter photo is the third doctored BP image outed by bloggers this week. Earlier, Americablog.com noticed that BP had altered an image of its crisis response center in Houston. The company's photographer had clumsily filled in blank spaces on a wall of subsea video feeds with images taken by some of the remotely operated vehicles. It is normal for some of those ROVs to be idle and to have some blank feeds. Americablog also exposed an altered image from the Houston office, showing a technical team in front of a large projection screen. The image on the projection screen had been enhanced using Photoshop. BP's Dean also provided the original of that photo to The Post. In the original, the screen appears to be entirely white because of the light contrast with the rest of the room. Dean said that the photographer used "the color saturation tool" to show "a clearer version of the same image on the projection screen." Dean said that the altered helicopter and headquarters photographs, like the doctored one of the Houston control room, would be promptly taken down from the BP Web site. The original and altered versions would be placed on BP's Flickr site so people can compare them, Dean said. From rforno at infowarrior.org Thu Jul 22 07:15:17 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 22 Jul 2010 08:15:17 -0400 Subject: [Infowarrior] - The World's Worst Counterterrorism Ideas Message-ID: The World's Worst Counterterrorism Ideas As the Washington Post explores the unwieldy and unaccountable intelligence sector developed in the United States since the 9/11 attacks, here's a look at some even less efficient ways of combating militants around the world. BY JOSHUA E. KEATING | JULY 20, 2010 http://www.foreignpolicy.com/articles/2010/07/20/the_worlds_worst_counterterrorism_ideas DIAL "M" FOR MILITANT Country: Germany Scheme: Germany estimates that it now contains as many 29 radical Islamist organizations with some 36,000 members. These figures include the so-called "German Taliban," which is said to have recruited fighters for militant groups in Pakistan. To combat this growing radicalization, the country's domestic intelligence agency recently announced that it is setting up a new "exit program," including a telephone hotline for militants who are looking for a way to get out. The program, called "HATIF" -- or "phone" in Arabic -- aims to help radicals transition out of militant organizations by finding them jobs or relocating them. The hotline staff will be fluent in German, Arabic, and Turkish. In announcing the hotline, Interior Minister Thomas de Maizi?re warned the public to keep its expectations low -- and his caution is probably justified. HATIF is based on a German program from the early 2000s aimed at deradicalizing neo-Nazi youth. Despite the call center's best efforts, however, only a few dozen low-level skinheads out of the country's estimated 33,000 took advantage. THE ONE-WEEK DERADICALIZATION PLAN Country: Yemen Scheme: Yemen was once considered a leader in terrorist rehabilitation, after the government set up one of the first rehab programs following the 9/11 attacks. Unfortunately the program, known as the Committee for Religious Dialogue, proved to be a complete disaster. As part of the program, hundreds of radical prisoners in Yemeni prisons engaged in "theological duels" with religious counselors, who urged them to renounce violence -- a process that generally lasted only a few days. Once the debriefing was over, the men were released into society with no support or follow-up. More troublingly, the counseling tended to focus on convincing the militants that Yemen was an Islamic state and receiving their assurances that they would refrain from carrying out attacks within the country. Discouraging militant activity elsewhere was not a priority. Perhaps not surprisingly, the program had a high recidivism rate: Some distinguished alumni were killed while fighting U.S. forces in Iraq, and many others remain unaccounted for. Due to a lack of funding and political will, the program was cancelled in 2005. In counterterrorism circles, Yemen is now best known for releasing some of the world's most dangerous militants from jail, including the American-born cleric Anwar al-Alwaki, who reportedly counseled both Ft. Hood shooter Nidal Malik Hasan and the "Christmas bomber" Umar Farouk Abdulmutallab. THE NAME GAME Country: Pakistan Scheme: For many years, militant front groups in Pakistan were able to take advantage of a loophole in a 1997 anti-terrorism law to hide in plain sight -- so long as they changed their name. The law treated groups with new names as entirely different groups, even if they were founded by the same members. Lashkar-e-Taiba, for instance, the anti-Indian militant group blamed for the 2008 Mumbai attacks, was first banned by Pakistan in 2002. But many of its leaders continued operating under the new name Jamaat-ud-Dawa. When that group was sanctioned by the United Nations in 2008, the Pakistani government cracked down and members rebranded themselves as "Tehreek-e-Hurmat-e-Rasool." Most recently, senior members of the group were holding rallies under the name "Tehreek-e-Tahafuz Qibla Awal." To close down the loophole, the Pakistani government amended the law in late 2009 to say that a group formed by members of another banned group with the same aims would also be banned. FAMILY TIES Countries: Chechnya, Russia Scheme: Beginning soon after the 2004 Beslan school massacre, the regional government of Chechnya began a policy of punishing militants by targeting their families. That year, eight relatives of Chechen separatist leader Aslan Maskhadov were detained in a small room for six months and tortured with beatings and electric current. Relatives of other militant leaders simply disappeared. Lately, authorities have adopted a new tactic -- burning down the houses of militants' families. While only top leaders used to be targeted for this treatment, Human Rights Watch documents 26 cases of punitive arson between June 2008 and March 2009. Moscow-backed Chechen President Ramzan Kadyrov hasn't exactly gone out of his way to deny responsibility; he has publicly warned the families of militants that they can expect punishment unless they turn their relatives in. Kadyrov's tactics are proving popular. Regional authorities in neighboring Dagestan have also taken to threatening villages with destruction unless they turn militants in. But the measures appear to have little effect, as the deadly attacks in the Caucasus and Russia continue. PRISON MADRASSAS Countries: Algeria, Egypt, Jordan, Syria Scheme: Throughout the Middle East, mass arrests are a popular strategy for suppressing Islamist movements. The problem is, locking up large groups of radicals in a room together is not necessarily the best way to keep their ideology from spreading. Egyptian prisons, where the father of modern militant Islam, Sayyid Qutb, wrote his most influential works during the 1950s, and al Qaeda No. 2 Ayman al-Zawahiri was radicalized, currently hold somewhere between 5,000 and 10,000 political prisoners. These include members of the banned but relatively nonviolent Muslim Brotherhood and partisans of more militant groups like Egyptian Islamic Jihad. Rounding up the usual suspects is also a popular tactic in Jordan, where human rights groups say prisoner abuse is widespread. Jihadist groups are thought to have established extensive networks in Jordanian prisons, at times even organizing simultaneous riots in multiple prisons. Abu Musab al-Zarqawi, who went on to lead al Qaeda in Iraq, is said to have been radicalized during a prison stint in the late 1980s that turned him from a petty drug user into a committed Islamist militant. Mass arrests have also been used to crack down on Islamist movements in Algeria, Saudi Arabia, Syria and elsewhere -- with, mostly likely, similar degrees of success. Of course, it's not that prison never works. Sayyid Imam al-Sharif, the former al Qaeda early adopter, began to publish books critical of his old militant friends once he was locked up for life in the Egyptian prison system. From rforno at infowarrior.org Thu Jul 22 07:19:12 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 22 Jul 2010 08:19:12 -0400 Subject: [Infowarrior] - 101 Patterns for Influencing Behaviour Through Design Message-ID: Rather nifty (and free!) food-for-thought on how to influence others. -rick Design with Intent: 101 Patterns for Influencing Behaviour Through Design http://danlockton.com/dwi/Download_the_cards From rforno at infowarrior.org Thu Jul 22 12:11:19 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 22 Jul 2010 13:11:19 -0400 Subject: [Infowarrior] - =?windows-1252?q?What=92s_Secret_in_=91Top_Secret?= =?windows-1252?q?_America=3F=92?= Message-ID: <3693C64F-D247-4985-B9D8-39134AC85E40@infowarrior.org> Campaign Desk ? July 22, 2010 10:34 AM What?s Secret in ?Top Secret America?? The Washington Post didn?t really tell us anything new By Joshua Foust http://www.cjr.org/campaign_desk/whats_secret_in_top_secret_ame.php?page=all&print=true Here?s a neat exercise: with the obvious exception of some interviews with corporate and agency spokesman, and a bizarre interview with a girlfriend in a bar, try to find something in The Washington Post?s ?Top Secret America? that isn?t on Google. You won?t find much. Some contractors seem to have more money than they know what to do with? Written about five years ago in Mother Jones. There?s been a massive build up of secret facilities? The Washington Post itself covered that last year as well, when it noted all the secret buildings and communications infrastructure in the Tysons Corner area of Northern Virginia made it difficult to expand the Metro. Sometimes intelligence analysts can be jerks to their girlfriends? Well? Indeed, it is truly remarkable how little new information ?Top Secret America? presents. The last entry in the three-part series, ?The Secrets Next Door,? discusses what the NSA does in its massive sprawl of buildings in Ft. Meade, MD: cryptology, eavesdropping, linguistics, and so on. It sounds scary, but that?s all publicly available on the NSA website. You don?t need special access to see, as the paper points out in ?National Security, Inc.,? that the entirety of the Dulles Toll Road is lined with military and intelligence contractors?as journalist Tim Shorrock has noted, you can drive around in your car, unrestricted, and see all of these buildings. Authors Dana Priest and Bill Arkin make a point to remind readers that they aren?t posting addresses or identifying buildings of any agencies? but even the supposedly secret Liberty Crossing, which houses the National Counterterrorism Center and the Director of National Security, is easily found in Google Maps based on their description (you can even see the entrance to the facility in Street View). The Post has made it very clear that they are performing a public service in providing all of this information, and in one sense they are: their work has made public information about the intelligence community (IC) much more accessible for regular people who wish to understand it. But so what? The series lacks the context, scope, and inquisitive spirit necessary to help people better understand what this information means, and how alarmed they should be by it all. Priest and Arkin have written in their stories that agencies have grown out of control? and that could easily be true, but where is the line? Is the NSA an acceptably-sized organization with 10,000 employees, but not with 10,001? They state that contracting firms routinely perform jobs that are ?inherently governmental functions,? to borrow the legal term. Only Priest and Arkin never define what they think that term means (it?s legally somewhat nebulous), nor do they provide examples of contractors performing said un-contractable work. Let?s look at the sheer size of the IC. No one could possibly deny it has grown enormously in the last eight years. I noted earlier this week that the IC?s growth didn?t happen in a vacuum: it took place at the behest of Congress and the public, demanding ?more? intelligence to counter the global counter-terror threat. The use of contractors has grown because the IC?s mission has expanded tremendously, but the ease of hiring permanent employees has not. It is healthy to question why these two dynamics are at play. Why do we demand the IC perform more tasks, then restrict its ability to hire employees, then complain when it contracts out work to compensate? Is it even appropriate to give the IC such an expanded mission? If so, how can we modify how the community as a whole functions to reduce waste? Priest and Arkin ask none of these questions. In fact, it?s not clear what they were asking. In the piece about intelligence contractors, we hear some eye-popping stories: cleared contractors can fetch $50,000 finders? fees, some companies reward their employees with BMWs, Mercedes-Benzes, and signing bonuses of $15,000, and so on. But there?s no indication such practices are widespread: Priest and Arkin simply say such things are ?common,? and cite ?industry insiders? as their source. Let?s unpack that $15,000 signing bonus. Priest and Arkin say it was for a group of software developers hired at Raytheon, a large firm that provides missile technology and computer security systems to the government. According to Glassdoor.com, a software development engineer at Microsoft can expect bonuses of up to $45,000 in a single year, when cash and stock bonuses are accounted for. A one-time $15,000 bonus merely for joining a company is relatively paltry in comparison, however enormous it might seem on its own. Private companies are not the only members of the intelligence community that offer surprising perks to their employees. The CIA recently emerged from a lawsuit against a onetime recruit who billed the agency for $13,500 in moving expenses but then declined to take the job. A federal judge ruled the CIA?s lawyers committed fraud in the lawsuit, and instructed the CIA?s general counsel to ?initiate an investigation into the actions that took place in this matter and whether there exists a pattern and practice of abuse by the CIA with respect to debt collection.? Yet few complain about suspicions that the CIA routinely hassles and defrauds young college graduates. You wouldn?t learn these things from ?Top Secret America.? That?s because much of it is written without context?there is outrage there, but Priest and Arkin never say what we should be outraged about. The growth of the intelligence contracting universe is indeed worrying, but not for the reasons Priest and Arkin state: it?s not the size that matters, but how manageable it is. They say it is unmanageable, but don?t say how or why (there are hints, as when Vice Adm. David Dorsett, the Director of Naval Intelligence, reveals he was able to convert only one single contractor to a government position over the course of an entire year, but Priest and Arkin don?t follow through on what that means). Priest and Arkin write that, near Ft. Meade, employees and contractors who work for the TSA can?t function in normal life: they walk around hunched over, unable to blend into a Borders book store, advertising their presence with drone-like haircuts and suits. In one particularly bizarre section, we learn that Jeanie Burns, the girlfriend of one long-time NSA employee, says her boyfriend won?t travel with her, doesn?t like to go out, and doesn?t do anything interesting. ?I feel cheated,? she says. Priest and Arkin never say why we should care. They don?t ask if we actually get good analysis from people so incapable of existing in normal social settings (we probably do for some things, like cryptology, but probably don?t for other things, like radicalizing cultural and social movements). Priest and Arkin said that, in bars near Ft. Meade, undercover agents circulate among the unwinding employees to make sure they don?t say anything untoward, but they don?t wonder why the NSA feels it necessary to flood bars with secret agents, or what possible effect it could have either on the analytic community?how could such severe paranoia not severely affect one?s quality of life??or the broader residential community of Ft. Meade. They just say that it happens, and move on. There are other worrying aspects to the proliferation of contractors in the IC: often, the contractors don?t play well with the government employees. Secretary of Defense Bob Gates said, ?You want somebody who?s really in it for a career because they?re passionate about it and because they care about the country and not just because of the money.? As if contractors only care about paychecks and government employees only care about passion and patriotism. The statement could easily be reversed: IC software developers, as one example, work for far less than their peers in Silicon Valley because they are passionate and care about the country, while government employees prefer the job security and greater comp. time. Either statement essentializes and trivializes the real dynamics at play between contractors and ?govvies,? as they?re often called. ?I hear the contractors complaining about the govt employees who can?t be fired, get fat benefits and don?t do any work,? someone asked Priest on the Post?s comment page.? I hear the govt employees complaining about the overpaid contractors who perpetuate padded contracts rather than finish anything. What did your reporting find?? ?We did not dig into that in this series but thanks for your thoughts,? Priest wrote back. That essentially summarizes what ?Top Secret America? does: it kind of highlights what?s going on, but doesn?t say why it matters. It is outrage without focus, public service without purpose. While ?Top Secret America? gives us a sense of the scale of the Intelligence Community, it doesn?t help us understand why it?s a problem, how it became a problem, or even what regular people could possibly do about it. From rforno at infowarrior.org Thu Jul 22 13:03:37 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 22 Jul 2010 14:03:37 -0400 Subject: [Infowarrior] - Political Appointees Vetted DHS Public Records Requests Message-ID: That's not "change you can believe in" but rather "change you can choke on." -rick Report: Political Appointees Vetted DHS Public Records Requests ? By Kim Zetter ? July 22, 2010 | ? 3:13 am | ? Categories: Sunshine and Secrecy http://www.wired.com/threatlevel/2010/07/foia-filtered/ Contrary to the Obama administration?s promised commitment to open government, the Department of Homeland Security, in a highly irregular move, filtered hundreds of public records requests through political appointees, allowing them to examine what was being requested and delay releasing sensitive material, according to internal e-mails obtained by the Associated Press. The political appointees were allowed to vet records requests that were deemed politically sensitive and require career employees to provide them with information about who requested records ? for example, where the requester lived and worked, whether the requester was a private citizen or journalist and, in the case of congressional representatives, whether they were Republican or Democrat. The DHS issued a directive to employees in July 2009 requiring a wide range of public records requests to pass through political appointees for vetting. These included any requests dealing with a ?controversial or sensitive subject? or pertaining to meetings involving prominent business leaders and elected officials. Requests from lawmakers, journalists, and activist and watchdog groups were also placed under this scrutiny. The reviewers included Homeland Secretary Janet Napolitano?s top staff members, including her deputy chief of staff, senior department lawyer and deputy director of scheduling. Although the vetting did not prevent information that should have been released from getting released, the AP noted, it did cause numerous delays ? sometimes lasting weeks ? in releasing records to Congress, watchdog groups and reporters. The delays led some department officials to worry about potential lawsuits, according to one internal e-mail the AP obtained. ?All this article points out is that senior leadership had visibility into FOIA releases to enable the department to be as responsive as possible to requests from the press and other stakeholders, especially as it pertained to documents generated during the previous administration,? DHS spokeswoman Amy Kudwa told Threat Level in an e-mail statement. She noted that the department, under the Obama administration, had reduced a FOIA backlog inherited from the Bush administration from 74,879 requests at the end of fiscal year 2008 to just 12,406 requests as of January of this year and had also reduced the typical processing time for requests. The practice began just six months after President Obama vowed in a speech to reform the way the government responded to public records requests in order to make more records available to the public and make them available more swiftly. In January 2009 during a staff swearing-in ceremony, Obama cited the Freedom of Information Act (FOIA) as one of the most important tools of oversight the nation possesses and called on all government agencies to lean toward transparency. Obama asserted that no one should ever withhold information out of political expediency or simply because it might expose embarrassing information about departments or officials. ?For a long time now, there?s been too much secrecy in this city,? he said. Under the FOIA, the government is required to release requested records unless they would harm national security, violate privacy rights protected by statute or conflict with specific exemptions enacted by Congress. The e-mails obtained by the AP, however, reveal that political appointees were less interested in vetting record requests for these reasons than for determining ? based on the kinds of requests coming in ? what areas of the government might be under scrutiny. Knowing what records journalists were requesting might help the administration prepare a response in anticipation of a news story. For example, the e-mails show concern about making sure the department didn?t release information about Obama?s father without first coordinating with the White House. The practice created ill-will among career employees who resented the interference of political appointees and were often unclear what information was supposed to be passed by the appointees for review, according to the news report. In its defense, the DHS said that fewer than 500 FOIA requests, out of more than 100,000 submitted during the last fiscal year, were diverted to political appointees for scrutiny. The department reportedly halted the practice earlier this month at the same time it handed over its internal e-mails to the AP. The Office of Inspector General is now looking into the matter to determine if there is any evidence of wrongdoing, according to the news service. The White House says it was not involved in creating the DHS directive. A new policy replacing the directive says that records can now be released without the approval of Napolitano?s political advisers but must at least be submitted to them three days before the records are released to the requester. From rforno at infowarrior.org Thu Jul 22 17:18:36 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 22 Jul 2010 18:18:36 -0400 Subject: [Infowarrior] - A radical idea for airline security Message-ID: <50A3C446-E231-4205-A7C8-D79833088473@infowarrior.org> www.chicagotribune.com/news/opinion/ct-oped-0718-chapman-20100718-column,0,4938227.column chicagotribune.com A radical idea for airline security The government shouldn't decide who can fly Steve Chapman July 18, 2010 If a job not worth doing is going to be done anyway, better for it to be done well than badly. So the Transportation Security Administration deserves credit for its Secure Flight program, aimed at curbing mistakes on its no-fly list. The American Civil Liberties Union, likewise, warrants praise for suing on behalf of travelers who were wrongly snared. But there is a better option that would eliminate this problem, as well as others: Get rid of the no-fly list entirely. For that matter, get rid of the requirement that passengers provide government-approved identification just to go from one place to another. Americans have a constitutionally protected right, recognized by the U.S. Supreme Court, to travel freely. They also have the right not to be subject to unreasonable searches and other government intrusions. But in the blind pursuit of safety, we have swallowed restrictions on travel and infringements on privacy we would never tolerate elsewhere. The no-fly list is a punishment in search of a crime. As Richard Sobel, a director of the Cyber Privacy Project and a scholar at Northwestern University, points out, it inflicts a penalty without a trial or any other form of due process. The TSA doesn't say what it takes to get on the list, and it doesn't make it crystal clear how to get off. If it acts in an arbitrary or malicious way, the victim has little recourse except appealing to the agency's better angels. But the whole idea behind the list doesn't make much sense. Supposedly, we have hundreds or even thousands of U.S. residents who are too dangerous to be allowed on a plane ? but safe enough to be trusted in all sorts of other places (subway trains, sports venues, shopping malls, skyscrapers) where someone carrying a bomb or a gun could wreak havoc. If those on the list are truly dangerous, the government should arrest and prosecute them, with their guilt decided by the courts. If they are not dangerous enough to arrest, they should have the same freedom to travel as everyone else. We don't prohibit all ex-convicts from flying. How can we justify barring people convicted of nothing? But there is a broader problem. If the federal government began requiring every citizen to provide identification for each trip in a car or ride on a bus, there would be a mass uprising. Somehow, though, Americans have come to see commercial air travel as a privilege to be dispensed by the government. It was not always so. Not so many years ago, Sobel notes, you could show up without a reservation or a ticket at Washington's National Airport (now Reagan National Airport), walk onto the hourly shuttle to LaGuardia, take a seat and pay your fare in cash. No one knew who you were, and no one cared. But in 1995, Washington mandated that all travelers show government-approved identification before boarding a flight. The freedom to travel without federal permission was gone. The no-fly list further limited that liberty. After 9/11, the requirement served the purpose of helping keep violent fanatics off airliners. What no one seems to notice is that other improvements in security have made this one a needless burden. The government required airlines to install reinforced cockpit doors to keep hijackers from taking the controls. It tightened security rules ? banning penknives, lighters, ski poles, snow globes, and liquids except in tiny bottles. It initiated random pat-downs of travelers and gave extra scrutiny to those who did suspicious things. It deployed thousands of armed air marshals. Equally important, travelers changed their mindset, meaning that terrorists can no longer count on passive victims. On several occasions ? starting with United Flight 93 on 9/11 ? passengers have acted to foil attacks. With all these layers of protection in place, the rationale for the no-fly list has crumbled. Even if someone on the list can get on a plane, his chance of taking it over or bringing it down is very close to zero. And you know the other good thing? The same holds for an aspiring terrorist who doesn't make the list. The government's tedious insistence on identifying all travelers and grounding some may convey an illusion of security. But we could live ? and I do mean live ? without it. Steve Chapman is a member of the Tribune's editorial board and blogs at chicagotribune.com/chapman schapman at tribune.com Copyright ? 2010, Chicago Tribune From rforno at infowarrior.org Thu Jul 22 21:07:35 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 22 Jul 2010 22:07:35 -0400 Subject: [Infowarrior] - U.S. credit card agreements unreadable to 4 out of 5 adults Message-ID: <25A7696E-DFD7-4C78-A14E-F2E34CCDB031@infowarrior.org> U.S. credit card agreements unreadable to 4 out of 5 adults Contracts written at a reading level most can't understand By Connie Prater Wonder why you can't seem to make it through your credit card agreement? It's heavy reading: A CreditCards.com analysis found that the average U.S. credit card agreement is written on a 12th grade reading level, three grades above the average American's reading level. Credit card agreements are written on average at a 12th grade reading level, making them not understandable to four out of five adults, according to a CreditCards.com analysis of all the agreements offered by major card issuers in the United States. < -- > http://www.creditcards.com/credit-card-news/credit-card-agreement-readability-1282.php From rforno at infowarrior.org Fri Jul 23 06:56:11 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 23 Jul 2010 07:56:11 -0400 Subject: [Infowarrior] - The case for 'stealing' music Message-ID: Seeing this kind of cr--p makes me want to rush out and encourage everyone to pirate, share, and distribute 'copyrighted' materials, if for no other reasons than on principle (which this company apparently has none) and to support creativity enacted for noble purposes as evidenced by this little girl. You think this girl is going to think twice about doing something similar in the future? Of course she will......which is quite sad, in my view. Charity, schmarity, when it comes to copyright-law. -rick Copyright Used To Silence 10-Year-Old Girl Raising Money For Charity from the promoting-progress-all-around dept Rob H was the first of a few of you to send in the story of how a music publishing company, Bourne Music Publishers, threatened 10 year-old actress Bethany Hale, for creating a short video of her acting as Charlie Chaplin accompanied by her singing the song Smile, which was the theme for Chaplin's 1936 film Modern Times. Hale had created the video and posted it to the charity site JustGiving as part of a campaign to raise money for a hospice. Modern times indeed. Of course, when Chaplin wrote the song, he was given a government-granted monopoly that he knew would put his work in the public domain by now. Until the government and lobbyists extended copyright again and again and again. Either way, Bourne Music Publishers apparently doesn't care much for charity. It demanded $2,000, plus another $200 every time she performed the song. That certainly would take away from the hospice that she was trying to raise money for, so now her Chaplin appreciation film is a Chaplin-style silent film instead. http://techdirt.com/articles/20100722/09434710323.shtml From rforno at infowarrior.org Fri Jul 23 07:04:27 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 23 Jul 2010 08:04:27 -0400 Subject: [Infowarrior] - Oz Gov redacts 90% of websnoop policy plans Message-ID: <8FF71C2B-2A7D-4633-A43F-BD38C15CAC04@infowarrior.org> No Minister: 90% of web snoop document censored to stop 'premature unnecessary debate' http://www.theage.com.au/technology/technology-news/no-minister-90-of-web-snoop-document-censored-to-stop--premature-unnecessary-debate-20100722-10mxo.html The federal government has censored approximately 90 per cent of a secret document outlining its controversial plans to snoop on Australians' web surfing, obtained under freedom of information (FoI) laws, out of fear the document could cause "premature unnecessary debate". The government has been consulting with the internet industry over the proposal, which would require ISPs to store certain internet activities of all Australians - regardless of whether they have been suspected of wrongdoing - for law-enforcement agencies to access. All parties to the consultations have been sworn to secrecy. Industry sources have claimed that the controversial regime could go as far as collecting the individual web browsing history of every Australian internet user, a claim denied by the spokesman for Attorney-General Robert McClelland. The exact details of the web browsing data the government wants ISPs to collect are contained in the document released to this website under FoI. The document was handed out to the industry during a secret briefing it held with ISPs in March. But from the censored document released, it is impossible to know how far the government is planning to take the policy. The government is hiding the plans from the public and it appears to want to move quickly on industry consultation, asking for participants to respond within only one month after it had held the briefings. ------------------------------------------ See the highly-censored document (PDF, 3.60MB) See government reasons for censoring it (PDF, 3.23MB) ------------------------------------------ The Attorney-General's Department legal officer, FoI and Privacy Section, Claudia Hernandez, wrote in her decision in releasing the highly censored document that the release of some sections of it "may lead to premature unnecessary debate and could potentially prejudice and impede government decision making". Hernandez said that the material in question related to information the department was "currently weighing up and evaluating in relation to competing considerations that may have a bearing on a particular course of action or decision". "More specifically, it is information concerning the development of government policy which has not been finalised, and there is a strong possibility that the policy will be amended prior to public consultation," she wrote. Further, she said that although she had acknowledged the public's right to "participate in and influence the processes of government decision making and policy formulation ... the premature release of the proposal could, more than likely, create a confusing and misleading impression". "In addition, as the matters are not settled and proposed recommendations may not necessarily be adopted, release of such documents would not make a valuable contribution to public debate." Hernandez went further to say that she considered disclosure of the document uncensored "could be misleading to the public and cause confusion and premature and unnecessary debate". "In my opinion, the public interest factors in favour of release are outweighed by those against," Hernandez said. The "data retention regime" the government is proposing to implement is similar to that adopted by the European Union after terrorist attacks several years ago. Greens Communications spokesman Scott Ludlam said the excuse not to release the proposal in full was "extraordinary". Since finding out about the scheme, he has launched a Senate inquiry into it and other issues. "The idea that its release could cause 'premature' or 'unnecessary' debate is not going to go down well with the thousands of people who have been alarmed by the direction that government is taking," he said in a telephone interview. "I would really like to know what the government is hiding in this proposal," he said, adding that he hoped that the Attorney-General's Department would be "more forthcoming" about the proposal in the senate inquiry into privacy he pushed for in June. Deputy Leader of the Opposition in the Senate, George Brandis, said the government?s decision to censor the documents showed ??how truly Orwellian this government has become". "To refuse disclosure of material that had already been circulated among stakeholders, on an issue of intense current political debate on the ground that it might provide unnecessary discussion, shows that the Gillard government has become beyond satire," Brandis said. Online users' lobby group Electronic Frontiers Australia spokesman Colin Jacobs said what was released was "a joke". "We have to assume the worse," he said. "And that is that the government has been badgering the telcos with very aggressive demands that should worry everybody." Jacobs said that the onus was now on government to "explain what data they need, what problem it solves and, just as importantly, why it can't be done in an open process". "The more sensitive the process and the data they want, the more transparent the government needs to be about why it wants that data," he said. "Nobody could argue that public consultation ... would somehow help criminals," he added. "We have to turn the age-old question back on the government: if you don?t have anything to hide, then you shouldn't be worried about people having insight into the consultation. "This is a very sensitive and important issue. It raises huge questions about privacy, data security and the burden of increased costs to smaller internet service providers. What really needs to be debated is what particular information they want, because that's where the privacy issue rears its ugly head," he said. According to one internet industry source, the release of the highly censored document was "illustrative of government's approach to things where they don't want people to know what they're thinking in advance of them getting it ready to package for public consumption". "And that?s worrying." The Attorney-General's spokesman declined to comment, referring comment to the department. The department said it had "nothing to add" to the FOI letter it provided. You can follow the author on Twitter @bengrubb or email bgrubb at smh.com.au. From rforno at infowarrior.org Fri Jul 23 17:35:19 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 23 Jul 2010 18:35:19 -0400 Subject: [Infowarrior] - DroidX rooted (instructions) Message-ID: (there's a zipfile inked to this forum post, for those interested. -rick) We haz Rootz! http://www.droidxforums.com/forum/droid-x-hacks/1314-we-haz-rootz.html Step 1: Set up ADB Step 2: Push exploid to /sqlite_stmt_journals "adb push exploid /sqlite_stmt_journals" Step 3: type "adb shell" Step 4: type "cd sqlite_stmt_journals" Step 5: type "chmod 755 exploid" Step 6: type "./exploid" and follow directions on screen Step 7: type "rootshell" Step 8: type in password "secretlol" Step 9: your in root! Step 10: mount your sdcard to pc and put Superuser.apk and su in the sdcard Step 11: unmount sdcard Step 12: in adb (make sure your still in root with the # sign) type in: - cp /sdcard/Superuser.apk /system/app/Superuser.apk - cp /sdcard/su /system/bin/su - chmod 4755 /system/bin/su your done! feel free to kill the bloat apps snd such ; NOTE: it might be a smart idea to do "rm /system/bin/rootshell" after you have su and superuser in place as ANY program will have access to your root if you leave it (cause everyone will know the password) From rforno at infowarrior.org Fri Jul 23 17:40:59 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 23 Jul 2010 18:40:59 -0400 Subject: [Infowarrior] - OT: Latest Tron Legacy trailer Message-ID: Get your geek on!!! End of line. -rick Here?s the latest Tron Legacy trailer and you must watch it http://www.crunchgear.com/2010/07/22/heres-the-latest-tron-legacy-trailer-and-you-must-watch-it/ From rforno at infowarrior.org Sat Jul 24 10:41:48 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 24 Jul 2010 11:41:48 -0400 Subject: [Infowarrior] - Certified Lies: Big Brother In Your Browser Message-ID: Certified Lies: Big Brother In Your Browser Government capable of wiretapping millions of encrypted sessions, including those secured by IE, Microsoft?s SSL, others. By Ms. Smith on Fri, 07/23/10 - 12:04pm. http://www.networkworld.com/community/node/64074 You probably feel safe when you see the padlock on your browser window indicating secure communication with your bank or e-mail account. You probably think your users are safe if they are accessing your network over your SSL VPN. What if instead of worrying about man-in-the-middle attacks, it became government-spy-in-the middle eavesdropping? Is Big Brother spying on you? Before I'm done showing you these surveillance products, you will probably be ticked for both security and privacy reasons. *Note and hint that the country information ("US") shown by the browsers refers to the corporation that obtained the certificate (Bank of America), not the location of the Certificate Authority (CA). The Extended Validation Certificates (EV) produces the green bar in most modern browsers. In a purely hypothetical example, the U.S. government can force a Public Key Infrastructure (PKI) to give them a publicly trusted certification for www.amazon.com. They then poison your DNS and route your traffic for www.amazon.com to a site they own that has the fake certification installed. Your browser then gives you that pretty green bar or little lock and you think everything is cool, safe and secure. Or... they can put a device between you and your target and then perform SSL interception. Two researchers, Chris Soghoian and Sid Stamm reported on an industry claim that governments could get "court orders" giving them access to falsified cryptographic credentials (spy certs). If National Strategy for Trusted Identities in Cyberspace (NSTIC) is implemented, the threat seems to intensify if the government itself is running the PKI. What this means is that an eavesdropper who can obtain fake certificates from any CA can successfully impersonate every encrypted website you might visit. And you have no way of knowing that you haven?t landed on the authentic, actual site. Most browsers silently accept new certificates from any valid authority, even sites for which certificates have already been obtained. An eavesdropper with fake certificates and access to a target's net connection can quietly negotiate a "man-in-the-middle" (MITM) attack, observing and recording all encrypted web traffic while the user is clueless that it's happening. Are there really eavesdroppers out there -- spies or law enforcement agencies using spy certificates to intercept encrypted web traffic? Are there really wiretapping conventions for eavesdroppers? Oh yes, the next is in October 2010, but IIS World Americas is open only to "law enforcement, intelligence, homeland security analysts and telecom operators responsible for lawful interception, electronic investigations and network intelligence." There are many vendors of products that assist the government in spying, but the HACKING TEAM and Packet Forensics are two that should send an eerie eavesdropping chill up your spine. Here's an FYI about the HACKING TEAM: Remote Control System V6 (RCS) is a premier, integrated, multi-OS platform for remotely attacking, infecting and controlling target computers and mobile phones. RCS FULLY SUPPORTS XP, Vista, 7, MacOS, iPhone and Symbian - It is INVISIBLE to most protection systems available in the market - It is a PROVEN technology: it is being used by Agencies worldwide since 2003 - Target monitoring includes Skype, chat, mail, web, removable media, encrypted communications, PGP, GSM-cell GEO-tracking, GPS GEO-tracking, voice calls, etc. Let's focus on Packet Forensics for now. Packet Forensics offers a 5-series device that is a 4 square inch "turnkey intercept solution" surveillance product, ?using `man-in-the-middle' to intercept TLS or SSL.? It's marketed and sold to law enforcement and intelligence agencies in the US and foreign countries, designed to collect encrypted SSL traffic based on forged "look-alike" certificates obtained from cooperative CA. In the image, please note the parenthesis around (potentially by court order) as if it is not entirely important... According to the Packet Forensics flyer: "Packet Forensics' devices are designed to be inserted-into and removed-from busy networks without causing any noticeable interruption [. . . ] This allows you to conditionally intercept web, e-mail, VoIP and other traffic at-will, even while it remains protected inside an encrypted tunnel on the wire [. . . ] To use our product in this scenario, [government] users have the ability to import a copy of any legitimate key they obtain (potentially by court order) or they can generate `look-alike' keys designed to give the subject a false sense of confidence in its authenticity [. . . ] Your investigative staff will collect its best evidence while users are lulled into a false sense of security afforded by web, e-mail or VOIP encryption [. . . ] In under five minutes, they can be configured and installed [. . . ] they're disposable -- that means less risk to [government] personnel." Microsoft's documentation shows that it has adopted a more cautious approach in trusting CAs than its competitors; a fresh installation of Windows 7 will list 15 CAs in the operating system's Trusted Root Store. Sadly, however, this interface is terribly misleading as it doesn't reveal the fact that Microsoft has opted to trust 264 different CAs. This means any web browser that depends upon Microsoft's Trusted Root Store (such as Internet Explorer, Chrome and Safari for Windows) ultimately trusts 264 different CAs to issue certificates without warning. Firefox is the only major browser to maintain its own database of trusted CAs. Each of the 264 root CAs trusted by Microsoft, the 166 root CAs trusted by Apple, and the 144 root CAs trusted by Firefox are capable of issuing certificates for any website, in any country or top level domain. You don't think the government will use their own CA which could be tracked back to them if discovered, do you? To be fair, however, all encrypted streams that travel over the Internet are susceptible to government spying, not just those that use Microsoft technology. How does this affect you? Many information-hungry governments routinely compel companies to assist them with surveillance. ISPs and telecommunications carriers are frequently required to violate their customers' privacy by providing the government with email communications, telephone calls, search engine records, financial transactions and geo-location information. A few examples of this electronic surveillance by law enforcement include: a consumer electronics company that was forced to remotely enable the microphones in a suspect's auto-mobile dashboard GPS navigation unit in order to covertly record their conversations, as well as a secure email provider that was required to place a covert back door in its product in order to steal users' encryption keys. And who can forget the NSA's wiretapping? In regard to Packet Forensics and Big Brother in your browser, EFF's Senior Staff Technologist Seth Schoen advises, ?HTTPS Everywhere does not address this threat. We have been doing other research to try to investigate this concern. There are several Firefox plugins that try to use information other than CA-issued certificates to validate web sites' keys -- for instance, Perspectives, Monkeysphere, CertPatrol, and Petnames. The general problem is that right now these approaches sometimes call for considerably more effort on the part of the user. Under certain assumptions, this might be unavoidable." Schoen has written more about these issues, including, Behind the Padlock Icon: Certificate Authorities' Mysterious Role in Internet Security. Researchers, Chris Soghoian and Sid Stamm, are working on a Firefox plugin. Until then, I'm using Certificate Patrol to help detect a MITM attack. Electronic surveillance is happening all around you, all the time, and perhaps to you. If surveillance devices like Packet Forensics is around for law enforcement and national intelligence agencies, then you can be sure that cyber-criminals are using them too. I would have said these devices are used by bad guys and good guys, but if The Law is spying on you then it's hard for me to call them "the good guys." According to Cisco, there are 35 billion devices connected to the Internet. How many of those are being eavesdropped upon? Next time you see the padlock on your browser, will you still feel like your important communications are secure? Do you feel like your privacy is truly private? From rforno at infowarrior.org Sun Jul 25 07:57:29 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 25 Jul 2010 08:57:29 -0400 Subject: [Infowarrior] - Ten Stock-Market Myths That Just Won't Die Message-ID: <783E3FB9-4112-41DA-9C06-A79B698E813F@infowarrior.org> Ten Stock-Market Myths That Just Won't Die By BRETT ARENDS http://online.wsj.com/article/SB128000197220920621.html The Dow Jones Industrial Average last week ended up pretty much where it had been a little more than a week earlier. A rousing 200-point rally on Wednesday mostly made up for the distressing 200-point selloff of the previous Friday. The Dow plummeted nearly 800 points a few weeks ago -- and then just as dramatically rocketed back up again. The widely watched market indicator is down 7% from where it stood in April and up 59% from where it was at its 2009 nadir. These kinds of stomach-churning swings are testing investors' nerves once again. You may already feel shattered from the events of 2008-2009. Since the Greek debt crisis in the spring, turmoil has been back in the markets. At times like this, your broker or financial adviser may offer words of wisdom or advice. There are standard calming phrases you will hear over and over again. But how true are they? Here are 10 that need extra scrutiny. 1 "This is a good time to invest in the stock market." Really? Ask your broker when he warned clients that it was a bad time to invest. October 2007? February 2000? A broken watch tells the right time twice a day, but that's no reason to wear one. Or as someone once said, asking a broker if this is a good time to invest in the stock market is like asking a barber if you need a haircut. "Certainly, sir -- step this way!" 2 "Stocks on average make you about 10% a year." Stop right there. This is based on some past history -- stretching back to the 1800s -- and it's full of holes. About three of those percentage points were only from inflation. The other 7% may not be reliable either. The data from the 19th century are suspect; the global picture from the 20th century is complex. Experts suggest 5% may be more typical. And stocks only produce average returns if you buy them at average valuations. If you buy them when they're expensive, you do a lot worse. 3 "Our economists are forecasting..." Hold it. Ask your broker if the firm's economist predicted the most recent recession -- and if so, when. The record for economic forecasts is not impressive. Even into 2008 many economists were still denying that a recession was on the way. The usual shtick is to predict "a slowdown, but not a recession." That way they have an escape clause, no matter what happens. Warren Buffett once said forecasters made fortune tellers look good. 4 "Investing in the stock market lets you participate in the growth of the economy." Tell that to the Japanese. Since 1989 their economy has grown by more than a quarter, but the stock market is down more than three quarters. Or tell that to anyone who invested in Wall Street a decade ago. And such instances aren't as rare as you've been told. In 1969, the U.S. gross domestic product was about $1 trillion, and the Dow Jones Industrial Average was at about 1000. Thirteen years later, the U.S. economy had grown to $3.3 trillion. The Dow? About 1000. 5 "If you want to earn higher returns, you have to take more risk." This must come as a surprise to Mr. Buffett, who prefers investing in boring companies and boring industries. Over the last quarter century, the FactSet Research utilities index has even outperformed the exciting, "risky" Nasdaq Composite index. The only way to earn higher returns is to buy stocks cheap in relation to their future cash flows. As for "risk," your broker probably thinks that's "volatility," which typically just means price ups and downs. But you and your Aunt Sally know that risk is really the possibility of losing principal. 6 "The market's really cheap right now. The P/E is only about 13." The widely quoted price/earnings (PE) ratio, which compares share prices to annual after-tax earnings, can be misleading. That's because earnings are so volatile -- they're elevated in a boom, and depressed in a bust. Ask your broker about other valuation metrics, like the dividend yield, which looks at the dividends you get for each dollar of investment; or the cyclically adjusted PE ratio, which compares share prices to earnings over the past 10 years; or "Tobin's q," which compares share prices to the actual replacement cost of company assets. No metric is perfect, but these three have good track records. Right now all three say the stock market's pretty expensive, not cheap. 7 "You can't time the market." This hoary old chestnut keeps the clients fully invested. Certainly it's a fool's errand to try to catch the market's twists and turns. But that doesn't mean you have to suspend judgment about overall valuations. If you invest in shares when they're cheap compared to cash flows and assets -- typically this happens when everyone else is gloomy -- you will usually do very well. If you invest when shares are very expensive -- such as when everyone else is absurdly bullish -- you will probably do badly. 8 "We recommend a diversified portfolio of mutual funds." If your broker means you should diversify across things like cash, bonds, stocks, alternative strategies, commodities and precious metals, then that's good advice. But too many brokers mean mutual funds with different names and "styles" like large-cap value, small-cap growth, midcap blend, international small-cap value, and so on. These are marketing gimmicks. There is, for example, no such thing as "midcap blend." These funds are typically 100% invested all the time, and all in stocks. In this global economy even "international" offers less diversification than it did, because everything's getting tied together. 9 "This is a stock picker's market." What? Every market seems to be defined as a "stock picker's market," yet for most people the lion's share of investment returns -- for good or ill -- has typically come from the asset classes (see No. 8, above) they've chosen rather than the individual investments. And even if this does turn out to be a stock picker's market, what makes you think your broker is the stock picker in question? 10 "Stocks outperform over the long term." Define the long term? If you can be down for 10 or more years, exactly how much help is that? As John Maynard Keynes, the economist, once said: "In the long run we are all dead." Write to Brett Arends at brett.arends at wsj.com From rforno at infowarrior.org Sun Jul 25 08:15:06 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 25 Jul 2010 09:15:06 -0400 Subject: [Infowarrior] - Tony Hayward to quit BP Message-ID: (Everyone who didn't see this coming 3 months ago, and especially after his disasterous appearance on Capitol Hill, raise your hand....-rick) Tony Hayward to quit BP Beleaguered oil firm chief executive to be replaced by Gulf of Mexico clean-up chief Bob Dudley Terry Macalister guardian.co.uk, Sunday 25 July 2010 13.53 BST http://www.guardian.co.uk/business/2010/jul/25/tony-hayward-to-quit-bp Tony Hayward has been vilified in the US since the 20 April Deepwater Horizon blow-out and subsequent environmental catastrophe in the Gulf of Mexico. Photograph: Larry Downing/REUTERS BP is planning to announce the departure of chief executive Tony Hayward alongside its half-year financial results on Tuesday. The BP boss will be replaced by Bob Dudley, who is currently overseeing the oil spill operation in the Gulf of Mexico. The exit of Hayward, who has been vilified by American politicians since the 20 April blowout on the Deepwater Horizon rig, is the second dramatic change of leadership at BP in less than four years. Lord Browne, Hayward's predecessor, left the oil group after a spat with the then chairman, Peter Sutherland, and a sinking of the share price after the Texas City refinery fire. Hayward, 52, is today locked in meetings with the rest of the BP board about the final details of his financial leaving package, but he is expected to go under basic contractual terms. That means a one year's ?1m pay package but a giant pension pot of over ?10m, capable of paying out more than half a million pounds a year from the formal retirement age of 60. BP continues to insist that "Tony Hayward remains chief executive", and any change to this will be formally announced through the Stock Exchange. The company had privately insisted that Hayward was working on a fightback to try to salvage his own reputation and that of a company that was once the largest on the London stock market. But as the week drew on and a "new BP" strategy began to take shape, both Hayward and other board members began to realise that the US business and brand could only be salvaged under a change of guard. Dudley is seen as the best candidate because he is a US citizen with a very strong track record at BP and previously at Amoco. He lost out on the position to Hayward but in recent months has been called on to give credibility to the Gulf clean-up operation. Dudley was best-known as chief executive of the Russian business TNK-BP, where he performed well until being forced to flee the country in what many observers saw as a Kremlin-inspired campaign to destabilise BP there and put it under more Russian control. From rforno at infowarrior.org Sun Jul 25 08:47:07 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 25 Jul 2010 09:47:07 -0400 Subject: [Infowarrior] - 'Top Secret America' series a threat to lives and security? Message-ID: Key takeaway: the USIC still favors the "security-through-obscurity" model. It's the same justification they've used for classifying "open source intelligence" (including MSM news articles relating to a given issue/item) that I've seen firsthand over the years -- that the aggregated information "helps the adversary". Incidentally, this is the same logic used after 9/11 when the USG scrambled to remove the location of nuclear power plants/chemical sites/etc from government libraries, industry websites and so forth --- but it's not like somebody couldn't SEE the facility or buy a Rand McNally map at the local 7/11, let alone via any other Internet archive. In other words, the USIC wonks still believe they "understand" the nature of information int he 21st century, but reality, policy, and media soundbytes suggests otherwise. For all the hype surrounding this story in the DC area this week, informed and clueful folks in the USIC I've spoken with generally consider this a non-story. But they do agree that "security" makes it convenient to conceal bloat & organisational confusion for the USIC and the effectiveness of its so-called Congressional "oversight". -rick 'Top Secret America' series a threat to lives and security? By Andrew Alexander Ombudsman Sunday, July 25, 2010; A17 http://www.washingtonpost.com/wp-dyn/content/article/2010/07/23/AR2010072303883_pf.html It's normal for readers to react after The Post runs a big story. But many weighed in before last week's publication of "Top Secret America," the three-part series detailing the enormous national security buildup since the Sept. 11, 2001, terrorist attacks. After word spread through government agencies that publication was imminent, readers implored The Post not to reveal the names of companies doing classified work on contract. "You're jeopardizing not only the jobs, but the lives of people like myself that go into an office every day to protect the security of this nation and the lives of its people," one contractor said in an e-mail. Criticism continued after publication began Monday. "I think this behavior by The Post is very close to meeting the legal test for actual treason," wrote Jerry Jasper of Chantilly, who worried that his workplace might be "targeted by The Post for destruction by al-Qaeda or other enemies of the United States." Major news organizations often come under fire when they disclose classified information. But "Top Secret America" was different. The Post took hundreds of thousands of public documents and created a massive database, available at topsecretamerica.com, that provides information on nearly 2,000 companies and an array of government organizations engaged in top-secret work. An editor's note accompanying the series said, "Every data point on the Web site is substantiated by at least two public records." Using this "mosaic" approach to aggregating individually harmless slivers of information, The Post created a composite of the immense national security apparatus and invited readers to home in on its individual parts. They can search online by name and location and even the type of work being performed. The Post allowed government officials to see the Web site in advance and express concerns. The editor's note said, "One government body objected to certain data points on the site and explained why; we removed those items." Another objected to the entire Web site. That was "unhelpful," said Dana Priest, a two-time Pulitzer Prize-winning reporter who co-authored the series. "It's not a reasonable discussion . . . when you come up with a legitimate public issue and their answer is: 'We just don't want people to read a story about that.' " Executive Editor Marcus Brauchli said the unnamed agency expressed a "general concern that putting this information in one place would enable people to know information that previously resided in practical obscurity." He declined to reveal details of discussions with the government but stressed that "we made the decisions on our own." Out of what he termed a "public safety" precaution, The Post curbed the capabilities of its interactive Web site. For instance, the Google-powered mapping function limits the degree to which readers can pinpoint many locations. Still, did The Post provide too much? "From my point of view, The Post erred on the side of nondisclosure," said Steven Aftergood, a noted government secrecy expert with the nonpartisan Federation of American Scientists. "I would be surprised if you could find a single security professional who would argue that this series constituted a threat either to national security or to any part of individual facilities. "The primary threat to these facilities is not from external attack, but from insiders who are either committing thefts or manipulating information systems," he said. But John McLaughlin, a former acting CIA director now with the Johns Hopkins School of Advanced International Studies, disagreed. The Post's database "has given readers the CliffsNotes" to national security information, he said. "I would not have done it." "You can say that all of this data is publicly available," he said, but The Post's database is "doing the work that the adversary would have to do." McLaughlin agreed that foes could use the same public information to create their own composite. "But why help them? Why help confirm for them what they may conclude? Why reinforce their analysis?" Over the years, The Post has revealed classified information when it feels disclosure is in the public interest. But it also occasionally withholds information. For instance, stories on troop movements and covert operations have been delayed or even canceled. Each decision involves balancing public benefit with potential harm. With "Top Secret America," the thumb on the scale favors publication. The Post exercised caution. And the scope of the nation's intelligence apparatus after Sept. 11 -- with attendant questions of redundancy, waste and oversight -- clearly is a topic of public debate. Transparency like this can enhance the quality of that discussion. And that can lead to greater security. Andrew Alexander can be reached at 202-334-7582 or at ombudsman at washpost.com. From rforno at infowarrior.org Sun Jul 25 17:49:02 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 25 Jul 2010 18:49:02 -0400 Subject: [Infowarrior] - =?windows-1252?q?In_Disclosing_Secret_Documents?= =?windows-1252?q?=2C_WikiLeaks_Seeks_=91Transparency=92?= Message-ID: In Disclosing Secret Documents, WikiLeaks Seeks ?Transparency? By ERIC SCHMITT Published: July 25, 2010 http://www.nytimes.com/2010/07/26/world/26wiki.html?_r=1 WikiLeaks.org, the online organization that was to post tens of thousands of classified military field reports about the Afghan war on Sunday, says its goal in disclosing secret documents is to reveal ?unethical behavior? by governments and corporations. Since it was founded in December 2006, WikiLeaks has exposed internal memos about the dumping of toxic material off the African coast, the membership rolls of a racist British party, and the American military?s manual for operating its prison in Guant?namo Bay, Cuba. ?We believe that transparency in government activities leads to reduced corruption, better government and stronger democracies,? the organization?s Web site says. ?All governments can benefit from increased scrutiny by the world community, as well as their own people. We believe this scrutiny requires information.? The trove of war reports to be posted Sunday dwarfs the scope and volume of documents that the organization has made public in the past. In a telephone interview from London, the organization?s founder, Julian Assange, said the documents would reveal broader and more pervasive levels of violence in Afghanistan than the military or the news media had previously reported. ?It shows not only the severe incidents but the general squalor of war, from the death of individual children to major operations that kill hundreds,? he said. Mr. Assange said in the interview and a subsequent e-mail message that some 15,000 documents would be withheld from release for a few days until WikiLeaks could redact names of individuals in the reports whose safety could be jeopardized. WikiLeaks? critics range from the military, which says it jeopardizes operations, to some open government advocates who say the organization is endangering the privacy rights of others in favor of self promotion. Steven Aftergood, head of the project on government secrecy at the Federation of American Scientists, in his blog posting on June 28 accused WikiLeaks of ?information vandalism? with no regard for privacy or social usefulness. ?WikiLeaks must be counted among the enemies of open society because it does not respect the rule of law nor does it honor the rights of individuals,? he wrote. The release of the data comes nearly three weeks after new charges were filed against an American soldier in Iraq who had been arrested on charges of leaking a video of a deadly American helicopter attack in Baghdad in 2007 that killed 12 people, including a reporter and photographer from the news agency Reuters. He was also charged with downloading more than 150,000 highly classified diplomatic cables. WikiLeaks made public a 38-minute video of the helicopter attack as well as a 17-minute edited version that it called ?Collateral Murder.? The abridged version drew criticism for failing to make clear that the attacks happened during clashes in a Baghdad neighborhood and that one of the men fired on by the helicopter was carrying a rocket-propelled grenade. WikiLeaks has also made public a cable entitled ?Reykjavik13,? about the banking crisis in Iceland, which was cited in the criminal charges against the soldier, Pfc. Bradley E. Manning, 22, an Army intelligence analyst. In keeping with its policy to protect the anonymity of its sources, WikiLeaks has not acknowledged receiving the cables or video from Private Manning. In the telephone interview, Mr. Assange, an Australian activist, refused to say whether the war reports came from Private Manning. But Mr. Assange said that WikiLeaks had offered to help pay for Private Manning?s legal counsel or provide lawyers to defend him. Adrian Lamo, a computer hacker who earlier this year traded instant messages with Private Manning, said the soldier claimed he had leaked the cables and video to WikiLeaks. Mr. Lamo, who in 2004 pleaded guilty to hacking into the internal computer system of The New York Times, said he turned in Private Manning to the authorities for national security reasons. Private Manning, who served with the Second Brigade of the 10th Mountain Division, based at Contingency Operating Station Hammer east of Baghdad, was arrested in May after the military authorities said that he had revealed his activities in online chats with Mr. Lamo. Investigators now believe that Private Manning exploited a loophole in Defense Department security to copy thousands of files onto compact discs over a six-month period. WikiLeaks has a core group of about half a dozen full-time volunteers, and there are 800 to 1,000 people whom the group can call on for expertise in areas like encryption, programming and writing news releases. Mr. Assange, 39, said the site operated from servers in several countries, including Sweden and Belgium, where laws provided more protection for its disclosures. From rforno at infowarrior.org Sun Jul 25 17:50:12 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 25 Jul 2010 18:50:12 -0400 Subject: [Infowarrior] - NYT: Deciding What to Publish Message-ID: <2699FD3C-476F-4645-8493-0989272BB380@infowarrior.org> A Note to Readers Piecing Together the Reports, and Deciding What to Publish Published: July 25, 2010 http://www.nytimes.com/2010/07/26/world/26editors-note.html The articles published today are based on thousands of United States military incident and intelligence reports ? records of engagements, mishaps, intelligence on enemy activity and other events from the war in Afghanistan ? that were to be made public on Sunday on the Internet. The New York Times, The Guardian newspaper in London, and the German magazine Der Spiegel were given access to the material several weeks ago. These reports are used by desk officers in the Pentagon and troops in the field when they make operational plans and prepare briefings on the situation in the war zone. Most of the reports are routine, even mundane, but many add insights, texture and context to a war that has been waged for nearly nine years. Over all these documents amount to a real-time history of the war reported from one important vantage point ? that of the soldiers and officers actually doing the fighting and reconstruction. The Source of the Material The documents ? some 92,000 individual reports in all ? were made available to The Times and the European news organizations by WikiLeaks, an organization devoted to exposing secrets of all kinds, on the condition that the papers not report on the data until July 25, when WikiLeaks said it intended to post the material on the Internet. WikiLeaks did not reveal where it obtained the material. WikiLeaks was not involved in the news organizations? research, reporting, analysis and writing. The Times spent about a month mining the data for disclosures and patterns, verifying and cross-checking with other information sources, and preparing the articles that are published today. The three news organizations agreed to publish their articles simultaneously, but each prepared its own articles. Classified Information Deciding whether to publish secret information is always difficult, and after weighing the risks and public interest, we sometimes chose not to publish. But there are times when the information is of significant public interest, and this is one of those times. The documents illuminate the extraordinary difficulty of what the United States and its allies have undertaken in a way that other accounts have not. Most of the incident reports are marked ?secret,? a relatively low level of classification. The Times has taken care not to publish information that would harm national security interests. The Times and the other news organizations agreed at the outset that we would not disclose ? either in our articles or any of our online supplementary material ? anything that was likely to put lives at risk or jeopardize military or antiterrorist operations. We have, for example, withheld any names of operatives in the field and informants cited in the reports. We have avoided anything that might compromise American or allied intelligence-gathering methods such as communications intercepts. We have not linked to the archives of raw material. At the request of the White House, The Times also urged WikiLeaks to withhold any harmful material from its Web site. Verification To establish confidence in the information, The Times checked a number of the reports against incidents that had been publicly reported or witnessed by our own journalists. Government officials did not dispute that the information was authentic. It is sometimes unclear whether a particular incident report is based on firsthand observation, on the account of an intelligence source regarded as reliable, on less trustworthy sources or on speculation by the writer. It is also not known what may be missing from the material, either because it is in a more restrictive category of classification or for some other reason. From rforno at infowarrior.org Sun Jul 25 17:53:22 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 25 Jul 2010 18:53:22 -0400 Subject: [Infowarrior] - Wikileaks Releases large class'd Afrghan document archive Message-ID: <55734D99-CAD5-48C1-8CC0-3246E75B173D@infowarrior.org> A trove of military documents to be made public on Sunday by an organization called WikiLeaks reflects deep suspicions among American officials that Pakistan?s military spy service has for years guided the Afghan insurgency with a hidden hand, even as Pakistan receives more than $1 billion a year from Washington for its help combating the militants. http://www.nytimes.com/interactive/world/war-logs.html From rforno at infowarrior.org Sun Jul 25 17:56:13 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 25 Jul 2010 18:56:13 -0400 Subject: [Infowarrior] - Court: Bypassing Dongles Not a DMCA Violation Message-ID: <7168717E-6169-47ED-AEF6-7D8E859A235D@infowarrior.org> http://www.courthousenews.com/2010/07/23/29099.htm Friday, July 23, 2010Last Update: 10:57 AM PT Court Backs Dismissal of Digital Copyright Claim (CN) - General Electric did not infringe on a power supplier's digital copyrights when it used protected software unlocked through a hacked security key, the 5th Circuit ruled. "Merely bypassing a technological protection that restricts a user from viewing or using a work is insufficient to trigger the (Digital Millennium Copyright Act's) anti-circumvention provision," Judge Garza wrote for the New Orleans-based court. "The DMCA prohibits only forms of access that would violate or impinge on the protections that the Copyright Act otherwise affords copyright owners." The ruling stems from a lawsuit filed by MGE UPS Systems, a manufacturer of uninterruptible power supply machines used by companies like Power Maintenance International (PMI), which was bought by GE in 2001. To fix the machines, technicians have to use MGE's copyrighted software programs. The software can be unlocked with an external hardware security key, called a "dongle." Dongles have expiration dates, passwords and a maximum number of uses. Years after MGE introduced this technology, hackers posted information online on how to bypass the hardware key. Once a key is cracked, the software can be freely used and copied. In its lawsuit against GE and PMI, MGE claimed a group of PMI employees had at least one copy of software obtained from a hacked machine. It said GE used the software 428 times between June 2000 and May 2002, even after a judge barred GE from using MGE's software and trade secrets. A jury awarded MGE more than $4.6 million in damages for copyright infringement and misappropriation of trade secrets, but the trial judge dismissed its Digital Millennium Copyright Act claim. MGE appealed, arguing that its dongles barred the kind of access to its software that the Act is meant to prevent. But the 5th Circuit said MGE "advances too broad a definition of 'access.'" "Without showing a link between 'access' and 'protection' of the copyrighted work, the DMCA's anti-circumvention provision does not apply," Judge Emilio Garza wrote. "The owner's technological measure must protect the copyrighted material against an infringement of a right that the Copyright Act protects, not from mere use or viewing." From rforno at infowarrior.org Sun Jul 25 18:05:01 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 25 Jul 2010 19:05:01 -0400 Subject: [Infowarrior] - Wikileaks Afghan Leak: The Backstory Message-ID: <3F5B34C6-7A41-4983-A9E1-CA5DB04468E8@infowarrior.org> Series: Afghanistan: The war logs Afghanistan war logs: Story behind biggest leak in intelligence history From US military computers to a cafe in Brussels, how thousands of classified papers found their way to online activists http://www.guardian.co.uk/world/2010/jul/25/wikileaks-war-logs-back-story US authorities have known for weeks that they have suffered a haemorrhage of secret information on a scale which makes even the leaking of the Pentagon Papers during the Vietnam war look limited by comparison. The Afghan war logs, from which the Guardian reports today, consist of 92,201 internal records of actions by the US military in Afghanistan between January 2004 and December 2009 ? threat reports from intelligence agencies, plans and accounts of coalition operations, descriptions of enemy attacks and roadside bombs, records of meetings with local politicians, most of them classified secret. The Guardian's source for these is Wikileaks, the website which specialises in publishing untraceable material from whistleblowers, which is simultaneously publishing raw material from the logs. Washington fears it may have lost even more highly sensitive material including an archive of tens of thousands of cable messages sent by US embassies around the world, reflecting arms deals, trade talks, secret meetings and uncensored opinion of other governments. Wikileaks' founder, Julian Assange, says that in the last two months they have received yet another huge batch of "high-quality material" from military sources and that officers from the Pentagon's criminal investigations department have asked him to meet them on neutral territory to help them plug the sequence of leaks. He has not agreed to do so. Behind today's revelations lie two distinct stories: first, of the Pentagon's attempts to trace the leaks with painful results for one young soldier; and second, a unique collaboration between the Guardian, the New York Times and Der Spiegel magazine in Germany to sift the huge trove of data for material of public interest and to distribute globally this secret record of the world's most powerful nation at war. The Pentagon was slow to engage. The evidence they have now collected suggests it was last November that somebody working in a high-security facility inside a US military base in Iraq started to copy secret material. On 18 February Wikileaks posted a single document ? a classified cable from the US embassy in Reykjavik to Washington, recording the complaints of Icelandic politicians that they were being bullied by the British and Dutch over the collapse of the Icesave bank; and the tart remark of an Icelandic diplomat who described his own president as "unpredictable". Some Wikileaks workers in Iceland claimed they saw signs that they were being followed after this disclosure. But the Americans evidently were nowhere nearer to discovering the source when, on 5 April, Assange held a press conference in Washington to reveal US military video of a group of civilians in Baghdad, including two Reuters staff, being shot down in the street in 2007 by Apache helicopters: their crew could be heard crowing about their "good shooting" before destroying a van which had come to rescue a wounded man and which turned out to be carrying two children on its front seat. It was not until late May that the Pentagon finally closed in on a suspect, and that was only after a very strange sequence of events. On 21 May, a Californian computer hacker called Adrian Lamo was contacted by somebody with the online name Bradass87 who started to swap instant messages with him. He was immediately extraordinarily open: "hi... how are you?? im an army intelligence analyst, deployed to eastern bagdad ? if you had unprecedented access to classified networks, 14 hours a day, 7 days a week for 8+ months, what would you do?" For five days, Bradass87 opened his heart to Lamo. He described how his job gave him access to two secret networks: the Secret Internet Protocol Router Network, SIPRNET, which carries US diplomatic and military intelligence classified "secret"; and the Joint Worldwide Intelligence Communications System which uses a different security system to carry similar material classified up to "top secret". He said this had allowed him to see "incredible things, awful things ? that belong in the public domain and not on some server stored in a dark room in Washington DC ? almost criminal political backdealings ? the non-PR version of world events and crises." Bradass87 suggested that "someone I know intimately" had been downloading and compressing and encrypting all this data and uploading it to someone he identified as Julian Assange. At times, he claimed he himself had leaked the material, suggesting that he had taken in blank CDs, labelled as Lady Gaga's music, slotted them into his high-security laptop and lip-synched to nonexistent music to cover his downloading: "i want people to see the truth," he said. He dwelled on the abundance of the disclosure: "its open diplomacy ? its Climategate with a global scope and breathtaking depth ? its beautiful and horrifying ? It's public data, it belongs in the public domain." At one point, Bradass87 caught himself and said: "i can't believe what im confessing to you." It was too late. Unknown to him, two days into their exchange, on 23 May, Lamo had contacted the US military. On 25 May he met officers from the Pentagon's criminal investigations department in a Starbucks and gave them a printout of Bradass87's online chat. On 26 May, at US Forward Operating Base Hammer, 25 miles outside Baghdad, a 22-year-old intelligence analyst named Bradley Manning was arrested, shipped across the border to Kuwait and locked up in a military prison. News of the arrest leaked out slowly, primarily through Wired News, whose senior editor, Kevin Poulsen, is a friend of Lamo's and who published edited extracts from Bradass87's chatlogs. Pressure started to build on Assange: the Pentagon said formally that it would like to find him; Daniel Ellsberg, who leaked the Pentagon Papers, said he thought Assange could be in some physical danger; Ellsberg and two other former whistleblowers warned that US agencies would "do all possible to make an example" of the Wikileaks founder. Assange cancelled a planned trip to Las Vegas and went to ground. After several days trying to make contact through intermediaries, the Guardian finally caught up with Assange in a caf? in Brussels where he had surfaced to speak at the European parliament. Assange volunteered that Wikileaks was in possession of several million files, which amounted to an untold history of American government activity around the world, disclosing numerous important and controversial activities. They were putting the finishing touches to an accessible version of the data which they were preparing to post immediately on the internet in order to pre-empt any attempt to censor it. But he also feared that the significance of the logs and some of the important stories buried in them might be missed if they were simply dumped raw on to the web. Instead he agreed that a small team of specialist reporters from the Guardian could have access to the logs for a few weeks before Wikileaks published, to decode them and establish what they revealed about the conduct of the war. To reduce the risk of gagging by the authorities, the database would also be made available to the New York Times and the German weekly, Der Spiegel which, along with the Guardian, would publish simultaneously in three different jurisdictions. Under the arrangement, Assange would have no influence on the stories we wrote, but would have a voice in the timing of publication. He would place the first tranche of data in encrypted form on a secret website and the Guardian would access it with a user name and password constructed from the commercial logo on the cafe's napkin. Today's stories are based on that batch of logs. Wikileaks has simultaneously published much of the raw data. It says it has been careful to weed out material which could jeopardise human sources. Since the release of the Apache helicopter video, there has been some evidence of low-level attempts to smear Wikileaks. Online stories accuse Assange of spending Wikileaks money on expensive hotels (at a follow-up meeting in Stockholm, he slept on an office floor); of selling data to mainstream media (the subject of money was never mentioned); or charging for media interviews (also never mentioned). Earlier this year, Wikileaks published a US military document which disclosed a plan to "destroy the centre of gravity" of Wikileaks by attacking its trustworthiness. Meanwhile, somewhere in Kuwait, Manning has been charged under US miitary law with improperly downloading and releasing information, including the Icelandic cable and the video of Apache helicopters shooting civilians in Baghdad. He faces trial by court martial with the promise of a heavy jail sentence. Ellsberg has described Manning as "a new hero of mine". In his online chat, Bradass87 looked into the future: "god knows what happens now ? hopefully, worldwide discussion, debates and reforms. if not ? we're doomed." From rforno at infowarrior.org Sun Jul 25 19:19:32 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 25 Jul 2010 20:19:32 -0400 Subject: [Infowarrior] - U.S. Condemns Release of Documents on Afghan War Message-ID: <0790E8C2-8967-468E-ACBF-8C9F834FCC15@infowarrior.org> U.S. Condemns Release of Documents on Afghan War By Roger Runningen - Jul 25, 2010 http://www.bloomberg.com/news/2010-07-25/u-s-denounces-publication-of-classified-documents-on-war-in-afghanistan.html The U.S. condemned as ?irresponsible? the disclosure of about 92,000 classified documents on the war in Afghanistan covering the years 2004 through 2009. National Security Adviser James Jones said the release of the documents by the website Wikileaks could put lives at risk and threaten national security. The New York Times said the reports show the difficulties of fighting a war while hamstrung by ?an Afghan government, police force and army of questionable loyalty and competence? and by a Pakistani military that at times appeared to be helping the insurgents the U.S. is trying to defeat. The Times said it obtained the documents several weeks ago from Wikileaks. The Guardian in the U.K. and Der Spiegel in Germany also published articles online that they said were based on the documents. ?The United States strongly condemns the disclosure of classified information by individuals and organizations which could put the lives of Americans and our partners at risk, and threaten our national security,? Jones said in a statement issued by the White House yesterday. Wikileaks ?made no effort to contact? the administration about the documents, he said. Jones said the documents cover the period leading up to President Barack Obama?s change of direction in the war in Afghanistan, which was begun by former President George W. Bush?s administration after the Sept. 11 attacks by al-Qaeda. ?Grave Situation? ?On December 1, 2009, President Obama announced a new strategy with a substantial increase in resources for Afghanistan, and increased focus on al Qaeda and Taliban safe- havens in Pakistan, precisely because of the grave situation that had developed over several years,? Jones said. The Times said the reports suggest that members of Pakistan?s spy service had met with members of the Taliban to organize militias to fight against U.S. soldiers in Afghanistan and plot assassinations of Afghan leaders. Pakistan?s ambassador to the U.S., Husain Haqqani, called the leak of the documents ?irresponsible? in an e-mail that said they reflected ?nothing more than single-source comments and rumors.? The Pakistani government is ?following a clearly laid-out strategy of fighting and marginalizing terrorists,? Haqqani said. ?The United States, Afghanistan and Pakistan are strategic partners and are jointly endeavoring to defeat al- Qaeda and its Taliban allies militarily and politically.? Heat-Seeking Missiles The documents show that Taliban insurgents have used portable heat-seeking missiles against allied aircraft, something that hadn?t been disclosed by the military, the Times said. The reports also provide information about secret commando units seeking to capture or kill top insurgent leaders, and the use of CIA paramilitary operations inside Afghanistan, the Times said. The reports suggest that the Taliban?s use of heat-seeking missiles ?has been neither common nor especially effective; usually the missiles missed,? the Times said. The Times called the documents an ?incomplete record? of the war. While the Times said the documents don?t contradict official accounts of the war, the newspaper also said at that times the U.S. military had made misleading public statements. As examples, the Times cited attribution of the downing of a helicopter to conventional weapons instead of heat-seeking missiles and giving Afghans credit for missions carried out by special operations commandos. Guardian?s Report The Guardian newspaper said on its website the documents show that allied troops have killed hundreds of civilians in unreported incidents. In addition, it said, ?Taliban attacks have soared and NATO commanders fear neighboring Pakistan and Iran are fuelling the insurgency,? referring to the North Atlantic Treaty Organization. Der Spiegel magazine said on its website that all three publications vetted the documents, compared them with independent reports and concluded they were authentic. The reports were mostly written by sergeants, Der Spiegel said. ?Nearly nine years after the start of the war, they paint a gloomy picture,? Der Spiegel?s report said. ?They portray Afghan security forces as the hapless victims of Taliban attacks. They also offer a conflicting impression of the deployment of drones, noting that America?s miracle weapons are also entirely vulnerable.? ?Ongoing Commitment? Jones said the disclosure wouldn?t alter the White House course on the almost 10-year war. ?These irresponsible leaks will not impact our ongoing commitment to deepen our partnerships with Afghanistan and Pakistan; to defeat our common enemies; and to support the aspirations of the Afghan and Pakistani people,? Jones said. The Times said it took ?care not to publish information that would harm national security interests.? The newspaper said it withheld ?names of operatives in the field and informants cited in the reports? and ?avoided anything that might compromise American or allied intelligence-gathering methods.? The Times described Wikileaks as ?an organization devoted to exposing secrets of all kinds? and said the group provided the publications with the documents ?several weeks ago? on condition that nothing be published until July 25. To contact the reporter on this story: Roger Runningen in Washington at rrunningen at bloomberg.net. From rforno at infowarrior.org Sun Jul 25 21:51:53 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 25 Jul 2010 22:51:53 -0400 Subject: [Infowarrior] - Freedom of photography: Police, security often clamp down despite public right Message-ID: <5738BF3C-FDB7-4EE5-BE91-22FD59FFB008@infowarrior.org> Freedom of photography: Police, security often clamp down despite public right By Annys Shin Washington Post Staff Writer Monday, July 26, 2010; B02 http://www.washingtonpost.com/wp-dyn/content/article/2010/07/25/AR2010072502795_pf.html A few weeks ago, on his way to work, Matt Urick stopped to snap a few pictures of the U.S. Department of Housing and Urban Development's headquarters. He thought the building was ugly but might make for an interesting photo. The uniformed officer who ran up to him didn't agree. He told Urick he was not allowed to photograph federal buildings. Urick wanted to tell the guard that there are pictures of the building on HUD's Web site, that every angle of the building is visible in street views on Google Maps and that he was merely an amateur photographer, not a threat. But Urick kept all this to himself. "A lot of these guys have guns and are enforcing laws they obviously don't understand, and they are not to be reasoned with," he said. After detaining Urick for a few minutes and conferring with a colleague on a radio, the officer let him go. Courts have long ruled that the First Amendment protects the right of citizens to take photographs in public places. Even after the terrorist attacks of Sept. 11, 2001, law enforcement agencies have reiterated that right in official policies. But in practice, those rules don't always filter down to police officers and security guards who continue to restrict photographers, often citing authority they don't have. Almost nine years after the terrorist attacks, which ratcheted up security at government properties and transportation hubs, anyone photographing federal buildings, bridges, trains or airports runs the risk of being seen as a potential terrorist. Reliable statistics on detentions and arrests of photographers are hard to come by, but photographers, their advocates and even police agree that confrontations still occur frequently. Photographers had run-ins with police before the 2001 attacks, but constitutional lawyers say the combination of heightened security concerns and the spread of digital cameras has made such incidents more common. In the past month, in addition to Urick's encounter, a retired oceanographer said he was threatened with arrest for snapping pictures of a federal courthouse in Silver Spring, and an Alexandria man was briefly detained for photographing police making a traffic stop in Georgetown. Law enforcement officials have a hard time explaining the gap between policy and practice. The disconnect, legal experts say, may stem from a dearth of guidelines about how to balance security concerns with civil liberties. "Security guards are often given few rules to follow, but they have clearly gotten the message that they need to be extra vigilant," said Kent Willis, executive director of the American Civil Liberties Union of Virginia. "In the end, it seems you never know how a particular security guard is going to react." Clarifying the law Last year, New York City police sought to clarify the rules on photography with a directive to all officers. It said that photography is "rarely unlawful" and that officers have no right to demand to see photos or to delete them. Like Washington, New York is a potential terrorist target but also a major tourist destination, and as a result, the directive said, "practically all such photography will have no connection to terrorism or unlawful conduct." Police officials say officers who seek to stop photography are driven by safety concerns and the fact that the presence of a camera can spike emotions. "When people see a camera, they get more into it," said Marcello Muzzatti, president of D.C. Lodge No. 1 of the Fraternal Order of Police, which represents 11,000 officers in more than 100 D.C. and federal agencies. "Some people will figure, 'I have a right to take pictures,' and we are not arguing with that. An officer also has a right to his or her safety and to control the situation." The flip side of that coin is that "photography creates a relatively objective record," said Catherine Crump, a lawyer with the ACLU's national office. "The police certainly realize this, which is why they routinely record their interaction with citizens. And there is no reason why people should be deprived of that same tool." Photographers are challenging unwarranted restrictions by collecting hundreds of photos that prompted police questioning, detention or arrest; the pictures are posted on online photo sharing sites such as Flickr. Local photographers are also testing trouble spots, especially outside federal buildings, many of which are guarded by the Federal Protective Service, an agency in the Department of Homeland Security that has 1,225 officers and 15,000 contract guards to secure more than 9,000 buildings nationwide. Erin McCann of the District elicited laughter at a congressional hearing last fall when she described an encounter with an FPS officer at the Transportation Department headquarters in Southeast. The officer told her it was illegal to photograph federal buildings. When McCann asked what law stated that, the officer cited Title 18 of the U.S. Code. Title 18 is the name of the entire body of U.S. criminal law. Official FPS guidance, issued in 2004, reads: "Please understand there is no prohibition against photographing the DOT or FAA headquarters buildings." The Transportation Department later wrote to McCann, saying that the officer had been wrong. FPS is revising its photography policy, spokesman Michael Keegan said. Local shutterbugs give higher marks to Metro, saying the transit agency has worked to ensure that its employees know photography is allowed in and around its stations. (The exception is the Pentagon Station, which is Pentagon property.) "We believe that [the Metro system] is a tourist attraction as much as the Washington Monument," agency spokeswoman Lisa Farbstein said. Unwelcome civics lessons Photographers say police need to be told explicitly not to prohibit photography, because officers often don't respond well to impromptu citizen lectures on constitutional law. In March, two Transportation Security Administration officials didn't take kindly to First Amendment arguments made by Jerome Vorus of Alexandria. The college student was taking photos on a public concourse at Reagan National Airport for his aviation blog when he was stopped and questioned. Vorus, 19, said TSA workers told him he was not allowed to take pictures of the security checkpoint or TSA personnel. The TSA does not prohibit photographing, videotaping or filming at screening locations, spokeswoman Lauren Gaches said. TSA employees may ask photographers to stop only if they are interfering with the screening process or taking pictures of X-ray monitor screens, which Vorus says he was not doing. After a lengthy back-and-forth, Vorus snapped photos of two airports authority police officers who had been called in to help. He says one officer tackled him, took his camera and deleted pictures. "This is assault!" Vorus can be heard shouting on an audio recording he made of the incident. An airports authority investigation was "inconclusive" about whether the officer tackled Vorus or deleted his pictures but concluded the officer did violate unnamed airport policies. Authority spokesman Robert Yingling declined to comment further on the investigation. This month, Vorus had another run-in, this time with D.C. police, as he photographed a traffic stop that he happened upon in Georgetown. He was questioned, detained and then let go. Police say they were justified in stopping him because was taking photos of the inside of the squad car. Vorus, who was 20 feet away, says he "wasn't trying to make a point or cause a scene" but was merely asserting his rights. Second District Cmdr. Matthew Klein said there is no official prohibition against photographing the interior of a squad car. But he said officers acted appropriately because they thought Vorus was escalating the situation. "They had a situation developing," Klein said. "They had to make a call." From rforno at infowarrior.org Mon Jul 26 09:27:13 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 26 Jul 2010 10:27:13 -0400 Subject: [Infowarrior] - Goldman reveals where bailout cash went Message-ID: Goldman reveals where bailout cash went http://www.usatoday.com/money/industries/banking/2010-07-24-goldman-bailout-cash_N.htm Enlarge By Mark Lennihan, AP Goldman Sachs received a $12.9 billion payout from the government's bailout of AIG, which was at one time the world's largest insurance company. By Karen Mracek and Thomas Beaumont, Des Moines Register Goldman Sachs sent $4.3 billion in federal tax money to 32 entities, including many overseas banks, hedge funds and pensions, according to information made public Friday night. Goldman Sachs disclosed the list of companies to the Senate Finance Committee after a threat of subpoena from Sen. Chuck Grassley, R-Ia. Asked the significance of the list, Grassley said, "I hope it's as simple as taxpayers deserve to know what happened to their money." He added, "We thought originally we were bailing out AIG. Then later on ... we learned that the money flowed through AIG to a few big banks, and now we know that the money went from these few big banks to dozens of financial institutions all around the world." Grassley said he was reserving judgment on the appropriateness of U.S. taxpayer money ending up overseas until he learns more about the 32 entities. Goldman Sachs (GS) received $5.55 billion from the government in fall of 2008 as payment for then-worthless securities it held in AIG. Goldman had already hedged its risk that the securities would go bad. It had entered into agreements to spread the risk with the 32 entities named in Friday's report. Overall, Goldman Sachs received a $12.9 billion payout from the government's bailout of AIG, which was at one time the world's largest insurance company. Goldman Sachs also revealed to the Senate Finance Committee that it would have received $2.3 billion if AIG had gone under. Other large financial institutions, such as Citibank, JPMorgan Chase and Morgan Stanley, sold Goldman Sachs protection in the case of AIG's collapse. Those institutions did not have to pay Goldman Sachs after the government stepped in with tax money. Shouldn't Goldman Sachs be expected to collect from those institutions "before they collect the taxpayers' dollars?" Grassley asked. "It's a little bit like a farmer, if you got crop insurance, you shouldn't be getting disaster aid." Goldman had not disclosed the names of the counterparties it paid in late 2008 until Friday, despite repeated requests from Elizabeth Warren, chairwoman of the Congressional Oversight Panel. "I think we didn't get the information because they consider it very embarrassing," Grassley said, "and they ought to consider it very embarrassing." The initial $85 billion to bail out AIG was supplemented by an additional $49.1 billion from the Troubled Asset Relief Program, known as TARP, as well as additional funds from the Federal Reserve. AIG's debt to U.S. taxpayers totals $133.3 billion outstanding. "The only thing I can tell you is that people have the right to know, and the Fed and the public's business ought to be more public," Grassley said. The list of companies receiving money includes a few familiar foreign banks, such as the Royal Bank of Scotland and Barclays. DZ AG Deutsche Zantrake Genossenschaftz Bank, a German cooperative banking group, received $1.2 billion, more than a quarter of the money Goldman paid out. Warren, in testimony Wednesday, said that the rescue of AIG "distorted the marketplace by turning AIG's risky bets into fully guaranteed transactions. Instead of forcing AIG and its counterparties to bear the costs of the company's failure, the government shifted those costs in full onto taxpayers." Grassley stressed the importance of transparency in the marketplace, as well as in the government's actions. "Just like the government, markets need more transparency, and consequently this is some of that transparency because we've got to rebuild confidence to make the markets work properly," Grassley said. AIG received the bailout of $85 billion at the discretion of the Federal Reserve Bank of New York, which was led at the time by Timothy Geithner. He now is U.S. treasury secretary. "I think it proves that he knew a lot more at the time than he told," Grassley said. "And he surely knew where this money was going to go. If he didn't, he should have known before they let the money out of their bank up there." An attempt to reach Geithner Friday night through the White House public information office was unsuccessful. Grassley has for years pushed to give the Government Accountability Office more oversight of the Federal Reserve. U.S. Rep. Bruce Braley, a Waterloo Democrat, said he would propose that the House subcommittee on oversight and investigations convene hearings on the need for more Federal Reserve oversight. Braley is a member of the subcommittee. Braley said of Geithner, "I would assume he would be someone we would want to hear from because he would have firsthand knowledge." Braley also noted that the AIG bailout was negotiated under President George W. Bush, a Republican. He said he was confident that the financial regulatory reform bill signed by President Obama this week would help provide better oversight than the AIG bailout included. "There was no regulatory framework in place," Braley said. "We had to put something in place to begin reining them in. I'm confident they will begin to be able to do that." From rforno at infowarrior.org Mon Jul 26 11:15:02 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 26 Jul 2010 12:15:02 -0400 Subject: [Infowarrior] - WTF....Students Aren't Allowed To Touch Real Rocks Message-ID: Mrs. Lovejoy is on line 3....... -rick Students Aren't Allowed To Touch Real Rocks Lenore Skenazy, 07.21.10, 7:00 PM ET http://www.forbes.com/2010/07/21/consumer-product-safety-hazard-opinions-columnist-lenore-skenazy_print.html Michael Warring, president of American Educational Products in Fort Collins, Colo., had his shipment all ready: A school's worth of small bags, each one filled with an igneous, sedimentary and metamorphic rock. Then the school canceled its order. Says Warring, "They apparently decided rocks could be harmful to children." After all, who knows exactly what is in a piece of Mother Nature? There could be a speck of lead! The children will study a poster of rocks instead. And so it goes in the unbrave new world, where nothing is safe enough. It's a world brought to us by the once sane, now danger-hallucinating Consumer Product Safety Commission. When the Commission was born in 1972, it seemed like a godsend. We'd just discovered GM execs knew their Corvair spun out of control, but hadn't done anything about it. We'd just learned that tobacco execs knew their cigarettes could cause cancer, but hadn't bothered to tell us. We were beginning to suspect every corporate suite harbored a horrible secret. A new government body would seek these out? Fantastic! Fast forward 30-something years of ever-increasing safety. What are some of the products the CPSC is warning us about today? Well, there's the Graco Harmony High Chair. The commission warns parents to "stop using product immediately." Yikes! Scary! Is it ejecting kids? Spontaneously combusting? Not quite. Of the 1,200,000 units sold, the CPSC received "24 reports of injuries, including bumps and bruises to the head, a hairline fracture to the arm, and cuts, bumps, bruises and scratches to the body." In other words: For every 50,000 chairs sold, a single child has suffered a bruise, bump or--once--a hairline fracture. Now look: Nobody likes to see a sweetheart suffer. But the Harmony high chair does not exactly sound like baby's first Pinto. Then there's the Little Tykes workbench. Last year the CPSC recalled that product's toy nails after an 11-month-old boy almost choked on one. Those nails are made out of plastic. They're 3 1/4 inches high and 1 1/4 inches wide. They've been sold with the workbench since 1994. And the boy who almost choked is fine. So we're talking about a product that has been on the market for 15 years and sold 1,600,000 units. It is popular, safe and time-tested. To me that's an exemplary toy. To the CPSC it is a killer on the loose. From rforno at infowarrior.org Mon Jul 26 13:54:32 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 26 Jul 2010 14:54:32 -0400 Subject: [Infowarrior] - UAE says BlackBerry is potential security threat Message-ID: <82C58B28-72E8-45E6-965A-ACAFEED2A103@infowarrior.org> UAE says BlackBerry is potential security threat United Arab Emirates declares BlackBerry smartphone a possible threat to national security Adam Schreck, AP Business Writer, On Monday July 26, 2010, 1:06 pm EDT http://finance.yahoo.com/news/UAE-BlackBerry-phones-could-apf-959472235.html?x=0 DUBAI, United Arab Emirates (AP) -- Emirati officials have declared BlackBerry smartphones a potential threat to national security because users' data is stored overseas, where local laws don't apply and where analysts say it could be harder for authorities to monitor. The move renews concerns about efforts by the United Arab Emirates to control the flow of information in the Gulf nation, which includes the business hub Dubai and the oil-rich emirate of Abu Dhabi. The federation of seven hereditary states actively censors websites and other forms of media seen as harming national security and conservative local values. Because BlackBerry maker Research in Motion's computer servers are located outside the country, "it makes it easier for them to refuse requests from the authorities for users' personal data," said Lucie Morillon, head of the new media desk at advocacy group Reporters Without Borders, which monitors efforts to control smartphone use. "The authorities cannot access BlackBerry information as easily as they can a local operator's information," she said. It is the second major controversy over the Blackberry in the UAE. A year ago, the country's biggest state-run mobile operator was caught encouraging unwitting BlackBerry users to install software on the devices that could allow outsiders to peer inside. The government has never made fully clear what happened in that case. In the latest flap, the Telecommunications Regulatory Authority voiced fears that the BlackBerry manages data in a way that could allow it to be misused. BlackBerry devices were singled out because they are the only phones operating in the country that automatically relay users' information abroad, the regulator said. "As a result of how Blackberry data is managed and stored, in their current form, certain Blackberry applications allow people to misuse the service, causing serious social, judicial and national security repercussions," the regulator said in a statement carried on the state news agency late Sunday. It said the devices operate "beyond the jurisdiction" of national laws and automatically send data abroad to be "managed by a foreign, commercial organization." That is apparently a reference to RIM's system of relaying data such as e-mail messages to network servers offshore that are separate from those operated by local mobile providers. "Some people might not like that," said Bruce Schneier, an author and chief security technology officer at British telecommunications operator BT. He said authorities' concerns with the overseas servers could be twofold: "They can't get to it, or other people can." The TRA said the BlackBerry was launched in the UAE before "safety, emergency and national security legislation" regulating their use was enacted in 2007. It did not specify what changes it is seeking or if it was contemplating an outright ban. An official at the TRA said Monday the agency had no further comment, and that no decision about the phones' future in the country had been made. She would not provide her name, as is customary among Emirati government officials. Spokeswomen for BlackBerry maker RIM said the Canadian company did not yet have any comment. Just over a year ago, RIM criticized a directive by UAE state-owned mobile operator Etisalat telling the company's more than 145,000 BlackBerry users to install software described as an "upgrade ... required for service enhancements." RIM said tests showed the update was in fact spy software that could allow outsiders to access private information stored on the phones. It strongly distanced itself from Etisalat's decision, and provided details instructing users how to remove the software. The UAE is not the first country to raise concerns about BlackBerry phones. The tiny Gulf state of Bahrain earlier this year threatened legal action against BlackBerry users who were sharing local news through a chat function on the devices. Indian government security agencies have also raised concerns that the way the BlackBerry handles data could put the nation at risk, according to a report this month in the country's Economic Times. Morillon said governments in the Gulf are increasingly concerned about the growing use of the phones' BlackBerry Messenger application, which can be harder to monitor than other forms of communication. "It looks like it has become a channel to spread information, and maybe mobilize online, which is something that worries the authorities," she said. From rforno at infowarrior.org Mon Jul 26 16:05:10 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 26 Jul 2010 17:05:10 -0400 Subject: [Infowarrior] - Media rules at Guantanamo change daily Message-ID: <6564DA6A-7A03-415F-873F-13DB331D22B0@infowarrior.org> So is TSA/DHS taking lessons from DOD or vice-versa??? -rick Commentary: For reporters, the rules at Guantanamo change daily By Carol Rosenberg | McClatchy Newspapers http://www.mcclatchydc.com/2010/07/26/98146/commentary-for-reporters-the-rules.html WASHINGTON ? Guantanamo's Camp Justice is a place where you can sit at your laptop or by your phone only if there's a member of the military within earshot. It's a place where you can go to court only in the custody of a military public affairs officer. Inside, if there's only one escort ? this happened recently ? and somebody has to go to the bathroom, every reporter has to leave court, too. It's a place where a soldier stands over your shoulder, looks in your viewfinder and says 'Don't take that picture, I'll delete it.' This happened earlier in July. The government censor stands in front of a No Photography sign and says, "New policy, the sign and scene behind are now OK. Have at it." You take your camera to a shed for a security review a few minutes later and a sergeant says, "Um, 'No Photography' signs are forbidden." "They just told us it was OK," I say. "For real?" he asks. "For real," I reply. He deletes it anyway. There was a sliver of concrete in the frame. The fringes of a bunker you're not allowed to see. And it's a place where the Pentagon believes it can tell you not to include in your story the name of a man who outed himself in a newspaper interview in 2008 to clear his name. It's a place where, if you ask why, they tell you, "That's the rules ma'am." If you say that wasn't the rule a year ago, a month ago ? they shrug and say that's the rule today. You can't write that man's name any more. Never mind that reporters at the same war court reported that same interrogator's name in Guantanamo stories in 2008. I go to Guantanamo to write about a place the government intentionally chose to be outside the rule of law. The Supreme Court decided otherwise. It's a place the Pentagon likes to call the most transparent detention center on Earth. Hundreds of reporters have visited there, they say, since the first al Qaida suspects arrived eight years ago. They skip the part about how few go back more than once ? stymied by the sheer frustration at the rules, the hoops, the time, and the costs of doing basic journalism. Being a court reporter. Writing a feature story. Conducting an interview. I'm here to tell you what it's like to be a reporter at Guantanamo. It's hard. Not just because you sleep in tent city where the ventilators and generators sound like you're inside a jet engine. Nearly everyone else expected in court gets housing elsewhere. The lawyers have trailers. The translators get townhouses and the judge and juries get guest quarters. The reporters get tents because if you protest, guess what they say: Don't come. Did you know there are hotels at Guantanamo? We used to get rooms there, and now we can't check into them. A reporter can't just fly to Guantanamo either. To cover a 3.5-hour hearing on Monday, I flew from Miami to Washington on Saturday, stayed in a hotel and went to Andrews Air Force Base Sunday morning to pay $400 to ride the Pentagon plane that reporters are required to take to cover commissions. I've been doing this a long time. Sometimes I can find a direct flight from South Florida to Guantanamo. I used to take them. Not anymore. Now it's forbidden. It's hard to be a reporter at Guantanamo because when you ask to read an unclassified motion, see the judge's scheduling order that's been sent out in a mass e-mail, find out who testified under subpoena, get a copy of a video already leaked to "60 Minutes" the answer is "no" ? because those are the rules. Earlier this month, I covered a really crucial crossroads hearing for Omar Khadr, a Canadian who's been held at Guantanamo since he was 15. He fired his legal team, revealed a secret government offer of a plea deal, announced a boycott but then said that maybe, after a third of his life at Guantanamo, he'd like to function as his own lawyer. It's a week later and they still won't release a copy of the motion that was argued. I've covered Supreme Court arguments and murder and mayhem trials in Massachusetts Superior Court. I've reported spy cases, done gavel to gavel of a court martial. This is a court like none other I've ever seen. You can't get up in the morning and stand on line to cover it. You can't bring a lawyer to protest if there's a closure. The public and the press have no standing. Increasingly, you can't read the motions in advance. You can't ask the lawyers during a break to clarify something. You can't go home at night. You can't check into a hotel. There's a court security officer, a nice guy, a contractor paid by the Pentagon. He tells the sketch artist in the court room whose nose and eyes she can sketch. If something "protected" slips out in court, it's his job to send word to the writers: You can't print it. When the sketch artist, Janet Hamlin, drew the first public image of Khalid Sheik Mohammed, the alleged mastermind of the Sept. 11 attacks, after years in CIA custody, she dutifully showed it to the security officer. He takes it to KSM, who studies it and sends Janet a message: Find my FBI photo and fix it. My nose is too big. You see, at Guantanamo, even an alleged terrorist gets to be a censor. When the topic comes up in court of what psychotropic drugs were given another accused 9/11 conspirator, Ramzi bin al Shibh, the courtroom censor hits a white noise button so reporters viewing from a glass booth can't hear the names of the drugs. Why? One minder said it's because Ramzi bin al Shibh has HIPAA health privacy rights. In a place where they still argue that the Constitution doesn't apply. Guantanamo is a place where you get assigned seats in court, and if you're me you usually get one of the two or three seats that can't see the witness stand. Even if the media gallery is mostly empty. It wasn't always that way. When the court opened in the summer of 2004, reporters were VIPs, afforded seats front and center ? and during breaks the lawyers would lean over the bar and explain, amplify. We stayed in guest quarters. Now, in court, according to the ground rules, you can't talk to the lawyers, even during breaks. Even if they want to be quoted. It's a place where for years a public affairs officer would scrupulously provide the number of captives being force-fed. This summer, it stopped. We never give out those figures, they said. I protest. I ask again earlier this month. How many of the 180 are being tube fed? Answer: About half of less than 10. Huh? It's a place where one day in the cafeteria, your escorts harp on you to display your media badge. Then another tells you to put it away because it's creeping out the troops. It's a place where they say you can never take pictures at McDonalds. But I have, with permission and an escort. Where they say no one has ever taken pictures in Khalid Sheik Mohammed's courtroom, the maximum-security bunker. But I have. They took me there, and approved the photograph. It's a place where they clear the court so only those with security clearances can see a video of a Canadian agent questioning Omar Khadr. We are taken back to the filing center, where we watch it on YouTube. Canadian courts released it more than a year ago. It's a place where now, suddenly this summer, defense lawyers can't step inside the air-conditioned press conference room ? cost to taxpayers: $49,000 ? unless the prosecutors also want to brief. So reporters now do mini pressers with defense attorneys in the humid, filthy hangar. It's a place where the defense lawyers are barred from setting foot inside the filing center, but the Military Commissions deputy legal adviser comes and goes as he pleases. It's a place where some years back, a colleague got a map of the base in her press packet. On her return, she brings it back. A minder sees it at her computer and confiscates it. You're not allowed to have that. But it's still included in every guest packet at Guantanamo's guest quarters. Some of the treatment seems petty. How about this: They control the access to food at times and somehow forget there have been, consistently, Muslims and vegetarians among the media. Some years back an officer with the Louisiana National Guard declared it too inconvenient to let us go out to eat and sent us to our quarters with a stack of pork pizzas. Two journalists from Canada who had been working full tilt all day went hungry until breakfast. Once, a Chinese reporter, an official guest of the foreign press center, filmed her standup from a pre-approved spot. Escorts took her there, and watched while she did it. The next day she came to me bewildered. They deleted the shot in the spot they approved because there was a fluorescent orange barrier in the distance. Surely, I said, you must've said something that was protected. Not likely. The censor shut off the sound and fast-forwarded through the standup because he didn't speak Chinese. Minor stuff? Not if you're trying to do your job. I don't break the rules. I protest the ones that make no sense. Now they've got a new expansive interpretation of military censorship authority. A colleague calls it a bid to impose collective amnesia on reporters of things we've known for years. I say protect the secrets that are secret, not the prerogative. Don't create a bunch of ad hoc rules that keep us from doing our jobs. Some days we can't challenge all of them. They come too fast, without rhyme or reason. (This article is adapted from a speech given to the National Press Club in Washington by Carol Rosenberg, a reporter for The Miami Herald, who was one of four reporters banned in May from covering future military commission hearings for publishing the already publicly known name of a witness that the Pentagon wanted kept secret. The Pentagon lifted the ban after news media attorneys complained such restrictions are unconstitutional and illegal under the Military Commissions Act of 2009. On Monday, Aug. 2, the Pentagon has agreed to meet with news media representatives to discuss the ground rules for covering Guantanamo. Rosenberg, who has covered the detention camps at Guantanamo since they opened in January 2002, is expected to be among the attendees.) From rforno at infowarrior.org Mon Jul 26 16:07:37 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 26 Jul 2010 17:07:37 -0400 Subject: [Infowarrior] - Southwest: Breakdown is now an act of God Message-ID: Southwest: Breakdown is now an act of God Carol Ann Alaimo Arizona Daily Star | Posted: Saturday, July 24, 2010 12:00 am | Comments http://azstarnet.com/news/local/article_5bc41260-e1ee-57fb-8f68-fe716e9f5bad.html Tucson's most popular airline recently added "mechanical difficulties" to the list of acts of God and other events for which the carrier will not be liable if travel is delayed. If there's a God who controls floods and earthquakes, does the deity also have a hand in an airline's mechanical problems? Apparently so, according to Tucson's most popular airline, which recently added "mechanical difficulties" to the list of acts of God and other events for which the carrier will not be liable if travel is delayed. Southwest Airlines quietly made the change a few weeks ago, to the puzzlement of some industry analysts. It appears on page 11 of 32 pages of fine print called a "contract of carriage," which many passengers don't read, but which spells out their recourse in mishaps such as flight interruptions or baggage loss. Mechanical difficulties - what type is not defined - now appears on a list of events such as wars, riots, storms, earthquakes and other acts of God that are "outside of (Southwest's) control." In such cases, the contract says, passengers are entitled to refunds only on the used portion of their tickets. Southwest has no obligation to provide compensation for "any type of special, incidential or consequential damages." Southwest spokesman Chris Mainz downplayed the significance of the change. Mainz said Southwest would continue to assist passengers just as in the past, for example by putting them up in hotels if they are stranded during travel. Asked why Southwest would change its contract if it doesn't intend to change its practices, Mainz said in an e-mail that the modification was made to "limit our exposure to liability." Mainz also said the change would make Southwest "more consistent with the industry standard." However, when the Arizona Daily Star reviewed passenger contracts for four other major airlines - Delta, American, Continental and United - none included "mechanical difficulties" as an event outside the carrier's control. Robert Mann, an airline industry analyst based in Port Washington, N.Y., called it "surprising" that Southwest, which has a reputation for stellar customer service, would make a change that puts passengers at a legal disadvantage if an aircraft breakdown delays their travel. Keeping a fleet mechanically sound "is certainly within the control of any airline," Mann said. "Putting mechanical issues in the same category as an act of God - I don't think that's what God intended." Even if Southwest sticks to its current level of customer aid, Mann said, the new contract wording sets a bad industry precedent. "While I take Southwest at their word to do the right thing for customers, there are others in the industry who will adopt this on a 'me, too' basis and hold to the letter of that language, really disadvantaging customers on an issue that is absolutely within a carrier's responsibility and control." Industry analyst Michael Boyd of Evergreen, Colo., agreed other airlines are likely to follow suit. "The way the industry is today, airlines are sitting around watching each other," he said. "If the other guy does something that makes money and the consumer doesn't revolt, they're going to do it, too." "I can see (carriers) saying, 'It wasn't our fault the airplane broke down,' and I also can see customers saying, 'I bought a ticket from you and I have reasonable expectation that the airplane is going to work,' " Mann said. Southwest is the top choice of passengers at Tucson International Airport, used by nearly a third of the 3.6 million travelers who flew into or out of TIA last year. Contact reporter Carol Ann Alaimo at calaimo at azstarnet.com or at 573-4138. From rforno at infowarrior.org Mon Jul 26 16:10:23 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 26 Jul 2010 17:10:23 -0400 Subject: [Infowarrior] - USG: Jailbreaking iPhone is legal "fair use" (and more!) Message-ID: <9536CC53-53B1-4798-A7F9-4626C1557897@infowarrior.org> Library of Congress makes jailbreaking legal for fair use updated 12:25 pm EDT, Mon July 26, 2010US says jailbreaks, hacks OK when purpose is legal http://www.electronista.com/articles/10/07/26/us.says.jailbreaks.hacks.ok.when.purpose.is.legal/ The Library of Congress today ruled that breaking copy protection is legal on many devices, including phones, for the sake of fair use. The decision specifically allows smartphone owners to jailbreak and root their phones to run legal third-party apps. It similarly greenlights unlocking the phone for use on another network that allows the practice. Other exemptions also have significant impact on media. The move would let schools and others to break the CSS encryption on DVDs to use short clips for documentaries and other not-for-profit efforts. Video game owners can crack copy protection to study or fix security holes when it doesn't create an exploit by itself. Security dongles, such as USB sticks, that aren't made anymore or easily repaired can also be cracked. Pressure exerted on Amazon to remove text-to-speech from the Kindle has also been thwarted, as the exemptions would let owners break DRM barring the feature or any other conversion to an accessible format. The decision could almost immediately have an effect on Apple, Microsoft and any other smartphone OS designer whose platform prevents the installation of outside apps. While it would not force them to automatically allow software from beyond the App Store or Windows Phone Marketplace, it would prevent them from taking legal action against jailbreakers or app developers that aren't violating any laws. It could additionally prevent AT&T from taking legal action to stop customers from rooting Android phones to bypass its artificial ban on non-Market titles. None of the involved companies has yet to comment on or contest the Library of Congress decision. From rforno at infowarrior.org Mon Jul 26 16:33:24 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 26 Jul 2010 17:33:24 -0400 Subject: [Infowarrior] - Support the EFF and say Thanks Message-ID: <45A8A824-3022-4F36-B9A5-DE2C5F6B995F@infowarrior.org> No, I've not been asked by them to solicit, but I think it's a good idea for Netizens to show their support for the EFF, especially after this latest bit of news today. So go visit their site, join, or buy something. Seriously. - rick July 26th, 2010 EFF Wins New Legal Protections for Video Artists, Cell Phone Jailbreakers, and Unlockers Rulemaking Fixes Critical DMCA Wrongs San Francisco - The Electronic Frontier Foundation (EFF) won three critical exemptions to the Digital Millennium Copyright Act (DMCA) anticircumvention provisions today, carving out new legal protections for consumers who modify their cell phones and artists who remix videos ? people who, until now, could have been sued for their non-infringing or fair use activities. < -- > http://www.eff.org/press/archives/2010/07/26 From rforno at infowarrior.org Mon Jul 26 22:09:03 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 26 Jul 2010 23:09:03 -0400 Subject: [Infowarrior] - Good summary of DMCA exemptions Message-ID: <2A9961FA-6826-4556-B62C-DED9BCA9C0CE@infowarrior.org> Apple loses big in DRM ruling: jailbreaks are "fair use" By Nate Anderson | Last updated about 11 hours ago http://arstechnica.com/tech-policy/news/2010/07/apple-loses-big-in-drm-ruling-jailbreaks-are-fair-use.ars Every three years, the Library of Congress has the thankless task of listening to people complain about the Digital Millennium Copyright Act. The DMCA forbade most attempts to bypass the digital locks on things like DVDs, music, and computer software, but it also gave the Library the ability to wave its magical copyright wand and make certain DRM cracks legal for three years at a time. This time, the Library went (comparatively) nuts, allowing widespread bypassing of the CSS encryption on DVDs, declaring iPhone jailbreaking to be "fair use," and letting consumers crack their legally purchased e-books in order to have them read aloud by computers. The exemptions The DMCA was passed in 1998, so this is the fourth go-round for the Library. In the past, people have usually complained that DRM prevented them from making legitimate use of items like DVDs?format-shifting a copy to one's iPod, for instance, was forbidden. The Register of Copyrights (who is part of the Library of Congress) dutifully listened to these complaints and then did... very little. Previous exemptions could charitably be described as "parsimonious." After all, if you need a two-minute clip of a film, you could always get it from a VHS tape or by taping a TV screen. Right? The Librarian and the Register, cautious folks that they are, have moved slowly, but after more than a decade of the DMCA, they are increasingly willing to acknowledge its harms. That lead to this morning's ruling, which provides DRM circumvention exemptions for the following six classes of works: (1) Motion pictures on DVDs that are lawfully made and acquired and that are protected by the Content Scrambling System when circumvention is accomplished solely in order to accomplish the incorporation of short portions of motion pictures into new works for the purpose of criticism or comment, and where the person engaging in circumvention believes and has reasonable grounds for believing that circumvention is necessary to fulfill the purpose of the use in the following instances: (i) Educational uses by college and university professors and by college and university film and media studies students; (ii) Documentary filmmaking; (iii) Noncommercial videos. (2) Computer programs that enable wireless telephone handsets to execute software applications, where circumvention is accomplished for the sole purpose of enabling interoperability of such applications, when they have been lawfully obtained, with computer programs on the telephone handset. (3) Computer programs, in the form of firmware or software, that enable used wireless telephone handsets to connect to a wireless telecommunications network, when circumvention is initiated by the owner of the copy of the computer program solely in order to connect to a wireless telecommunications network and access to the network is authorized by the operator of the network. (4) Video games accessible on personal computers and protected by technological protection measures that control access to lawfully obtained works, when circumvention is accomplished solely for the purpose of good faith testing for, investigating, or correcting security flaws or vulnerabilities, if: (i) The information derived from the security testing is used primarily to promote the security of the owner or operator of a computer, computer system, or computer network; and (ii) The information derived from the security testing is used or maintained in a manner that does not facilitate copyright infringement or a violation of applicable law. (5) Computer programs protected by dongles that prevent access due to malfunction or damage and which are obsolete. A dongle shall be considered obsolete if it is no longer manufactured or if a replacement or repair is no longer reasonably available in the commercial marketplace; and (6) Literary works distributed in ebook format when all existing ebook editions of the work (including digital text editions made available by authorized entities) contain access controls that prevent the enabling either of the book?s read-aloud function or of screen readers that render the text into a specialized format. The language here can be opaque, so let's parse these a bit. DVDs First up: DVDs! Previous exemptions have been carved out for college professors who might use film clips in class. But note the broad nature of the new rule?it applies to everyone. As long as you are making a documentary or noncommercial video, you're in. The exemption only covers "short portions of motion pictures," since the Register was not convinced that longer portions would necessarily be fair use. And if there's some other way of getting the clips short of bypassing DRM, you should take it. According to the official explanatory text (PDF), "Where alternatives to circumvention can be used to achieve the noninfringing purpose, such noncircumventing alternatives should be used." Thus, if you have screen capture software and need only a low-quality copy for some purpose, you should use that. But the exemption is a key one, despite its limiting language. As the Librarian of Congress finally admitted, "I agree with the Register that the record demonstrates that it is sometimes necessary to circumvent access controls on DVDs in order to make these kinds of fair uses of short portions of motion pictures." Jailbreaking The most surprising ruling was on "jailbreaking" one's phone (exemption number two), replacing the company-provided operating system with a hacked version that has fewer limitations. Make no mistake: this was all about Apple. And Apple lost. The Electronic Frontier Foundation argued that jailbreaking one's iPhone should be allowed, even though it required one to bypass some DRM and then to reuse a small bit of Apple's copyright firmware code. Apple showed up at the hearings to say, in numerous ways, that the idea was terrible, ridiculous, and illegal. In large part, that was because the limit on jailbreaking was needed to preserve Apple's controlled ecosystem, which the company said was of great value to consumers. That might be true, the Register agreed, but what did it have to do with copyright? "Apple is not concerned that the practice of jailbreaking will displace sales of its firmware or of iPhones," wrote the Register, explaining her thinking by running through the "four factors" of the fair use test. "Indeed, since one cannot engage in that practice unless one has acquired an iPhone, it would be difficult to make that argument. Rather, the harm that Apple fears is harm to its reputation. Apple is concerned that jailbreaking will breach the integrity of the iPhone's ecosystem. The Register concludes that such alleged adverse effects are not in the nature of the harm that the fourth fair use factor is intended to address." And the Register concluded that a jailbroken phone used "fewer than 50 bytes of code out of more than 8 million bytes, or approximately 1/160,000 of the copyrighted work as a whole. Where the alleged infringement consists of the making of an unauthorized derivative work, and the only modifications are so de minimis, the fact that iPhone users are using almost the entire iPhone firmware for the purpose for which it was provided to them by Apple undermines the significance" of Apple's argument. The conclusion is sure to irritate Steve Jobs: "On balance, the Register concludes that when one jailbreaks a smartphone in order to make the operating system on that phone interoperable with an independently created application that has not been approved by the maker of the smartphone or the maker of its operating system, the modifications that are made purely for the purpose of such interoperability are fair uses." SecuROM and SafeDisc Exemption four is quite clear?security research on DRM-limited video games is allowed?but why is it there? What research needs to be done? It turns out that the real target here is the DRM itself, specifically two controversial systems called SecuROM and SafeDisc. Professor Alex Halderman, a longtime security researcher in this area, begged the Library to let him investigate these kinds of invasive DRM without legal worries. "The evidence relating to SecuROM tends to be highly speculative," said the Register, explaining her approval of the exemption, "but Professor Halderman asserted that this situation has been crying out for an investigation by reputable security researchers in order to rigorously determine the nature of the problem that this system cause[s], and dispel this uncertainty about exactly what's going on. He believed that the prohibition on circumvention is at least in part to blame for the lack of rigorous, independent analysis." But the SafeDisc situation is clearer. "In contrast to SecuROM, SafeDisc has created a verifiable security vulnerability on a large number of computers. Opponents of the proposed class did not dispute that SafeDisc created a security vulnerability, but they argued that the security flaw was patched by Microsoft in 2007, without the need of an exemption. However, SafeDisc was preloaded on nearly every copy of Microsoft's Windows XP and Windows 2003 operating systems and was on the market for over six years before a security researcher discovered malware exploiting the security. The vulnerability had the capacity to affect nearly one billion PCs." Given what's at stake, the Library decided to allow such security research. E-books Remember how Amazon got into trouble with publishers for allowing its Kindle to do automated text-to-speech? Publishers objected that this could cut into their audiobook money and that it might violate their rights. Amazon may have clamped down on the feature in response, but the Library of Congress has now given users the right to crack e-book DRM in order to hear the words. Exemption number six only applies in cases where there is no alternative; if e-book vendors offer any sort of version that allows screen-reading or text-to-speech, even if the price is significantly higher, people must use that version rather than bypass DRM. But if there are no commercial alternatives, e-book buyers are at last legally allowed to bypass DRM. The clock is ticking Other, broader exemptions were not allowed. Bypassing the DRM on purchased music when the authentication servers have gone dark? Still illegal. Bypassing the DRM on streaming video in order to watch it on non-supported platforms? Nope. But the exemptions that did make it were carefully thought out and actually helpful this time around. That's the good news. The bad news is that they must be re-argued every three years, and the Library has taken so long getting its most recent ruling out that that the next review happens just two years from now. So enjoy your exemptions while you can. From rforno at infowarrior.org Tue Jul 27 06:59:19 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 27 Jul 2010 07:59:19 -0400 Subject: [Infowarrior] - FCIC may audit Goldman Sachs Message-ID: <14DEC38D-0C8B-4DCD-B91B-F86525BA363A@infowarrior.org> Goldman Sachs May Face Huge Audit By Financial Crisis Inquiry Commission Posted: July 25, 2010 at 7:47 pm http://247wallst.com/2010/07/25/goldman-sachs-may-face-huge-audit-by-financial-crisis-inquiry-commission/ The Financial Crisis Inquiry Commission, unhappy about the efforts by Goldman Sachs Group (GS) to give it comprehensive data on its derivatives trading group, may find the information out anyway through an audit. ?We have a deep level of questioning about whether we?re getting the straight scoop here and whether Goldman is working with us on information that they surely have,? Phil Angelides, chairman of the US Congress-appointed commission told the FT. It is the third piece of very bad news for Goldman in the last few days.Goldman posted disappointing earnings because its highly profitable investment banking and trading divisions slowed in the last quarter. The firm had to account for its settlement with the SEC, but that is a one-time charge. The faltering in the growth of its core businesses could continue and will likely be compounded by restrictions put on proprietary trading by the new financial reform legislation Goldman also found out the inspector general of the SEC has questioned the timing of the firm?s settlement with the agency. It came just days before the passage of the Obama financial reform bill. The inspector general also appears to be investigating if details of the settlement were leaked to the press. And, just a week ago, Goldman?s future seems to be so bright again. From rforno at infowarrior.org Tue Jul 27 07:39:56 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 27 Jul 2010 08:39:56 -0400 Subject: [Infowarrior] - Return of the Facebook Snatchers Message-ID: (URL c/o JH) < - > it turns out, by heading to https://www.facebook.com/directory, you can get a list of every searchable user on all of Facebook! My first idea was simple: spider the lists, generate first-initial-last-name (and similar) lists, then hand them over to @Ithilgore to use in Nmap's awesome new bruteforce tool he's working on, Ncrack. But as I thought more about it, and talked to other people, I realized that this is a scary privacy issue. I can find the name of pretty much every person on Facebook. Facebook helpfully informs you that "[a]nyone can opt out of appearing here by changing their Search privacy settings" -- but that doesn't help much anymore considering I already have them all (and you will too, when you download the torrent). Suckers! < - > But it occurred to me that this is public information that Facebook puts out, I'm assuming for search engines or whatever, and that it wouldn't be right for me to keep it private. Why waste Facebook's bandwidth and make everybody scrape it, right? So, I present you with: a torrent! If you haven't download it, download it now! And seed it for as long as you can. This torrent contains: ? The URL of every searchable Facebook user's profile ? The name of every searchable Facebook user, both unique and by count (perfect for post-processing, datamining, etc) ? Processed lists, including first names with count, last names with count, potential usernames with count, etc ? The programs I used to generate everything < - > http://www.skullsecurity.org/blog/?p=887 From rforno at infowarrior.org Tue Jul 27 13:35:52 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 27 Jul 2010 14:35:52 -0400 Subject: [Infowarrior] - Credit Score Is the Tyrant in Lending Message-ID: <923312AA-4833-4D65-85F9-105061E181DC@infowarrior.org> July 23, 2010 Credit Score Is the Tyrant in Lending By JOE NOCERA http://www.nytimes.com/2010/07/24/business/24nocera.html?_r=3&ref=business&pagewanted=print The other day, a mortgage broker named Deb Killian called me, more or less out of the blue. Ms. Killian has been in the business since 1994. She and her husband run Charter Oak Lending Group, a small firm based in Danbury, Conn., that they founded in 1996. She is a member of the board of the National Association of Mortgage Brokers. By her estimate, she has closed more than 3,500 loans during her career. Ms. Killian was calling because she was upset about one element of the mortgage underwriting process that, in her opinion, had gotten completely out of hand. That element was the borrower?s FICO score ? in other words, his or her credit score. Essentially, she says, a person?s credit score has become the only thing that matters anymore to the banks and other institutions that underwrite mortgages. Yes, the banks all mouth pieties about how credit scores are just one of many factors that go into their underwriting decisions. But every day she receives notices from banks and other lenders showing just the opposite: as they fiddle with the terms for one or another of their loan products (something they do constantly, by the way), invariably, the credit score is the dominant ? and sometimes the only ? criterion mentioned. Most of the time, needless to say, the minimum credit score needed to get the mortgages has been increased. To make matters worse, she says, clients are having a difficult time just maintaining their current credit scores ? even when they have done nothing to merit a downgrade. ?This is the example that drove me over the edge,? she said. A woman seeking a mortgage had a credit card with a $3,000 limit. She had $1,500 worth of debt on the card, which meant, in industry jargon, that she had a 50 percent debt utilization. The client had moved the balance to a different bank, and that bank immediately lowered her credit limit to the amount she had borrowed: $1,500. Without taking on an additional penny of debt, the woman?s debt utilization had suddenly jumped to 100 percent. Which, as Ms. Killian knew only too well, the FICO algorithm frowns on. Once that information made its way to the credit bureaus, the woman?s credit score dropped. And because it had, the interest rate on the mortgage she hoped to get increased. Ms. Killian had a hundred stories like that. Yes, she told me, she knew that underwriting standards had been way too lax during the bubble. But to her mind, the mortgage lenders had swung too far in the other direction, depriving perfectly creditworthy borrowers of the chance to get a mortgage at a reasonable rate. ?If the loan criteria says you need to have a 700 credit score, and you have a 699, you don?t get the loan,? she said. ?It makes me nuts.? Was I interested, she asked me finally, in writing a column about this problem? I most certainly was. ? ?Mortgage brokers,? said Craig Watts, the head of communications at FICO, with a tone of bemused exasperation. ?Some of them are kind of cranky these days.? The mortgage brokers, he went on to say, were seeing things only from their own narrow perspective ? the perspective of someone who wouldn?t get a commission if their clients couldn?t get a mortgage. Thankfully, from his spot high on the mountaintop in FICO-land, Mr. Watts could give me a broader, more sophisticated take on the topic. Thank goodness for that. A FICO score, he patiently explained, is merely a tool that lenders use to help manage their risk; criticizing it is akin to criticizing ?a saw because the construction job turned out badly.? With big banks making thousands of credit decisions every day, they couldn?t possible do it without some standardized benchmark; a credit score provided that benchmark. Over the years, he added, the algorithm had gotten very good at predicting the odds of a borrower defaulting. In fact, FICO scores are not the best predictor. The amount of equity a person has in his home, his debt-to-income ratio, his job stability and his cash reserves are all better predictors than credit scores, according to Dave Zitting, the chief executive of Primary Residential Mortgage, a leading mortgage lender. And yet, he said, ?The credit score has become the line in the sand for the banks.? It is easy enough to understand why, I suppose. During the bubble, Wall Street used credit scores to decide which subprime loans it would buy and securitize. The lower the credit score, the better, because Wall Street needed risky loans to generate yields that would entice investors. They pushed lenders to make loans to people with low credit scores, which became shorthand for risky loans. In the aftermath of the bubble, credit scores have remained shorthand for a borrower?s creditworthiness ? except that now borrowers need to have high credit scores instead of low ones. And yet, credit scores are no more accurate than any other risk model. There are people with low credit scores who are quite creditworthy. There are people with high scores who aren?t. Treating credit scores as if they were infallible ? which is what the banking industry is now doing ? is beyond foolish. It is hurting the recovery. The two most important credit score hard-liners are Fannie Mae and Freddie Mac, which of course are currently wholly owned subsidiaries of the federal government. Because Fannie and Freddie are practically the only entities willing to buy and securitize mortgages, they have enormous clout; most lenders simply won?t make a loan if Fannie or Freddie won?t buy it. Their bottom line number is 620 ? the company will buy mortgages only if the borrower has a credit score of 620 or above. Which means, given the current state of the mortgage market, that anyone with a score below 620 can?t get a mortgage. Even if that score is 619. But the difference between a 620 score and a 619 is utterly meaningless. The credit scoring industry likes to make it sound as if their results are scientific; they?re anything but. It is not FICO that comes up with a borrower?s score ? it just sells the algorithms. The companies that do are the big three credit bureaus, TransUnion, Equifax and Experian. They gather input about the prospective borrower?s lending history from various lenders like credit card companies and auto dealers, plug them into a formula and derive a credit score. You would think, given the critical importance of an accurate score, that there would be rules about the information that is submitted to them. There aren?t. Lenders can submit information about your credit history to one of the bureaus, all of them or none of them. Some of them turn over information right away; some take months; some don?t do it at all. Some are sticklers for accuracy; others are sloppy. The point is that the credit score is derived after an information-gathering process that is anything but rigorous. Or, rather, I should say, the three different numbers that are derived. Almost always there is a difference ? sometimes a big difference ? in the credit scores generated by the three bureaus. (Which, when you think about it, is another indicator of how haphazard the process is.) What happens then? I found a Web site called lendingart.com, which listed every big mortgage lender?s credit score requirements. The lenders all said that if two credit scores differed, they took the lower score; if there were three credit scores, they took the one on the middle. CitiMorgage, in its description, said that if a borrower had one score of 691 and another of zero, zero was the operative score. Let?s go back again to that borrower trying to qualify for a loan that conforms to Fannie Mae?s criteria. Suppose one credit bureau has given him a score of 625 ? which means he qualifies ? and another gives him a score of 618, meaning he doesn?t. Then he doesn?t get the loan. Can someone explain how that constitutes sound underwriting? And that doesn?t even get into the question of whether the prospective borrower is someone who once had credit problems and has now cleaned up his act ? and his score is improving ? or someone whose credit is in decline. The credit bureaus are incapable of tricking out that kind of nuance. Actually, they don?t really care. Nor do they take into account examples like the one Ms. Killian mentioned, where people?s credit scores are being hurt by credit card companies that are cutting back their credit limits. And finally, they don?t take into account the many, many mistakes that are found in credit reports. My own credit reports, which I looked up for this column, are a case in point. Although my score was O.K. ? the low 700s ? the reports themselves were full of unpleasant surprises. They listed credit card accounts I didn?t have, and failed to list at least one big one that I did have. Two of them noted that five years ago, I was late on a car payment. (I was?) My daughter?s old Brooklyn address was listed as my former address. According to Experian, I was still writing for Fortune magazine. It said I no longer lived in a house that I just bought two months ago. TransUnion, meanwhile, listed The New York Times as my former employer. Currently, TransUnion said, I am an employee of Rite Aid. Rite Aid? I know, I know ? it is supposed to be up to me to catch their mistakes (which is also why they don?t have to care about the mistakes.) But what I find incredible is that we have imbued credit scores with these magical predictive powers ? and yet the companies coming up with the scores can?t even get the borrower?s address and employer right. It would be funny if it didn?t matter so much. This was the week, of course, that President Obama signed the financial reform bill into law, which calls for the establishment of a new consumer financial protection agency. The credit scoring business would certainly seem to be a worthy area for the new agency to dive into. Wouldn?t you agree, Professor Warren? From rforno at infowarrior.org Tue Jul 27 14:41:11 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 27 Jul 2010 15:41:11 -0400 Subject: [Infowarrior] - Apple responds to Jailbreaking Decision Message-ID: <49C48BAC-500B-470D-A39A-8742F7DCB367@infowarrior.org> Wonder how their stance will be received if someone takes 'em to court on grounds this policy may run contrary to the LOC decision. Interesting, but Apple is Apple.....arrogance is not unknown to them! -rick Apple Responds to iPhone Jailbreaking Decision http://www.pcmag.com/article2/0,2817,2367037,00.asp The Electronic Frontier Foundation and hackers everywhere scored a victory this week when the Library of Congress's Copyright Office ruled that users can legally jailbreak their phones - particularly Apple's iPhone. Jailbreaking, the government said, is "innocuous at worst and beneficial at best." Apple, which has long been vocally opposed to any meddling with the iPhone, doesn't seem particularly excited by the decision, but it's not going to let a little thing like a copyright ruling alter its existing policy of voiding the warranties of jailbroken phones. "Apple's goal has always been to insure that our customers have a great experience with their iPhone and we know that jailbreaking can severely degrade the experience," Apple said in a statement provided to Cult of Mac. "As we've said before, the vast majority of customers do not jailbreak their iPhones as this can violate the warranty and can cause the iPhone to become unstable and not work reliably." Jailbreaking, the company said, leaves the phone open to the malicious attacks Apple works to avoid with its closed product ecosystem and App Store vetting process. Apple outlined its concerns with jailbreaking on its support page, including device and application instability, unreliable voice and data, disruption of service, the aforementioned compromised security, shortened battery life, and inability to apply future software updates. "It is also important to note that unauthorized modification of the iOS is a violation of the iPhone end-user license agreement," the company wrote. "Because of this, Apple may deny service for an iPhone, iPad, or iPod touch that has installed any unauthorized software." Monday's Copyright Office ruling is part of a Digital Millennium Copyright Act (DMCA) review conducted every three years by the librarian of Congress. The librarian, James H. Billington, looks at the DMCA to see if there are any emerging technologies that might be exempt from the law's ban on circumventing access to copyrighted material. This year, the EFF asked Billington to examine the jailbreaking issue, particularly as it pertains to the iPhone. Billington also granted exemptions for DVD remixing, wireless networks, video games, computer programs on dongles, and e-books. From rforno at infowarrior.org Tue Jul 27 16:56:48 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 27 Jul 2010 17:56:48 -0400 Subject: [Infowarrior] - Is Google Watching You? New Plugin Will Let You Know Message-ID: <08577251-86B8-4456-88FC-23BD1219A2F5@infowarrior.org> Is Google Watching You? New Plugin Will Let You Know [APPS] Brenna Ehrlich Brenna Ehrlich Tue Jul 27, 1:29 pm ET http://news.yahoo.com/s/mashable/20100727/tc_mashable/is_google_watching_you_new_plugin_will_let_you_know_apps/print Another rad browser plugin called Google Alarm hit the Internets this week, which alerts you every time your personal info is sent to Google's servers. How? Via notifications, a running tally of dangerous sites and, naturally, a super annoying, vuvuzela-like alarm. After seeing this new plugin -- which works with both Firefox and Chrome -- on F.A.T., I contacted the developer who made it: Jamie Wilkinson, who also created Know Your Meme and Mag.ma. Google Alarm, which was made during F.A.T.'s F*ck Google Week in Berlin, is supposed to make users aware of how much info they're sending to the search giant. According to Wilkinson, "Google makes great products and gives them all away for free, which has made them into a ubiquitous and omniscient force on the Internet. Google Alarm and F*ck Google in general are meant to illustrate how this single unregulated company now captures more information about us than any government agency ever could. When I started developing Google Alarm I was blown away to discover that 80+% of websites I visit have some kind of Google tracking bugs on them." So how does the plugin work? "[It] inspects each page you visit for Google-related URLs: googleanalytics.com/ga.js for Google Analytics, doubleclick.net/googlesyndication.com URLs for AdSense, youtube.com/v/ for YouTube embeds, and many more," Wilkinsen says. "Each service triggers an individual visual and audible alert to help you become more aware of when you're transmitting data to Google." If you're into the idea, the source code is currently open, and Wilkinsen welcomes suggestions. Check out the video below for more info: From rforno at infowarrior.org Tue Jul 27 20:26:48 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 27 Jul 2010 21:26:48 -0400 Subject: [Infowarrior] - =?windows-1252?q?Privacy_Lawsuit_Targets_Net_Gian?= =?windows-1252?q?ts_Over_=91Zombie=92_Cookies?= Message-ID: <32DEF807-E150-497B-B8B4-78D27B5A5CCE@infowarrior.org> Privacy Lawsuit Targets Net Giants Over ?Zombie? Cookies ? By Ryan Singel ? July 27, 2010 | ? 4:06 pm | ? Categories: The Courts, privacy http://www.wired.com/threatlevel/2010/07/zombie-cookies-lawsuit/ A wide swath of the net?s top websites, including MTV, ESPN, MySpace, Hulu, ABC, NBC and Scribd, were sued in federal court Friday on the grounds they violated federal computer intrusion law by secretly using storage in Adobe?s Flash player to re-create cookies deleted by users. At issue is technology from Quantcast, also targeted in the lawsuit. Quantcast created Flash cookies that track users across the web, and used them to re-create traditional browser cookies that users deleted from their computers. These ?zombie? cookies came to light last year, after researchers at UC Berkeley documented deleted browser cookies returning to life. Quantcast quickly fixed the issue, calling it an unintended consequence of trying to measure web traffic accurately. Flash cookies are used by many of the net?s top websites for a variety of purposes, from setting default volume levels on video players to assigning a unique ID to users that tracks them no matter what browser they use. (Disclosure: The last time we reported on this issue, we found that Wired.com used one to set video preferences.) The lawsuit (.pdf), filed in U.S. district court in San Francisco, asks the court to find that the practice violated eavesdropping and hacking laws, and that the practice of secretly tracking users also violated state and federal fair trade laws. The lawsuit alleges a ?pattern of covert online surveillance? and seeks status as a class action lawsuit. The lawsuit was filed by Joseph Malley, a privacy activist lawyer who also played key roles in other high profile privacy lawsuits, including a $9.5 million settlement earlier this year from Facebook over its ill-fated Beacon program and a settlement with Netflix after the company gave imperfectly anonymized data to contestants in a movie recommendation contest. ?The objective of this scheme was the online harvesting of consumers? personal information for Defendants? use in online marketing activities,? wrote Malley, who called the technique ?as simple as it was deceptive and devious.? Unlike traditional browser cookies, Flash cookies are relatively unknown to web users, and they are not controlled through the cookie privacy controls in a browser. That means even if a user thinks they have cleared their computer of tracking objects, they most likely have not. Adobe?s Flash software is installed on an estimated 98 percent of personal computers, and has been a key component in the explosion of online video, powering video players for sites such as YouTube and Hulu. Websites can store up to 100 kilobytes of information in the plug-in, 25 times what a browser cookie can hold. Sites like Pandora.com also use Flash?s storage capability to pre-load portions of songs or videos to ensure smooth playback. QuantCast was using the same user ID in its HTML and Flash cookies, and when a user got rid of the former, Quantcast would reach into the Flash storage bin, retrieve the user?s old number and reapply it so the customer?s browsing history around the net would not be cut off. Quantcast?s behavior stopped last August, after Wired.com reported on the research from then-grad student Ashkan Soltani. Quantcast is used by thousands of sites to measure the number of unique visitors and to get information on the kinds of people visiting their site ? athletic, older, interested in food, etc. The lawsuit seeks unspecified damages and a court order requiring the companies to delete data collected, stop the practice in the future and provide an easy way to opt out. All modern browsers now include fine-grained controls to let users decide what cookies to accept and which to get rid of, but Flash cookies are handled differently. These are fixed through a web page on Adobe?s site, and the controls are not easily understood (There is a panel for Global Privacy Settings and another for Website Privacy Settings ? the difference is unclear). In fact, the controls are so odd, the page has to tell you that it actually is the control for your computer, not just a tutorial on how to use the control. Firefox users can prevent or delete Flash cookies using a free add-on called BetterPrivacy. Scribd, Hulu, and ESPN both declined to comment, saying they had not yet been served with the lawsuit. Quantcast and MTV?s parent company, Viacom, did not respond to requests for comment. The case number is 10-CV-5484, U.S. District Court for the Northern District of California. Photo:JGarber/Flickr From rforno at infowarrior.org Wed Jul 28 06:40:58 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 28 Jul 2010 07:40:58 -0400 Subject: [Infowarrior] - Open Security Foundation Launches New Cloud Security Project Message-ID: <82F8B1A8-4266-416F-B39B-F24170270DD0@infowarrior.org> Open Security Foundation Launches New Cloud Security Project Posted by jkouns 12 hours ago http://blog.osvdb.org/2010/07/27/open-security-foundation-launches-new-cloud-security-project The Open Security Foundation, providing independent, accurate, detailed, current, and unbiased security information to professionals around the world, announced today that it has launched Cloutage (cloutage.org) that will bring enhanced visibility and transparency to Cloud security. The name Cloutage comes from a play on two words, Cloud and Outage, that combine to describe what the new website offers: a destination for organizations to learn about cloud security issues as well as a complete list of any problems around the globe among cloud service providers. The new website is aimed at empowering organizations by providing cloud security knowledge and resources so that they may properly assess information security risks related to the cloud. Cloutage documents known and reported incidents with cloud services while also providing a one-stop shop for cloud security news and resources. ?When speaking with individuals about the cloud, to this point it has been a very emotional conversation. People either love or hate the cloud,? says Jake Kouns, Chairman, Open Security Foundation. ?Our goal with Cloutage is to bring grounded data and facts to the conversation so we can have more meaningful discussions about the risks and how to improve cloud security controls.? Cloutage captures data about incidents affecting cloud services in several forms including vulnerabilities that affect the confidentiality and integrity of customer data, automatic update failures, data loss, hacks and outages that impact service availability. Data is acquired from verifiable media resources and is also open for community participation based on anonymous user submissions. Cloud solution providers are listed on the website and the community can provide comments and ratings based on their experiences. Cloutage also features an extensive news service, mailing lists and links to organizations focused on the secure advancement of cloud computing. ?The nebulous world of cloud computing and the security concerns associated with it confuses many people, even IT and security professionals," says Patrick McDonald, a volunteer on the Cloutage project. "We want a clearinghouse of information that provides a clear picture of the cloud security issues." From rforno at infowarrior.org Wed Jul 28 07:21:35 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 28 Jul 2010 08:21:35 -0400 Subject: [Infowarrior] - WikiLeaks and AfPak: What "Everyone" Knows Message-ID: WikiLeaks and AfPak: What "Everyone" Knows James Fallows is a National Correspondent for The Atlantic. A 25-year veteran of the magazine and former speechwriter for Jimmy Carter, he is also an instrument-rated pilot and a onetime program designer at Microsoft. Jul 26 2010, 3:31 PM ET I lack the background knowledge about Afghanistan and Pakistan to put the new information in full perspective, not to mention lacking the time to read more than a little of the vast data dump. Therefore only these points about the still-emerging significance of what's now on public record: 1) "Everyone" knows this already. People who have been very close to this story say that little of the information is "new," in a fundamental sense. See the Atlantic Wire's summary here, Mother Jones here and here, and (splenetically and amusingly) Andrew Exum here. Fine. 2) But not everyone actually did. Notwithstanding #1, information that may be old news to insiders may seem a revelation to the broader public. Whether from George W. Bush or Barack Obama, presidential speeches about Afghanistan have not emphasized the mixed loyalties of the Pakistani security services, the frustrations of dealing with tribal leaders and corrupt officials, the extent of civilian casualties, and other items that, according to insiders, "everyone" already knows. At this stage it's impossible to say whether a vast, somewhat hard-to-digest compilation of raw reports, released in the middle of summer, will mean that "everyone" in a broader sense comes to share this insider perspective. 3) And that's the possible similarity to the Pentagon Papers. Afghanistan is different from Vietnam, Barack Obama is different from Lyndon Johnson and Richard Nixon, the raw battlefield intel from WikiLeaks is different from the inside policy memos of the Pentagon Papers, and so on. But the basic similarity of the cases involves the question of what "everyone" knows. By 1971, anyone who had been really following the Vietnam war already "knew," or could guess, much of what was in the Pentagon Papers. The Papers mattered because of (a) the confirmation that the government had known about the problems for a very long time, and (b) the spreading of that understanding to the broader public. If the WikiLeaks documents, coming during what is already the deadliest month ever for U.S. troops in Afghanistan, really do mark a shift in mainstream opinion about the war, it will be because everyone [general public, press, and politicians] will now recognize what "everyone" [insiders] already knew. Below and after the jump, a reader message about the awkwardness of even discussing "winning" this kind of war. The reader writes .... < -- > http://www.theatlantic.com/politics/archive/2010/07/wikileaks-and-afpak-what-everyone-knows/60411/ From rforno at infowarrior.org Wed Jul 28 09:05:39 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 28 Jul 2010 10:05:39 -0400 Subject: [Infowarrior] - SEC Says New FinReg Law Exempts It From Public Disclosure Message-ID: - July 28, 2010 SEC Says New FinReg Law Exempts It From Public Disclosure http://www.foxbusiness.com/markets/2010/07/28/sec-says-new-finreg-law-exempts-public-disclosure/print Under a little-noticed provision of the recently passed financial-reform legislation, the Securities and Exchange Commission no longer has to comply with virtually all requests for information releases from the public, including those filed under the Freedom of Information Act. So much for transparency. Under a little-noticed provision of the recently passed financial-reform legislation, the Securities and Exchange Commission no longer has to comply with virtually all requests for information releases from the public, including those filed under the Freedom of Information Act. The law, signed last week by President Obama, exempts the SEC from disclosing records or information derived from "surveillance, risk assessments, or other regulatory and oversight activities." Given that the SEC is a regulatory body, the provision covers almost every action by the agency, lawyers say. Congress and federal agencies can request information, but the public cannot. That argument comes despite the President saying that one of the cornerstones of the sweeping new legislation was more transparent financial markets. Indeed, in touting the new law, Obama specifically said it would ?increase transparency in financial dealings." The SEC cited the new law Tuesday in a FOIA action brought by FOX Business Network. Steven Mintz, founding partner of law firm Mintz & Gold LLC in New York, lamented what he described as ?the backroom deal that was cut between Congress and the SEC to keep the SEC?s failures secret. The only losers here are the American public.? If the SEC?s interpretation stands, Mintz, who represents FOX Business Network, predicted ?the next time there is a Bernie Madoff failure the American public will not be able to obtain the SEC documents that describe the failure,? referring to the shamed broker whose Ponzi scheme cost investors billions. The SEC didn?t immediately respond to a request for comment. Criticism of the provision has been swift. ?It allows the SEC to block the public?s access to virtually all SEC records,? said Gary Aguirre, a former SEC staff attorney-turned-whistleblower who had accused the agency of thwarting an investigation into hedge fund Pequot Asset Management in 2005. ?It permits the SEC to promulgate its own rules and regulations regarding the disclosure of records without getting the approval of the Office of Management and Budget, which typically applies to all federal agencies.? Aguirre used FOIA requests in his own lawsuit against the SEC, which the SEC settled this year by paying him $755,000. Aguirre, who was fired in September 2005, argued that supervisors at the SEC stymied an investigation of Pequot ? a charge that prompted an investigation by the Senate Judiciary and Finance committees. The SEC closed the case in 2006, but would re-open it three years later. This year, Pequot and its founder, Arthur Samberg, were forced to pay $28 million to settle insider-trading charges related to shares of Microsoft (NASDAQ:MSFT). The settlement with Aguirre came shortly later. ?From November 2008 through January 2009, I relied heavily on records obtained from the SEC through FOIA in communications to the FBI, Senate investigators, and the SEC in arguing the SEC had botched its initial investigation of Pequot?s trading in Microsoft securities and thus the SEC should reopen it, which it did,? Aguirre said. ?The new legislation closes access to such records, even when the investigation is closed. ?It is hard to imagine how the bill could be more counterproductive,? Aguirre added. FOX Business Network sued the SEC in March 2009 over its failure to produce documents related to its failed investigations into alleged investment frauds being perpetrated by Madoff and R. Allen Stanford. Following the Madoff and Stanford arrests it, was revealed that the SEC conducted investigations into both men prior to their arrests but failed to uncover their alleged frauds. FOX Business made its initial request to the SEC in February 2009 seeking any information related to the agency?s response to complaints, tips and inquiries or any potential violations of the securities law or wrongdoing by Stanford. FOX Business has also filed lawsuits against the Treasury Department and Federal Reserve over their failure to respond to FOIA requests regarding use of the bailout funds and the Fed?s extended loan facilities. In February, the Federal Court in New York sided with FOX Business and ordered the Treasury to comply with its requests. Last year, the network won a legal victory to force the release of documents related to New York University?s lawsuit against Madoff feeder Ezra Merkin. FOX Business? FOIA requests have so far led the SEC to release several important and damaging documents: ?FOX Business used the FOIA to obtain a 2005 survey that the SEC in Fort Worth was sending to Stanford investors. The survey showed that the SEC had suspicions about Stanford several years prior to the collapse of his $7 billion empire. ?FOX Business used the FOIA to obtain copies of emails between Federal Reserve lawyers, AIG and staff at the Federal Reserve Bank of New York in which it was revealed the Fed staffers knew that bailing out AIG would result in bonuses being paid. Recently, TARP Congressional Oversight Panel chair Elizabeth Warren told FOX Business that the network?s Freedom of Information Act efforts played a ?very important part? of the panel?s investigation into AIG. Warren told the network the government ?crossed a line? with the AIG bailout. ?FOX News and the congressional oversight panel has pushed, pushed, pushed, for transparency, give us the documents, let us look at everything. Your Freedom of Information Act suit, which ultimately produced 250,000 pages of documentation, was a very important part of our report. We were able to rely on the documents that you pried out for a significant part of our being able to put this report together,? Warren said. The SEC first made its intention to block further FOIA requests known on Tuesday. FOX Business was preparing for another round of ?skirmishes? with the SEC, according to Mintz, when the agency called and said it intended to use Section 929I of the 2000-page legislation to refuse FBN?s ongoing requests for information. Mintz said the network will challenge the SEC?s interpretation of the law. ?I believe this is subject to challenge,? he said. ?The contours will have to be figured out by a court.? SEC Financial Regulatory Law H.R. 4173 From rforno at infowarrior.org Wed Jul 28 09:29:21 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 28 Jul 2010 10:29:21 -0400 Subject: [Infowarrior] - Paper: Internet research credibility Message-ID: <82094CBE-41AE-47C6-BBAD-0BFAD2160B0D@infowarrior.org> Students trust high Google search rankings too much http://arstechnica.com/science/news/2010/07/alt-title-students-place-too.ars Digital Na(t)ives? Variation in Internet Skills and Uses among Members of the ?Net Generation? Citation: Hargittai, E., Fullerton, F, Menchen-Trevino E & Thomas, K (2010). Trust Online: Young Adults' Evaluation of Web Content. International Journal of Communication. 4:468-494. Download: PDF (207 KB) -- http://webuse.org/p/a30/ Abstract Little of the work on online credibility assessment has considered how the informationseeking process figures into the final evaluation of content people encounter. Using unique data about how a diverse group of young adults looks for and evaluates Web content, our paper makes contributions to existing literature by highlighting factors beyond site features in how users assess credibility. We find that the process by which users arrive at a site is an important component of how they judge the final destination. In particular, search context, branding and routines, and a reliance on those in one's networks play important roles in online information-seeking and evaluation. We also discuss that users differ considerably in their skills when it comes to judging online content credibility. From rforno at infowarrior.org Wed Jul 28 14:46:28 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 28 Jul 2010 15:46:28 -0400 Subject: [Infowarrior] - ASCAP Revisionism: Refuses to Debate Lessig Message-ID: ASCAP Boss Refuses To Debate Lessig; Claims That It's An Attempt To 'Silence' ASCAP http://techdirt.com/articles/20100727/23070310388.shtml From rforno at infowarrior.org Wed Jul 28 18:05:10 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 28 Jul 2010 19:05:10 -0400 Subject: [Infowarrior] - Congress Rethinks Online Gambling Ban Message-ID: <63CD5FD5-0BF5-4853-B9A3-A052AA812261@infowarrior.org> July 28, 2010 Congress Rethinks Online Gambling Ban By SEWELL CHAN http://www.nytimes.com/2010/07/29/us/politics/29gamble.html?_r=1&hp=&pagewanted=print WASHINGTON ? With pressure mounting on the federal government to find new revenues, Congress is considering legalizing, and taxing, an activity it banned just four years ago: Internet gambling. On Wednesday, the House Financial Services Committee approved a bill that would effectively legalize online poker and other nonsports betting, overturning a 2006 federal ban that critics say merely drove Web-based casinos offshore. The vote was 41 to 22, with seven Republicans joining most Democrats on the panel in favor of the measure. The bill would direct the Treasury Department to license and regulate Internet gambling operations, while a companion measure, pending before another committee, would allow the Internal Revenue Service to tax such businesses. Winnings by individuals would also be taxed, as regular gambling winnings are now. The taxes could yield as much as $42 billion for the government over 10 years, supporters said. The two measures ? which are backed by banks and credit unions but have divided casinos and American Indian tribes ? are far from becoming law. A bill to legalize online poker sponsored by Senator Robert Menendez, Democrat of New Jersey, has not yet had a hearing. The Congressional timetable has little spare room before the midterm elections, and the Obama administration has not taken a position. But the vote suggests a willingness by Congress to look for unconventional ways of plugging holes in the budget and comes as struggling states have also been looking to extract revenue from the gambling industry, which took a hit as consumers cut back on travel and entertainment during the recession but continues to reap billions of dollars in annual profits. Last year, Colorado expanded casino hours, raised maximum-bet limits and permitted roulette and craps, while Missouri eliminated a $500 loss limit at riverboat casinos. Delaware and Pennsylvania have weighed proposals to allow slots parlors to convert to into full-service casinos, making further inroads into the eroding Atlantic City gambling industry. Opponents, who only four years ago, when Congress was controlled by the Republicans, secured a law that banned the use of credit and debit cards to pay online casinos, said they were aghast. ?People sometimes resort to drastic things when they are strapped for cash,? said Representative Robert W. Goodlatte, Republican of Virginia, who called the new proposals ?unfathomable.? Representative Barney Frank, the Massachusetts Democrat who leads the Financial Services Committee, has been the legislation?s champion. ?Some adults will spend their money foolishly, but it is not the purpose of the federal government to prevent them legally from doing it,? Mr. Frank said. The committee?s top Republican, Representative Spencer Bachus of Alabama, noting the passage of far-reaching changes in financial regulation this month, said that ?after all the talk last year about shutting down casinos on Wall Street,? he was incredulous that members would vote to ?open casinos in every home and every bedroom and every dorm room, and on every iPhone, every BlackBerry, every laptop.? Mr. Bachus said lobbyists had spent ?tens of millions? to overturn the 2006 law. ?They?ve had quite a bit of success in turning votes,? he said. Supporters of legalization said fiscal considerations played a role in their thinking. ?I was looking for the money,? Representative Jim McDermott, Democrat of Washington, said in an interview. He sponsored the companion measure to allow taxation of Internet gambling; he wants to dedicate the money to education. Representative Brad Sherman, Democrat of California, said in an interview that the money was an attractive source of financing for other programs. ?We will not pass an Internet gaming bill,? Mr. Sherman predicted. ?We will pass a bill to do something very important, funded by Internet gaming.? He added: ?Forty-two billion dollars over 10 years has an effect.? The legal status of online gambling has long been murky. The Justice Department asserts that the Wire Act of 1961 prohibits it, but prosecutors have largely left individual gamblers alone. To crack down on the activity, a 2006 law ? inserted at the last minute into an unrelated bill in one of Congress?s last actions before Democrats took control ? banned financial institutions from transmitting payments to and from gambling operators. In the same year, the authorities arrested David Carruthers, a British online-gambling executive, as he changed flights at a Texas airport. He was sentenced to 33 months in prison for racketeering. Last year, the authorities ordered four banks to freeze the accounts of online payment processors that owed money to some 27,000 people who had used offshore poker sites. But the enforcement actions have barely put a dent in the industry, experts say. Gamblers have used online payment processors, phone-based deposits and prepaid credit cards to circumvent the ban. By some estimates, American online gambling exceeds $6 billion a year. ?Today, any American with a broadband connection and a checking account can engage in any form of Internet gambling from any state,? Annie Duke, a professional poker player, testified in May on behalf of the Poker Players Alliance, which hired a former Republican senator from New York, Alfonse M. D?Amato, to lobby for the bill. Michael Brodsky, executive chairman of YouBet.com, an online site for parimutuel horse racing, said, ?As with Prohibition, illegal online gambling is thriving as an underground economy.? Banks and credit unions said the 2006 law was poorly drafted ? so much so that the Obama administration delayed, to June 1 of this year, the deadline for banks to comply with the law, to address concerns about its enforceability. In 1999, the National Gambling Impact Study Commission urged the prohibition of Internet gambling. Attorney General Eric H. Holder Jr. has said he would not support efforts to legalize online gambling, a view shared by most state attorneys general. ?Because Internet gambling is essentially borderless activity, from a money laundering and terrorism financing perspective, it creates a regulatory and enforcement quagmire,? said James F. Dowling, a former special agent with the Internal Revenue Service. And Mr. Bachus released a November letter from the F.B.I. in which Shawn Henry, the deputy director of the cyber division, said it would be difficult for companies to verify the age and location of their customers. The bill contains measures intended to protect minors and combat compulsive addiction. The bill would allow states and Indian tribes to ?opt out,? so players from those states and reservations would not be able to make online bets. But those governments would have a potentially lucrative incentive to allow the activity since they could then apply their own taxes on Internet casinos. Before voting, the committee approved amendments to delegate enforcement duties to states and tribes, continue a ban on betting on sporting events, ban marketing aimed at children, and prohibit companies that violated the 2006 ban from obtaining licenses. From rforno at infowarrior.org Thu Jul 29 06:36:45 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 29 Jul 2010 07:36:45 -0400 Subject: [Infowarrior] - WH wants easier FBI electronic surveillance of Internet Message-ID: <7923E6AF-579F-4405-9766-B352BBC5E040@infowarrior.org> Obama channelling the ghost of Dubya? Same stuff/desires, different administration. :( -rf White House proposal would ease FBI access to records of Internet activity By Ellen Nakashima Washington Post Staff Writer Thursday, July 29, 2010; A01 http://www.washingtonpost.com/wp-dyn/content/article/2010/07/28/AR2010072806141_pf.html The Obama administration is seeking to make it easier for the FBI to compel companies to turn over records of an individual's Internet activity without a court order if agents deem the information relevant to a terrorism or intelligence investigation. The administration wants to add just four words -- "electronic communication transactional records" -- to a list of items that the law says the FBI may demand without a judge's approval. Government lawyers say this category of information includes the addresses to which an Internet user sends e-mail; the times and dates e-mail was sent and received; and possibly a user's browser history. It does not include, the lawyers hasten to point out, the "content" of e-mail or other Internet communication. But what officials portray as a technical clarification designed to remedy a legal ambiguity strikes industry lawyers and privacy advocates as an expansion of the power the government wields through so-called national security letters. These missives, which can be issued by an FBI field office on its own authority, require the recipient to provide the requested information and to keep the request secret. They are the mechanism the government would use to obtain the electronic records. Stewart A. Baker, a former senior Bush administration Homeland Security official, said the proposed change would broaden the bureau's authority. "It'll be faster and easier to get the data," said Baker, who practices national security and surveillance law. "And for some Internet providers, it'll mean giving a lot more information to the FBI in response to an NSL." Many Internet service providers have resisted the government's demands to turn over electronic records, arguing that surveillance law as written does not allow them to do so, industry lawyers say. One senior administration government official, who would discuss the proposed change only on condition of anonymity, countered that "most" Internet or e-mail providers do turn over such data. To critics, the move is another example of an administration retreating from campaign pledges to enhance civil liberties in relation to national security. The proposal is "incredibly bold, given the amount of electronic data the government is already getting," said Michelle Richardson, American Civil Liberties Union legislative counsel. The critics say its effect would be to greatly expand the amount and type of personal data the government can obtain without a court order. "You're bringing a big category of data -- records reflecting who someone is communicating with in the digital world, Web browsing history and potentially location information -- outside of judicial review," said Michael Sussmann, a Justice Department lawyer under President Bill Clinton who now represents Internet and other firms. Privacy concerns The use of the national security letters to obtain personal data on Americans has prompted concern. The Justice Department issued 192,500 national security letters from 2003 to 2006, according to a 2008 inspector general report, which did not indicate how many were demands for Internet records. A 2007 IG report found numerous possible violations of FBI regulations, including the issuance of NSLs without having an approved investigation to justify the request. In two cases, the report found, agents used NSLs to request content information "not permitted by the [surveillance] statute." One issue with both the proposal and the current law is that the phrase "electronic communication transactional records" is not defined anywhere in statute. "Our biggest concern is that an expanded NSL power might be used to obtain Internet search queries and Web histories detailing every Web site visited and every file downloaded," said Kevin Bankston, a senior staff attorney with the Electronic Frontier Foundation, which has sued AT&T for assisting the Bush administration's warrantless surveillance program. He said he does not object to the government obtaining access to electronic records, provided it has a judge's approval. Senior administration officials said the proposal was prompted by a desire to overcome concerns and resistance from Internet and other companies that the existing statute did not allow them to provide such data without a court-approved order. "The statute as written causes confusion and the potential for unnecessary litigation," Justice Department spokesman Dean Boyd said. "This clarification will not allow the government to obtain or collect new categories of information, but it seeks to clarify what Congress intended when the statute was amended in 1993." The administration has asked Congress to amend the statute, the Electronic Communications Privacy Act, in the fiscal year that begins in October. Administration officials noted that the act specifies in one clause that Internet and other companies have a duty to provide electronic communication transactional records to the FBI in response to a national security letter. But the next clause specifies only four categories of basic subscriber data that the FBI may seek: name, address, length of service and toll billing records. There is no reference to electronic communication transactional records. Same as phone records? The officials said the transactional information at issue, which does not include Internet search queries, is the functional equivalent of telephone toll billing records, which the FBI can obtain without court authorization. Learning the e-mail addresses to which an Internet user sends messages, they said, is no different than obtaining a list of numbers called by a telephone user. Obtaining such records with an NSL, as opposed to a court order, "allows us to intercede in plots earlier than we would if our hands were tied and we were unable to get this data in a way that was quick and efficient," the senior administration official said. But the value of such data is the reason a court should approve its disclosure, said Greg Nojeim, senior counsel at the Center for Democracy and Technology. "It's much more sensitive than the other information, like name, address and telephone number, that the FBI gets with national security letters," he said. "It shows associational information protected by the First Amendment and is much less public than things like where you live." A Nov. 5, 2008, opinion from the Justice Department's Office of Legal Counsel, whose opinions are binding on the executive branch, made clear that the four categories of basic subscriber information the FBI may obtain with an NSL were "exhaustive." This opinion, said Sussmann, the former Clinton administration lawyer, caused many companies to reevaluate the scope of what could be provided in response to an NSL. "The OLC opinion removed the ambiguity," he said. "Providers now are limited to the four corners of what the opinion says they can give out. Those who give more do so at their own risk." Marc Zwillinger, an attorney for Internet companies, said some providers are not giving the FBI more than the four categories specified. He added that with the rise of social networking, the government's move could open a significant amount of Internet activity to government surveillance without judicial authorization. "A Facebook friend request -- is that like a phone call or an e-mail? Is that something they would sweep in under an NSL? They certainly aren't getting that now." From rforno at infowarrior.org Thu Jul 29 06:42:23 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 29 Jul 2010 07:42:23 -0400 Subject: [Infowarrior] - Paper: Privacy as a luxury commodity Message-ID: <3D7077B0-30ED-4A26-898E-698A970597CA@infowarrior.org> Privacy as a luxury commodity Zizi Papacharissi In contemporary democracies, privacy is recognized as a basic human right ? the ?right to be let alone,? as defined by the landmark Warren and Brandeis (1890) Harvard Law Review article. It is rumored that Warren was inspired to write this article following intrusive news coverage of society parties his wife had thrown. These culminated with the press taking and publishing photographs from his daughters? private wedding party. At the time, Warren and Brandeis saw it necessary to assert the right to privacy, or, in their words, ?the right to an inviolate personality? given the prevalence of media platforms that could so easily render a private event, public. In modern societies, this distance between public and private dwindles, and contemporary media further blur the lines separating private from public. Social media, in particular, enable individuals to connect with multiple audiences on online social planes that are neither conventionally public, nor entirely private. In the publicly private and privately public era of Facebook, Ms. Warren?s guests would have been tagged in Facebook photographs that were publicly available to outside networks and third parties. The question of privacy in a digital era has resurfaced, following the most recent privacy policy changes implemented by Facebook. The revised, default architecture prompts users to be more public with their information. While it is possible for users to edit these settings, the code that belies the structure of the network makes it easier to share, than to hide information. Digital traces of consumer behavior are thus left on partner and third party sites that users visit, like, or share. Facebook CEO Mark Zuckerberg has argued that these changes make it easier for users to share information across the social Web (Sutter, 2010). By contrast, activist groups like the Electronic Privacy Information Center (EPIC), claim that Facebook pulled a ?privacy bait and switch,? getting users to provide personal information under one set of privacy terms, then modifying their privacy policies (Chittal, 2010). After much turmoil, Facebook took some steps to make privacy settings more accessible and manageable for their members (Zuckerberg, 2010). Still, the following chart, constructed by Matt McKeon, a developer with the Visual Communication Lab (http://www.research.ibm.com/visual/) at IBM Research?s Center for Social Software (http://www.research.ibm.com/social/), depicts the overall effect of Facebook?s gradual changes to its default privacy architecture. < -- > http://www.uic.edu/htbin/cgiwrap/bin/ojs/index.php/fm/article/view/3075 From rforno at infowarrior.org Thu Jul 29 08:01:12 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 29 Jul 2010 09:01:12 -0400 Subject: [Infowarrior] - NIST RFC: Cybersecurity, Innovation and the Internet Economy Message-ID: http://cryptome.org/0002/nist072810.htm 28 July 2010 [Federal Register: July 28, 2010 (Volume 75, Number 144)] [Notices] [Page 44216-44223] From the Federal Register Online via GPO Access [wais.access.gpo.gov] [DOCID:fr28jy10-39] ----------------------------------------------------------------------- DEPARTMENT OF COMMERCE Office of the Secretary National Institute of Standards and Technology International Trade Administration National Telecommunications and Information Administration [Docket No.: 100721305-0305-01] Cybersecurity, Innovation and the Internet Economy AGENCY: Office of the Secretary, U.S. Department of Commerce; National Institute of Standards and Technology, U.S. Department of Commerce; International Trade Administration, U.S. Department of Commerce; and National Telecommunications and Information Administration, U.S. Department of Commerce. ACTION: Notice of inquiry. ----------------------------------------------------------------------- SUMMARY: The Department of Commerce's Internet Policy Task Force is conducting a comprehensive review of the nexus between cybersecurity challenges in the commercial sector and innovation in the Internet economy. The Department seeks comments from all stakeholders, including the commercial, academic and civil society sectors, on measures to improve cybersecurity while sustaining innovation. Preserving innovation, as well as private sector and consumer confidence in the security of the Internet economy, are important for promoting economic prosperity and social well-being overall. In particular, the Department seeks to develop an up-to-date understanding of the current public policy and operational challenges affecting cybersecurity, as those challenges may shape the future direction of the Internet and its commercial use, both domestically and globally. After analyzing comments on this Notice, the Department intends to issue a report that will contribute to the Administration's domestic and international policies and activities in advancing both cybersecurity and the Internet economy. DATES: Comments are due on or before September 13, 2010. ADDRESSES: Written comments may be submitted by mail to Diane Honeycutt, National Institute of Standards and Technology, 100 Bureau Drive, Stop 8930, Gaithersburg, MD 20899. Submissions may be in any of the following formats: HTML, ASCII, Word, rtf, or pdf. Online submissions in electronic form may be sent to cybertaskforce at doc.gov . Paper submissions should include a three and one-half inch computer diskette or compact disc (CD). Diskettes or CDs should be labeled with the name and organizational affiliation of the filer and the name of the word processing program used to create the document. Comments will be posted at http://www.ntia.doc.gov/internetpolicytaskforce and http:/ /csrc.nist.gov . FOR FURTHER INFORMATION CONTACT: For questions about this Notice contact: Jon Boyens, International Trade Administration, U.S. Department of Commerce, 1401 Constitution Avenue, NW., Room 2806, Washington, DC 20230, telephone (202) 482-0573, e-mail Jon.Boyens at trade.gov ; or Alfred Lee, National Telecommunications and Information Administration, U.S. Department of Commerce, 1401 Constitution Avenue, NW., Room 4725, Washington, DC 20230, telephone (202) 482-1880, e-mail Alee at ntia.doc.gov . Please direct media inquires to the National Institute of Standards and Technology's Office of Public and Business Affairs at (301) 975-6478. From rforno at infowarrior.org Thu Jul 29 14:24:11 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 29 Jul 2010 15:24:11 -0400 Subject: [Infowarrior] - Comcast Billing Fail Message-ID: (Yes, there is a photo of the 'notice' from Comcast. -rick) Comcast Cares: Pay Us The $0.00 You Owe, Or We Cut You Off < - > While Comcast has received a lot of attention for its "Comcast Cares" initiative (the head of which recently left the company), it certainly looks like they have a few kinks to work out. Phil Anderson points us to the story of Comcast demanding the $0.00 a customer owes and threatening to turn off service if it's not received. < - > http://techdirt.com/articles/20100728/23164710402.shtml From rforno at infowarrior.org Thu Jul 29 20:33:40 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 29 Jul 2010 21:33:40 -0400 Subject: [Infowarrior] - =?windows-1252?q?Google=2C_CIA_Invest_in_=91Futur?= =?windows-1252?q?e=92_of_Web_Monitoring?= Message-ID: <74C9DA91-2FB9-4DDC-AB38-82B464F1766C@infowarrior.org> Exclusive: Google, CIA Invest in ?Future? of Web Monitoring ? By Noah Shachtman ? July 28, 2010 | ? 7:30 pm | ? Categories: Spies, Secrecy and Surveillance http://www.wired.com/dangerroom/2010/07/exclusive-google-cia/ The investment arms of the CIA and Google are both backing a company that monitors the web in real time ? and says it uses that information to predict the future. The company is called Recorded Future, and it scours tens of thousands of websites, blogs and Twitter accounts to find the relationships between people, organizations, actions and incidents ? both present and still-to-come. In a white paper, the company says its temporal analytics engine ?goes beyond search? by ?looking at the ?invisible links? between documents that talk about the same, or related, entities and events.? The idea is to figure out for each incident who was involved, where it happened and when it might go down. Recorded Future then plots that chatter, showing online ?momentum? for any given event. ?The cool thing is, you can actually predict the curve, in many cases,? says company CEO Christopher Ahlberg, a former Swedish Army Ranger with a PhD in computer science. Which naturally makes the 16-person Cambridge, Massachusetts, firm attractive to Google Ventures, the search giant?s investment division, and to In-Q-Tel, which handles similar duties for the CIA and the wider intelligence community. It?s not the very first time Google has done business with America?s spy agencies. Long before it reportedly enlisted the help of the National Security Agency to secure its networks, Google sold equipment to the secret signals-intelligence group. In-Q-Tel backed the mapping firm Keyhole, which was bought by Google in 2004 ? and then became the backbone for Google Earth. This appears to be the first time, however, that the intelligence community and Google have funded the same startup, at the same time. No one is accusing Google of directly collaborating with the CIA. But the investments are bound to be fodder for critics of Google, who already see the search giant as overly cozy with the U.S. government, and worry that the company is starting to forget its ?don?t be evil? mantra. America?s spy services have become increasingly interested in mining ?open source intelligence? ? information that?s publicly available, but often hidden in the daily avalanche of TV shows, newspaper articles, blog posts, online videos and radio reports. ?Secret information isn?t always the brass ring in our profession,? then CIA-director General Michael Hayden told a conference in 2008. ?In fact, there?s a real satisfaction in solving a problem or answering a tough question with information that someone was dumb enough to leave out in the open.? U.S. spy agencies, through In-Q-Tel, have invested in a number of firms to help them better find that information. Visible Technologies crawls over half a million web 2.0 sites a day, scraping more than a million posts and conversations taking place on blogs, YouTube, Twitter and Amazon. Attensity applies the rules of grammar to the so-called ?unstructured text? of the web to make it more easily digestible by government databases. Keyhole (now Google Earth) is a staple of the targeting cells in military-intelligence units. Recorded Future strips from web pages the people, places and activities they mention. The company examines when and where these events happened (?spatial and temporal analysis?) and the tone of the document (?sentiment analysis?). Then it applies some artificial-intelligence algorithms to tease out connections between the players. Recorded Future maintains an index with more than 100 million events, hosted on Amazon.com servers. The analysis, however, is on the living web. ?We?re right there as it happens,? Ahlberg told Danger Room as he clicked through a demonstration. ?We can assemble actual real-time dossiers on people.? Recorded Future certainly has the potential to spot events and trends early. Take the case of Hezbollah?s long-range missiles. On March 21, Israeli President Shimon Peres leveled the allegation that the terror group had Scud-like weapons. Scouring Hezbollah leader Hassan Nasrallah?s past statements, Recorded Future found corroborating evidence from a month prior that appeared to back up Peres? accusations. That?s one of several hypothetical cases Recorded Future runs in its blog devoted to intelligence analysis. But it?s safe to assume that the company already has at least one spy agency?s attention. In-Q-Tel doesn?t make investments in firms without an ?end customer? ready to test out that company?s products. Both Google Ventures and In-Q-Tel made their investments in 2009, shortly after the company was founded. The exact amounts weren?t disclosed, but were under $10 million each. Google?s investment came to light earlier this year online. In-Q-Tel, which often announces its new holdings in press releases, quietly uploaded a brief mention of its investment a few weeks ago. Both In-Q-Tel and Google Ventures have seats on Recorded Future?s board. Ahlberg says those board members have been ?very helpful,? providing business and technology advice, as well as introducing him to potential customers. Both organizations, it?s safe to say, will profit handsomely if Recorded Future is ever sold or taken public. Ahlberg?s last company, the corporate intelligence firm Spotfire, was acquired in 2007 for $195 million in cash. Google Ventures did not return requests to comment for this article. In-Q-Tel Chief of Staff Lisbeth Poulos e-mailed a one-line statement: ?We are pleased that Recorded Future is now part of IQT?s portfolio of innovative startup companies who support the mission of the U.S. Intelligence Community.? Just because Google and In-Q-Tel have both invested in Recorded Future doesn?t mean Google is suddenly in bed with the government. Of course, to Google?s critics ? including conservative legal groups, and Republican congressmen ? the Obama Administration and the Mountain View, California, company slipped between the sheets a long time ago. Google CEO Eric Schmidt hosted a town hall at company headquarters in the early days of Obama?s presidential campaign. Senior White House officials like economic chief Larry Summers give speeches at the New America Foundation, the left-of-center think tank chaired by Schmidt. Former Google public policy chief Andrew McLaughlin is now the White House?s deputy CTO, and was publicly (if mildly) reprimanded by the administration for continuing to hash out issues with his former colleagues. In some corners, the scrutiny of the company?s political ties have dovetailed with concerns about how Google collects and uses its enormous storehouse of search data, e-mail, maps and online documents. Google, as we all know, keeps a titanic amount of information about every aspect of our online lives. Customers largely have trusted the company so far, because of the quality of their products, and because of Google?s pledges not to misuse the information still ring true to many. But unease has been growing. Thirty seven state Attorneys General are demanding answers from the company after Google hoovered up 600 gigabytes of data from open Wi-Fi networks as it snapped pictures for its Street View project. (The company swears the incident was an accident.) ?Assurances from the likes of Google that the company can be trusted to respect consumers? privacy because its corporate motto is ?don?t be evil? have been shown by recent events such as the ?Wi-Spy? debacle to be unwarranted,? long-time corporate gadfly John M. Simpson told a Congressional hearing in a prepared statement. Any business dealings with the CIA?s investment arm are unlikely to make critics like him more comfortable. But Steven Aftergood, a critical observer of the intelligence community from his perch at the Federation of American Scientists, isn?t worried about the Recorded Future deal. Yet. ?To me, whether this is troublesome or not depends on the degree of transparency involved. If everything is aboveboard ? from contracts to deliverables ? I don?t see a problem with it,? he told Danger Room by e-mail. ?But if there are blank spots in the record, then they will be filled with public skepticism or worse, both here and abroad, and not without reason.? Photo: AP/Charles Dharapak From rforno at infowarrior.org Fri Jul 30 07:30:18 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 30 Jul 2010 08:30:18 -0400 Subject: [Infowarrior] - UK.gov sticks to IE 6 cos it's more 'cost effective' Message-ID: <38E47613-5F51-4916-8954-A2FCD366FF64@infowarrior.org> Sure, it's more cost-effective until they need to support it to close a major security or stability fix, then they'll pay a fortune for just-in-time coding support. Economic considerations aside, this is lunacy. -rick UK.gov sticks to IE 6 cos it's more 'cost effective', innit Uproarious web developers die a little inside By Kelly Fiveash ? Get more from this author Posted in Applications, 30th July 2010 12:23 GMT http://www.theregister.co.uk/2010/07/30/uk_government_sticks_with_ie_6/ Computers in Whitehall will largely continue to run Microsoft?s Internet Explorer 6, which will make web coders spit out their cheese?n?pickle sarnies this lunchtime. ?It is not straightforward for HMG departments to upgrade IE versions on their systems. Upgrading these systems to IE 8 can be a very large operation, taking weeks to test and roll out to all users.? That?s according to the government?s response to a petition submitted to Downing Street in February that opposed UK.gov?s continued endorsement of Microsoft?s IE 6. ?To test all the web applications currently used by HMG departments can take months at significant potential cost to the taxpayer. It is therefore more cost effective in many cases to continue to use IE6 and rely on other measures, such as firewalls and malware scanning software, to further protect public sector internet users,? it said. The petition itself was sent to Number 10 earlier this year asking then Prime Minister Gordon Brown to follow German and French governments' decisions to ditch IE 6. Brown?s administration was unmoved by security concerns about the crinkly old browser, however. It claimed at the time that its system, along with regular Microsoft updates, meant it was robust enough against the kind of attack that claimed over 30 corporate firms at the end of last year. Google was perhaps the most high-profile victim of those attacks. It has since turned its back on supporting the old MS browser in its web apps. At the same time, Microsoft too has been trying to shepherd users away from IE 6 and Windows XP - the operating system that refuses to die - in favour of its more recent software efforts. But the ConDem government is singing from the same hymnbook as Number 10?s previous incumbents. Freetards on the interwebs are in uproar about the decision, and the El Reg mailbox is overflowing with comments from outraged coders. "Apparently the IT team in Whitehall has yet to realise you could quite easily use IE6 for IE6 only sites, and receive the protection of a more modern browser such as IE8, FF and Chrome for everything else," Reg reader Mark told us. "As a senior web application developer, the mention of the positive word 'standards' in a document about IE6 makes me die a little on the inside -- 'Public sector organisations are free to identify software that supports their business needs as long as it adheres to appropriate standards' -- I'm not sure which standards they mean... but certainly not the HTML ones." Alas, Internet Explorer 6 is here to stay to keep the wheels of central government turning in this big fat society of ours, people. ? From rforno at infowarrior.org Fri Jul 30 08:05:01 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 30 Jul 2010 09:05:01 -0400 Subject: [Infowarrior] - NYT: Breaking a Promise on Surveillance Message-ID: Interesting to see the NYT opposing the Administration so overtly on this. -rf Editorial Breaking a Promise on Surveillance http://www.nytimes.com/2010/07/30/opinion/30fri1.html?_r=1&hp=&pagewanted=print It is just a technical matter, the Obama administration says: We just need to make a slight change in a law to make clear that we have the right to see the names of anyone?s e-mail correspondents and their Web browsing history without the messy complication of asking a judge for permission. It is far more than a technical change. The administration?s request, reported Thursday in The Washington Post, is an unnecessary and disappointing step backward toward more intrusive surveillance from a president who promised something very different during the 2008 campaign. In a 1993 update to the Electronic Communications Privacy Act, Congress said that Internet service providers have to turn over to the F.B.I., on request, ?electronic communication transactional records.? The government says this includes the e-mail records of their subscribers, specifically the addresses to which e-mail messages were sent, and the times and dates. (The content of the messages can remain private.) It may also include Web browsing records. To get this information, the F.B.I. simply has to ask for it in the form of a national security letter, which is an administrative request that does not require a judge?s signature. But there was an inconsistency in the writing of the 1993 law. One section said that Internet providers had to turn over this information, but the next section, which specified what the F.B.I. could request, left out electronic communication records. In 2008, the Justice Department?s Office of Legal Counsel issued an opinion saying this discrepancy meant the F.B.I. could no longer ask for the information. Many Internet providers stopped turning it over. Now the Obama administration has asked Congress to make clear that the F.B.I. can ask for it. These national security letters are the same vehicles that the Bush administration used after the Sept. 11, 2001, attacks to demand that libraries turn over the names of books that people had checked out. The F.B.I. used these letters hundreds of thousands of times to demand records of phone calls and other communications, and the Pentagon used them to get records from banks and consumer credit agencies. Internal investigations of both agencies found widespread misuse of the power, and little oversight into how it was wielded. President Obama campaigned for office on an explicit promise to rein in these abuses. ?There is no reason we cannot fight terrorism while maintaining our civil liberties,? his campaign wrote in a 2008 position paper. ?As president, Barack Obama would revisit the Patriot Act to ensure that there is real and robust oversight of tools like National Security Letters, sneak-and-peek searches, and the use of the material witness provision.? Where is the ?robust oversight? that voters were promised? Earlier this year, the administration successfully pushed for crucial provisions of the Patriot Act to be renewed for another year without changing a word. Voters had every right to expect the president would roll back authority that had been clearly abused, like national security letters. But instead of implementing reasonable civil liberties protections, like taking requests for e-mail surveillance before a judge, the administration is proposing changes to the law that would allow huge numbers of new electronic communications to be examined with no judicial oversight. Democrats in Congress can remind Mr. Obama of his campaign promises by refusing this request. From rforno at infowarrior.org Fri Jul 30 08:33:40 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 30 Jul 2010 09:33:40 -0400 Subject: [Infowarrior] - Cisco Halt Exposes Flaw as NYSE Amex Handles Nasdaq Trading Message-ID: Cisco Halt Exposes Flaw as NYSE Amex Handles Nasdaq Trading July 30, 2010, 12:11 AM EDT By Nina Mehta July 30 (Bloomberg) -- The five-minute halt in Cisco Systems Inc. yesterday highlighted a flaw in how NYSE Amex executes orders it can?t fill on its book at the best price. Cisco stopped trading for five minutes following a 100- share execution on Amex for $26 at 10:41:33 a.m. New York time that drove the shares up more than 10 percent, triggering a circuit breaker implemented after the May 6 market crash. Amex began trading Cisco on July 27 as part of an expansion to companies listed on the Nasdaq Stock Market. The circuit breaker was triggered after an order Amex received traded against the available shares at the best-priced offer on that market and elsewhere, said Ray Pellecchia, a spokesman for NYSE Euronext, which owns Amex. The order, which wasn?t completely filled, then traded against available offers on Amex, he said. An execution at $26 triggered the circuit breaker even as other venues traded at less than $23.50. ?We?re stopping trading in incomparably liquid products because of dumb mistakes,? said Jamie Selway, managing director at broker White Cap Trading LLC in New York. ?Amex has a thin book in Cisco and doesn?t have a robust routing system for orders. Amex should consider a smart-routing solution and not do the minimum Reg NMS routing. Doing the minimum is a profoundly bad idea.? < - > http://www.businessweek.com/news/2010-07-30/cisco-halt-exposes-flaw-as-nyse-amex-handles-nasdaq-trading.html From rforno at infowarrior.org Fri Jul 30 13:09:14 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 30 Jul 2010 14:09:14 -0400 Subject: [Infowarrior] - =?windows-1252?q?U=2ES=2E_Copyright_Group_=91Stea?= =?windows-1252?q?l=92_Competitor=92s_Website?= Message-ID: <2D3EE739-E6DD-4F91-8600-0BF87B31BECE@infowarrior.org> U.S. Copyright Group ?Steal? Competitor?s Website Written by Ernesto on July 30, 2010 http://torrentfreak.com/u-s-copyright-group-steal-competitors-website-100730/ The U.S. Copyright Group (USCG) has been all over the news in recent months. The lawyer group sued thousands of BitTorrent users who allegedly file-shared motion pictures belonging to their clients, including the Oscar-winning Hurt Locker. However, it turns out that USCG are not copyright purists either, as they have blatantly copied the website of a competitor without permission. During May this year the makers of The Hurt Locker filed a complaint against the first 5,000 ?John Does?. Helped by the U.S. Copyright Group (USCG), the film makers are requesting the personal details of individuals behind the IP-addresses that allegedly shared the film on BitTorrent. With these personal details in hand, USCG is planning to send out a batch of settlement requests asking the alleged file-sharers to pay amounts up to $2,500, or risk a full trial and a heftier fine instead. In recent months USCG has already sent out similar ?speculative invoices? to downloaders of other films, including the indie movie Far Cry. It?s needless to say that the administrative process to handle thousands of settlements will involve quite a bit of work. To make this easier for themselves and the alleged downloaders, USCG recently put up a settlement website where visitors to their main website Copyrightsettlements.info are redirected to. By itself the mere existence of this settlement portal wouldn?t really be newsworthy, but this changed when we realized that they had copied it from a competitor. Six weeks ago a TorrentFreak reader alerted us that USCG was setting up a new website to deal with the settlements. Instead of coding the site themselves, they had simply copied the code (including the copyright statement) and images from a company in the same line of work. The images below show how both sites looked at the time. Copied website (large) Source (large) Because the USCG site was hosted on a force.com subdomain, we weren?t able to verify the legitimacy of this site to find out if there was indeed a direct connection to USCG. To be honest, we simply couldn?t believe that USCG would be stupid enough to blatantly rip-off a website like this, so we assumed that someone had tried to pull off a prank. A month after the email, however, the same site popped up again when we tried to access the website of USCG. Although the original layout was stripped down significantly over the past weeks, the website still uses code and images from the Copyright Enforcement Group. Initially, USCG even listed their competitor?s phone number on their site, but they were wise enough to remove this and other texts that refer to the Copyright Enforcement Group. That said, there is no doubt that USCG?s website is ?stolen?. Both the source code and the copied image names clearly reveal that the code was blatantly copied from their competitors. Armed with this knowledge we decided to contact the victims of this apparent violation to ask if they had perhaps authorized this use. The answer we got was clear. ?Thank you for bringing this to our attention. We are not associated with the US Copyright Group and they are not authorized to use Copyright Enforcement Group materials,? a representative of the Copyright Enforcement Group told TorrentFreak in a response. The same representative told TorrentFreak that the US Copyright Group and Dunlap, Grubb & Weaver will be receiving a cease and desist from Copyright Enforcement Group. Of course, we?ve seen this type of behavior before. The UK?s ACS:Law, also writing to thousands of file-sharers demanding cash payments for alleged infringements, aren?t whiter than whiter either. They took sections of several news articles and tried, unsuccessfully, to pass them off as their own content on their company website. So there we have it once again. An outfit that targets copyright infringers is actively infringing copyright themselves. They are so incompetent and probably blinded by the dollar signs in their eyes, that they can?t even put a website together without breaking the law themselves ? copyright law. From rforno at infowarrior.org Sat Jul 31 16:29:22 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 31 Jul 2010 17:29:22 -0400 Subject: [Infowarrior] - In Information War, Documentary Is Latest Salvo Message-ID: In Information War, Documentary Is Latest Salvo By MICHAEL SCHWIRTZ Published: July 31, 2010 http://www.nytimes.com/2010/08/01/world/europe/01russia.html?hpw MOSCOW ? A new documentary film about the Belarussian president, Aleksandr G. Lukashenko, portrays him as a bumbling tyrant enamored of Hitler and Stalin. He has political opponents killed, journalists silenced and elections rigged in the film, all while keeping his faltering country locked in a Soviet time warp. For years, human rights groups and Western governments have been leveling similar accusations. But the latest salvo against Mr. Lukashenko comes from an unlikely source: Russia?s government-controlled television. The documentary is part of an all-out propaganda war that has erupted between Russia and neighboring Belarus, two former Soviet republics that were once so close they had been on track to reunite. When the documentary, entitled ?Godfather,? was aired last month on Russia?s NTV television, it seemed to signal that the marriage was officially off. The mudslinging, which has played out in both countries? government-controlled media in recent weeks, reflects the deepening tensions between them. The latest dispute broke out in June when they tussled over natural gas prices, and continued when Mr. Lukashenko nearly scuttled a planned customs union between his country, Russia and Kazakhstan that had been a pet project of Vladimir V. Putin, Russia?s prime minister and pre-eminent leader. For years the Kremlin has supported Mr. Lukashenko, praising elections that independent monitors called rigged, while also ignoring violent crackdowns on the opposition. Moscow bolstered Mr. Lukashenko?s government with cheap natural gas and discounted duties on oil, which Belarus refined and resold. Russian subsidies, the moderator in the recent documentary says, ?are the main secret of the Belarussian economic miracle.? In return, the Kremlin seems to believe that it has received little but headaches. Amid the natural gas pricing dispute in June, Belarus retaliated by briefly cutting off flows into Western Europe. Mr. Lukashenko has also been out of step with Russia?s policies in the former Soviet Union. He has given refuge to Kyrgyzstan?s former president, Kurmanbek S. Bakiyev, who was ousted in April after bloody riots that Moscow seemed to encourage. He has also failed to follow the Kremlin?s lead in recognizing the independence of two separatist Georgian enclaves, Abkhazia and South Ossetia. ?He received a huge amount of money, with which he was in part able to support the economy of Belarus, its economic growth and the well-being of his people, without giving anything in return,? Vladimir Ryzhkov, a Russian opposition politician, said on Russia?s Ekho Moskvy radio last month. ?It seems the Russian leadership decided that that?s it.? Speaking to reporters from Ukraine on Saturday, Mr. Putin played down the significance of the media campaign. ?I do not see any media war. Perhaps this is because I barely read any periodicals and have not been following the electronic media lately,? Mr. Putin said. He was less ambivalent about Mr. Lukashenko, however: ?When it comes to money or energy supplies, everyone wants to get something from Russia for free, so when they don?t they get annoyed.? The ?Godfather? documentary voices criticisms typically found in Western human rights reports about Belarus (and Russia, for that matter). It covers the disappearances and murders of Mr. Lukashenko?s political opponents over the years and shows video of armored police officers beating antigovernment protesters. Images of Mr. Lukashenko dressed in military uniforms intersperse with footage of him inspecting collective farms. ?Little has changed since the U.S.S.R.,? the narrator says at one point. Only those with satellite dishes were able to view the program inside Belarus, though it can easily be accessed on YouTube. And in the Soviet tradition of samizdat, people have been recording the film themselves and passing along bootleg copies, said Andrei Sannikov, a Belarussian opposition leader. Mr. Lukashenko, needless to say, was not pleased. He said that he was ?offended? by the documentary. ?I know who gives these commands, who is governing these processes,? he said in a statement on his Web site. Shortly after, Belarus fired back, publishing excerpts in one of Belarus?s government newspapers from a highly critical report about Mr. Putin, written by Russian opposition figures. ?Savagery has become the norm in Russian society,? the newspaper wrote in an accompanying commentary. Belarus?s government-controlled First Channel also aired an interview with Georgia?s president, Mikheil Saakashvili, who has been vilified by Russia?s leaders ? and who has been the target of unflattering Russian documentaries himself. In the interview, Mr. Saakashvili called the Lukashenko documentary hypocritical, noting the prevalence of political killings in Russia. ?This has the smell of a propaganda war,? Mr. Saakashvili said. Responding to the interview, Boris Gryzlov, Russia?s Parliament speaker, called Mr. Saakashvili an ?outlaw? and suggested that there would be consequences for Belarus. ?Anyone who gives Saakashvili the opportunity to feel like a president, including in another country, is making a decision that could affect relations with Russia,? he said. Russia?s retreating support could certainly bode ill for Mr. Lukashenko in next year?s presidential election. Some Russian political analysts have begun to speculate that the media campaign could signal the start of an effort to unseat him. In fact, several Belarussian opposition leaders traveled to Moscow last month, where they met informally with Russian officials, including Russia?s finance minister and members of Mr. Putin?s United Russia party. Russian soft-power in the form of media campaigns and economic pressure is credited with helping to unseat the Kyrgyz president, Mr. Bakiyev, in April. However, Mr. Lukashenko, who has been in power for 16 years, appears to be on surer footing than his Kyrgyz colleague was. Still, the possibility of gaining Kremlin support has already enchanted some opposition figures in Belarus. ?This is a unique situation when Europe and Russia can agree on the conduct of the Belarussian presidential campaign,? said Yaroslav Romanchuk, an opposition leader, who said he planned to run for president. ?This is the first time in history.? From rforno at infowarrior.org Sat Jul 31 22:00:00 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 31 Jul 2010 23:00:00 -0400 Subject: [Infowarrior] - Researcher detained at U.S. border, questioned about Wikileaks Message-ID: <538FFA73-05A1-4A84-8E1F-C731AA71F196@infowarrior.org> July 31, 2010 4:16 PM PDT Researcher detained at U.S. border, questioned about Wikileaks by Elinor Mills http://news.cnet.com/8301-27080_3-20012253-245.html? LAS VEGAS -- A security researcher involved with the Wikileaks Web site was detained by U.S. agents at the border for three hours and questioned about the controversial whistleblower project as he entered the country on Thursday to attend a hacker conference, sources said on Saturday. He was also approached by two FBI agents at the Defcon conference after his presentation on Saturday afternoon about the Tor Project. Jacob Appelbaum, a Seattle-based programmer for the online privacy protection project called Tor, arrived at the Newark, New Jersey, airport from Holland flight Thursday morning when he was pulled aside by customs and border protection agents who told him he was randomly selected for a security search, according to the sources familiar with the matter who asked to remain anonymous. Appelbaum, a U.S. citizen, was taken into a room, frisked and his bag was searched. Receipts from his bag were photocopied and his laptop was inspected but it's not clear in what manner, the sources said. Officials from the Immigration and Customs Enforcement and the U.S. Army then told him he was not under arrest but was being detained, the sources said. They asked questions about Wikileaks, asked for his opinions about the wars in Iraq and Afghanistan and asked where Wikileaks founder Julian Assange is, but he declined to comment without a lawyer present, according to the sources. He was not permitted to make a phone call, they said. After about three hours, Appelbaum was given his laptop back but the agents kept his three mobile phones, sources said. Asked for comment, Appelbaum declined to talk to CNET. However, he made reference to his phone getting seized to Defcon attendees. Following a question-and-answer session after his talk on the Tor Project Appelbaum was asked by an attendee for his phone number. He replied "that phone was seized." Shortly thereafter two casually dressed men identified themselves as FBI agents and asked to talk to him. "We'd like to chat for a few minutes," one of the men said, adding "we thought you might not want to." Appelbaum asked them if they were aware of "what happened to me?" and one of them replied "Yes, that's why we're here." "I don't have anything to say," Appelbaum told them. One of the agents said they were interested in hearing if "human rights" being "trampled" and said "sometimes it's nice to have a conversation to flesh things out." Marcia Hofmann, an attorney at the Electronic Frontier Foundation, was in the room and asked if the agents were at the event in an official capacity or for personal reasons. "A little of both," one of the said. Appelbaum asked when his equipment would be returned and one of them said "We aren't involved in that; we have no idea," and walked away when Appelbaum declined to talk further. The agents declined to identify themselves to CNET. They said they were attending the conference and declined to talk further. Appelbaum is a hacker and security researcher who co-founded the Noisebridge hacker space in San Francisco's Mission district. He's also worked to bypass the security of "smart" parking meters, unearth flaws in Web security certificates, and discover a novel way to bypass hard drive encryption. At the Next HOPE hacker conference in New York in mid-July, Appelbaum filled in for Julian Assange, the controversial figure who's become the public face of Wikileaks. Assange skipped his appearance at Next HOPE on the expectation that Homeland Security agents would be looking for him. After his own presentation, Appelbaum beat a hasty exit and hopped on a flight to Europe. While he was on stage at Next HOPE, Appelbaum urged the largely sympathetic audience to support Wikileaks by volunteering or by donating money, to address recent criticisms of the document-publishing Web site, and to boast that Wikileaks remains uncensorable. "You can try to take us down... but you can't stop us," he said. He also challenged modern U.S. foreign policy and called for civil disobedience by way of exposing heavily guarded secrets. Appelbaum told the Next HOPE audience that although he's significantly involved in Wikileaks, he has no access to classified U.S. data that may have been sent to the site. (CNET's Declan McCullagh contributed to this report.) From rforno at infowarrior.org Sat Jul 31 22:08:20 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 31 Jul 2010 23:08:20 -0400 Subject: [Infowarrior] - DOD Crafting TTPs For Targeting Of Electronic, Cyber And Space Systems Message-ID: <3A7126D1-6E4E-4763-9A0B-88F39737DB4B@infowarrior.org> JNKEI? "JNKEI"??? Sounds like something Daphne would say to Scooby-Do, not the name of a Pentagon test project......but then again, I've see worse in my day. ;) Jinkies!! -rick Inside the Army - 08/02/2010 DOD Crafting TTPs For Targeting Of Electronic, Cyber And Space Systems Defense Department officials are slated to wrap up a three-year joint test culminating in new tactics, techniques and procedures for achieving non-kinetic "effects" against targets in space and cyberspace, according to a department spokesman. In Pentagon jargon, the Joint Non-Kinetic Effects Integration (JNKEI) test focuses on better integrating the military activities of "electronic attack," "computer network attack" and "offensive space control," according to officials and documents. In practice, this includes operations like jamming radio signals, "negating [enemy] access to space assets," and infiltrating an enemy's network to compromise information or even hardware, according to the spokesman. Officials at U.S. Strategic Command, which sponsors the test, declined to be interviewed. Command spokesman Lt. Cmdr. Steve Curry recently provided written answers to questions submitted by Inside the Army, following a months-long release process that involved the Office of the Secretary of Defense. While officials employing non-kinetic weapons use the term "targeting" just as it is used for the planning of bomb runs or missile strikes, different rules and challenges apply, according to Curry. "It's not like 'see a building, drop a bomb,'" Curry wrote in an e-mail. "It's more like 'see the building, there's a network switch inside that we must be able to access.'" Once a target is struck through non-kinetic means, officials find it difficult to quantify "collateral damage" and unintended consequences, Curry acknowledged. As the JNKEI test comes to an end on September 30, officials will finalize a set of TTPs that would give military leaders a way of more comprehensively considering non-kinetic attacks in the electronic, cyber and space domains during their overall operations planning process, Curry wrote. Officials previously tested the effectiveness of draft versions of the TTPs in various exercises, most recently during U.S. Pacific Command's "Terminal Fury" drill in May. PACOM and U.S. European Command are co-sponsors of the JNKEI test. It was initiated by the Pentagon's operational test and evaluation office, which focuses on finding what officials dub "non-materiel" improvements to the way U.S. forces do business. As part of the test, 150 officials across the services and combatant commands were trained in the employment of the classified TTPs. No non-DOD agencies took part in JKNEI, but defense agencies like the National Security Agency, the National Reconnaissance Office and the Defense Information Systems Agency participated, according to Curry. -- Sebastian Sprenger