From rforno at infowarrior.org Sat Jan 1 10:53:49 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 1 Jan 2011 11:53:49 -0500 Subject: [Infowarrior] - Ankit Fadia - "Unofficial Guide to Ethical Hacking" 32% Plagiarized Message-ID: <54F60697-E4EF-47ED-98B0-B9656206FD7C@infowarrior.org> Ankit Fadia - "Unofficial Guide to Ethical Hacking" 32% Plagiarized Sat Jan 1 01:08:44 CST 2011 http://attrition.org/errata/charlatan/ankit_fadia/unofficial.html Ankit Fadia's career is built on the cornerstone of him writing a 'hacking' book when he was 14, which he used as a means of establishing his expertise on the subject of computer security. Since the book 'Unofficial Guide to Ethical Hacking' (ISBN 0333 93679 5) was published in 2001, Fadia has not been able to keep sales figures straight. < - > The book is comprised of many articles written by Fadia for his web site, and later used with minor edits for the book. Throughout the book, there are over a dozen cases of Fadia using material that he did not write. In some cases, he quietly removes headers or text that would give attribution. In others, he blatantly claims credit for writing something he did not. In addition, almost 130 pages at the end of the book are blatantly taken from other sources, sometimes without attribution or honoring explicit copyright statements. This flagrant plagiarism advertised as original work launched his career and now leads to him receiving five-figure speaking engagements. The Plagiarism The following table details the portions of the book that were taken from other sources, making up 32.2% of the material. Information is included to distinguish not only plagiarized material, but also what was done in an attempt to obscure the original source (e.g., removing text or credit). This shows willful infringement of copyright and inexcusable plagiarism. < - > http://attrition.org/errata/charlatan/ankit_fadia/unofficial.html From rforno at infowarrior.org Sun Jan 2 14:00:22 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 2 Jan 2011 15:00:22 -0500 Subject: [Infowarrior] - Ultimate Patent Troll Patent: Get Sued When You File A Patent Message-ID: <674FC821-C0F8-4DB2-9C3B-8AACEFCF10F9@infowarrior.org> The Ultimate Patent Troll Patent: Get Sued When You File A Patent Wolfgang Gruener in Business on December 31 http://www.conceivablytech.com/4823/business/the-ultimate-patent-troll-patent-get-sued-when-you-file-a-patent/ It may be somewhat ironic that the U.S. Patent and Trademark Office published in the last week of 2010, a year with a boat load of questionable patent filings and approvals, a patent application from IBM, which automates the management of intellectual property and comes with a ?defend? module to formulate a strategy in the case of patent infringement. The right to protect inventions and intellectual property from being copied in a frivolous way is one of the foundations of a rewarding economy, but a loose control and oversight in fact can have the opposite effect and we are witnessing astonishing lawsuits based on IP infringement claims every day. A few days ago, Microsoft co-founder revised his rampage against Google, Apple, Facebook and Yahoo. There is an ongoing trial involving a key Wi-Fi patent. And we are lost in confusion who is suing whom over what in the smartphone arena. The latest entrants are Sony and LG: Sony claims that LG infringes on 7 Sony mobile phone patents. Those with massive IP holdings, whether they are used for products or not, may now hope for an efficient software, or at least procedure, how to organize a patent mess from the beginning to end. The components are divided in a ?direct? portion, which includes the overall strategy such as R&D, portfolio, filing, budgeting and forecasting. ?Control? covers factors such as market alignment, invention evaluation, IP valuation, and inventor training. ?Execute? includes trade secret protection, trademark creation, IP landscaping, technology monitoring, and competitive intelligence. In its entire glory: The IBM patent troll patent My personal favorites are the ?defend?, ?influence? and capitalize modules, which describe a method for ?defending against infringements and invalidations of said IP rights based on said business strategies and monitoring market and competitor actions to develop risk management plans; an influence computer module including a standards influencing unit, a legal and regulatory influencing unit, and a policy influencing unit; and capitalize computer module for identifying potential licensees and potential assignees of said IP rights, and managing licensing negotiations, cross-licensing negotiations, and assignment negotiations based on said business strategies.? In case you could not follow the entire phrase, you may want to read the patent filing itself, since IBM found it necessary to repeat these words more than two dozen times. This patent reads a lot like a late Christmas present for Paul Allen (or the entire smartphone industry for the purpose of general entertainment), but there seems to be a deeper meaning in this patent. Some genius at IBM simply collected all the experience IBM gained from filing more than 100 patents virtually every week throughout the year and assembled that into a chart, which was then turned into a patent filing. Essentially, IBM could claim to have patented the ?. patent. It covers very broad strategies how to file and protect a patent. So, this particular patent is, in fact, approved by the USPTO, and you file for a patent in the future, you may want to contact IBM, because you may infringe on at least on ingenious idea IBM laid out in its filing. What a way to end the year. From rforno at infowarrior.org Sun Jan 2 17:34:22 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 2 Jan 2011 18:34:22 -0500 Subject: [Infowarrior] - =?windows-1252?q?Dave_Barry=92s_2010_Year_in_Revi?= =?windows-1252?q?ew?= Message-ID: <05FA3E11-9AB4-4004-9D7B-5CCF056A2805@infowarrior.org> Posted on Sat, Jan. 01, 2011 Dave Barry?s 2010 Year in Review By Dave Barry Let?s put things into perspective: 2010 was not the worst year ever. There have been MUCH worse years. For example, toward the end of the Cretaceous Period, the Earth was struck by an asteroid that wiped out 75 percent of all the species on the planet. Can we honestly say that we had a worse year than those species did? Yes we can, because they were not exposed to Jersey Shore. So on second thought we see that this was, in fact, the worst year ever. The perfect symbol for the awfulness of 2010 was the BP oil spill, which oozed up from the depths and spread, totally out of control, like some kind of hideous uncontrollable metaphor. (Or, Jersey Shore.) The scariest thing about the spill was, nobody in charge seemed to know what to do about it. Time and again, top political leaders personally flew down to the Gulf of Mexico to look at the situation first-hand and hold press availabilities. And yet somehow, despite these efforts, the oil continued to leak. This forced us to face the disturbing truth that even top policy thinkers with postgraduate degrees from Harvard University ? Harvard University! ? could not stop it. The leak was eventually plugged by non-policy people using machinery of some kind. But by then our faith in our leaders had been shaken, especially since they also seemed to have no idea what to do about this pesky recession. Congress tried every remedy it knows, ranging all the way from borrowing money from China and spending it on government programs, to borrowing MORE money from China and spending it on government programs. But in the end, all of this stimulus created few actual jobs, and most of those were in the field of tar-ball collecting. Things were even worse abroad. North Korea continued to show why it is known as ?the international equivalent of Charlie Sheen.? The entire nation of Greece went into foreclosure and had to move out; it is now living with relatives in Bulgaria. Iran continued to develop nuclear weapons, all the while insisting that they would be used only for peaceful scientific research, such as ? to quote President Mahmoud Ahmadinejad ? ?seeing what happens when you drop one on Israel.? Closer to home, the already strained relationship between the United States and Mexico reached a new low following the theft, by a Juarez-based drug cartel, of the Grand Canyon. This is not to say that 2010 was all bad. There were bright spots. Three, to be exact: 1. The Yankees did not even get into the World Series. 2. There were several days during which Lindsay Lohan was neither going into, nor getting out of, rehab. 3. Apple released the hugely anticipated iPad, giving iPhone people, at long last, something to fondle with their other hand. Other than that, 2010 was a disaster. To make absolutely sure that we do not repeat it, let?s remind ourselves just how bad it was. Let?s put this year into a full-body scanner and check out its junk, starting with... < -- > http://www.miamiherald.com/2011/01/01/v-print/1992746/dave-barrys-2010-year-in-review.html From rforno at infowarrior.org Mon Jan 3 08:39:37 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 3 Jan 2011 09:39:37 -0500 Subject: [Infowarrior] - Report says Facebook nets $500 million investment Message-ID: Report says Facebook nets $500 million investment By The Associated Press The Associated Press Monday, January 3, 2011; 2:33 AM http://www.washingtonpost.com/wp-dyn/content/article/2011/01/03/AR2011010300341_pf.html -- Social networking behemoth Facebook has raised $500 million from Goldman Sachs and a Russian investment firm in a deal that values the company at $50 billion, The New York Times reported. Goldman invested $450 million and Digital Sky Technologies invested $50 million, the newspaper reported Sunday in its online edition, citing people involved in the transaction that it did not name. Goldman has the right to sell part of its stake, up to $75 million, to the Russian firm. The report said representatives for Facebook, Goldman and Digital Sky Technologies declined to comment. The U.S. Securities and Exchange Commission is reportedly looking into the booming trade in privately held shares of popular social networking sites. A big reason the SEC may be curious about the trading of these popular private startups' shares is because once a company hits 500 shareholders, it must disclose certain financial information to the public, even if it hasn't filed for an initial public offering. The Times reported that Goldman is planning to create a "special purpose vehicle" that may be able to circumvent the 500 shareholder rule because it would be managed by Goldman and considered just one investor, even though it could conceivably be pooling investments from thousands of clients. Shares of privately held companies can be traded on private stock exchanges such as SecondMarket, based in New York, and SharesPost, based in San Bruno, California. The shares are generally sold by former employees or early investors in these companies. Only institutional investors or high net-worth individuals - those worth more than $1 million - can buy the shares. But for those who can sell them, the market is on fire. On SharesPost, a completed contract between a buyer and a seller valued shares of Palo Alto, California-based Facebook at $25 each. This implies a valuation of nearly $57 billion for the world's largest social network, with 500 million-plus users worldwide. Facebook recently tightened its privacy settings after criticism that personal information was being disseminated without users' knowledge or permission. Founder Mark Zuckerberg was named Time magazine's "Person of the Year" and was the subject of a high-profile movie about Facebook's creation. Zuckerberg, who owns about a quarter of Facebook's shares, is one of the world's youngest billionaires. The newspaper said the deal may double Zuckerberg's personal fortune, which Forbes estimated at $6.9 billion when Facebook was valued at $23 billion. ? 2011 The Associated Press From rforno at infowarrior.org Mon Jan 3 11:52:24 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 3 Jan 2011 12:52:24 -0500 Subject: [Infowarrior] - =?windows-1252?q?Secrecy_and_Classification_=97_T?= =?windows-1252?q?wo_Diverging_Domains?= Message-ID: Secrecy and Classification ? Two Diverging Domains January 3rd, 2011 by Steven Aftergood http://www.fas.org/blog/secrecy/2011/01/diverging_domains.html One aspect of the current crisis in classification policy is the growing discrepancy between what is secret and what is classified. All too often, official classification controls are imposed (or retained) on information that is public, thereby generating confusion and loss of confidence in the integrity of the classification system. The problem was underscored recently by the government?s response to the publication of classified State Department cables by Wikileaks, which was to insist that they remain classified despite their broad availability. ?So, my grandmother would be allowed to access the cables, but not me,? one official complained to us last month. The increasing divergence between secrecy and classification is exacerbated by new media for disclosure and publication, and it is not at all limited to U.S. government secrecy policy. A current controversy in Russia over the alleged publication of classified information provides a vivid illustration of the problem. The Russian news magazine Kommersant-Vlast has twice been rebuked recently by the Russian Federal Service for Communications (Roskomnadzor) for publishing state secrets, placing the future of that publication in legal jeopardy. But the purported secrets were all derived from open sources, the magazine explained (pdf), including sources such as Russian government websites. One of the offending news stories, entitled ?All About Missile Forces? and published in December 2009, described the deployment, composition and combat strength of Russian strategic missile forces. The government said this story included Secret and Top Secret information, and therefore violated the Russian Federation Law on Mass Media. But in its defense, Vlast-Kommersant argued that this Secret information was not, in fact, secret: ?One of the sources of ?state secrets? for Vlast was the official website of the RF President and Commander in Chief.? In a discussion of ?Where to Find ?State Secrets?,? Vlast writer Mikhail Lukin provided a detailed account of how his publication assembled the story on Russian missile forces by using public databases, search engines, previous news stories and scholarly works, and the public statements of government officials. ?It turns out that the President of Russia, the Minister of Defense, the RVSN Commander-in-Chief, the commanders of missile armies [and others] number among the divulgers of [ostensibly secret] information about [missile] deployment?.? Vlast presented all of this information to the Moscow City Court in a legal challenge to the warnings that it had received from the Russian government. But in October 2010, the Court ruled against the news magazine, and in favor of the government. In paradoxical terms that would be familiar to U.S. classification officials, the Moscow Court held that ?the fact of the information being published in open sources does not in any way impact on its level of secrecy.? An appeal to the Russian Supreme Court is pending. See ?The Obvious Becomes Secret? by Mikhail Lukin, Kommersant-Vlast, October 26, 2010, translated by the National Virtual Translation Center and obtained by Secrecy News. The Russian original is here. From rforno at infowarrior.org Mon Jan 3 14:58:05 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 3 Jan 2011 15:58:05 -0500 Subject: [Infowarrior] - Intel Chip caters to Hollywood Message-ID: <9E6A53BE-3F26-4FDB-85CA-B79A145442E9@infowarrior.org> Intel Chip Design Gives Hollywood Studios Security for Movie Downloads By Ian King - Jan 3, 2011 9:47 AM ET Mon Jan 03 14:47:42 GMT 2011 http://www.bloomberg.com/news/2011-01-03/intel-chip-design-gives-hollywood-studios-security-for-movie-downloads.html Intel Corp., aiming to alleviate Hollywood?s concerns about piracy, is building security into a new chip design that would let Warner Bros. and other studios sell high-definition movies online for viewing on computers. The chipmaker will announce the Intel Insider feature this week at the Consumer Electronics Show in Las Vegas, said Tom Kilroy, the head of sales at the Santa Clara, California-based company. Warner Bros. will use the technology as part of a plan to make more than 300 titles available in February. The feature is designed to prevent illegal copying of high- definition films, providing the assurance studios need to make more movies available on the Internet, Kilroy said. For Intel, the technology gives consumers another reason to upgrade their computers, and may help the company maintain its edge over rival Advanced Micro Devices Inc. ?Online distribution is where all of the growth is,? Kilroy said. ?This is a major breakthrough.? Computer users will be able to watch movies with the highest-available resolution, 1080p, he said. It also will work with services such as Best Buy Co.?s CinemaNow. Intel is talking with other studios to get them on board, Kilroy said. Intel developed the technology by adapting security features designed for business computers. By building those features into semiconductors, they are harder to thwart than software-only protections, he said. WiDi Upgrade Intel also will introduce a higher definition of its so- called WiDi technology, which allows laptop users to beam whatever is on their computer screen to a nearby television, Kilroy said. The movie feature is part of Intel?s latest processor design, called Sandy Bridge, which will debut at the show. The design features built-in graphics for the first time, stepping up competition with developers of add-in graphics cards. Intel gets more than 90 percent of its revenue from computer chips. Intel fell 7 cents to $20.96 at 9:46 a.m. New York time in Nasdaq Stock Market trading. The shares climbed 3.1 percent last year. To contact the reporter on this story: Ian King in San Francisco at ianking at bloomberg.net From rforno at infowarrior.org Mon Jan 3 18:20:13 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 3 Jan 2011 19:20:13 -0500 Subject: [Infowarrior] - Europe starts confiscating private pension funds Message-ID: BELTWAY CONFIDENTIAL Politics from the Nation's Capital Europe starts confiscating private pension funds http://washingtonexaminer.com/blogs/beltway-confidential/2011/01/europe-starts-confiscating-private-pension-funds t By: Mark Hemingway 01/03/11 2:22 PM The U.S. isn't the only place that's facing a major pension fund crisis. The Christian Science Monitor has this alarming report: People?s retirement savings are a convenient source of revenue for governments that don?t want to reduce spending or make privatizations. As most pension schemes in Europe are organised by the state, European ministers of finance have a facilitated access to the savings accumulated there, and it is only logical that they try to get a hold of this money for their own ends. In recent weeks I have noted five such attempts: Three situations concern private personal savings; two others refer to national funds. The most striking example is Hungary, where last month the government made the citizens an offer they could not refuse. They could either remit their individual retirement savings to the state, or lose the right to the basic state pension (but still have an obligation to pay contributions for it). In this extortionate way, the government wants to gain control over $14bn of individual retirement savings. The article goes on to detail other pension grabs in Bulgaria, Poland, France and Ireland. Obviously, this is a cautionary tale for America. If fiscal austerity becomes a real issue in the U.S. the way that it's been reaching critical mass in Europe -- don't think that U.S. lawmakers regard your either your personal wealth or money they might owe you as sacrosanct. Government has a habit of looking out for itself. From rforno at infowarrior.org Tue Jan 4 10:35:48 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 4 Jan 2011 11:35:48 -0500 Subject: [Infowarrior] - Paper: "Piracy is the Future of Television" Message-ID: <148AE5C4-2CE2-45B6-9A23-1FFAB62693E7@infowarrior.org> January 4, 2011 "Piracy is the Future of Television," whitepaper from the Convergence Culture Consortium by Abigail De Kosnik (UC Berkeley) Consulting Researcher for the Convergence Culture Consortium http://cms.mit.edu/news/2011/01/piracy_is_the_future_of_televi.php Download the executive summary or the entire research memo. Executive Summary Why do consumers pirate television shows? Rather than watching TV productions via legitimate media, such as broadcast/cable television (including on-demand viewing), authorized websites (Hulu, iTunes, and proprietary network sites), and purchased or rented DVD or Blu-Ray disks, millions of Internet users use peer-to-peer protocols to illegally download episodes. A common misconception is that digital pirates are motivated by economic reasons; pirated copies of media are free, while cable television subscriptions, iTunes purchases, and disks cost money. However, pirates also prefer file-sharing to Hulu, network websites, and other free legal options. This paper will argue that online piracy is the preferred means of acquiring television for large numbers of people not because it is free, but because it is the best means currently available of consuming TV. If studios hope to combat piracy by striking deals with Internet portals that offer television content online legally, then they will have to create business and distribution models that incorporate TV pirates' best practices. These include: ? A persistent television archive. The frustration of fans who miss one or more episodes of a TV show's season, the enduring affection for the television programs of one's youth, and TV-philes' interest in discovering older, "classic" or "lost" series, mean that there is always a demand for non-current TV content. Pirates operating over a distributed network have successfully "kept alive" TV torrents that would have been otherwise long dead, and in doing so, have proven that large segments of the television audience desire TV to be less ephemeral. ? The facilitation of high resolution, easily stored, portable personal television archives. TV programming proved to be highly popular as an object of collection as soon as the means for home recording (VCRs and DVRs) became available to consumers. Viewers enjoy archiving their favorite shows so that they can review episodes at their leisure, months or years after the original airings. Hulu and other streaming sites do not allow shows to be collected and permanently archived by the home user; YouTube videos are typically low-resolution; iTunes downloads can only be stored on one machine (and its assigned mobile devices), and are not transferable files; DVRs have a maximum storage capacity; disks are subject to breakage and require shelf space. Online pirates have overcome all of these limitations on personal television archiving. ? Access to global content. It is well known that English-speaking countries outside the U.S. are host to a significant number of TV pirates, who, annoyed by the delay of U.S. programs' export (a delay mandated by the economics of global syndication), download U.S. shows immediately after their broadcasts. However, piracy of foreign television programs is multidirectional: U.S. pirates consume a great deal of international content, either because shows produced in Britain, Japan, India and so on are difficult to obtain legally outside their countries of origin, or because they are members of a diaspora that stays connected with their home country and culture through viewing that nation's TV series. Piracy has created a "television without borders." Many business challenges will arise if and when the media industries decide to incorporate some of the advantages of online television piracy into legitimate distribution models. This paper will not attempt to solve all of these issues (though it will propose some possible resolutions), but it will argue that industry cannot ignore the model constructed by pirates forever. Internet piracy has given rise to a form of television consumption so superior to existing legal forms that industry must, sooner or later, consider launching premium online TV services -- perhaps charging premium prices for them -- based on the discoveries and innovations of pirates. Bio Abigail De Kosnik is Assistant Professor at Berkeley Center for New Media and Department of Theater, Dance & Performance Studies, University of California, Berkeley. She has two books forthcoming: The Survival of Soap Opera: Strategies for a New Media Era (essay collection, co-edited with Sam Ford and C. Lee Harrington) from the University Press of Mississippi and Illegitimate Media: Minority Discourse and the Censorship of Digital Remix Culture from the University of Georgia Press. She testified in May 2009 before the U.S. Copyright Office at their hearings regarding the Digital Millennium Copyright Act, in favor of an exemption to the DMCA's ban on the circumvention of digital copyright technologies that would allow non-Film Studies college professors to rip DVDs for the purpose of screening clips of film and television in their courses. She is organizing a conference (currently scheduled for February 2010) on Open Source and the Humanities, sponsored by the Berkeley Center for New Media. She can be reached at adekosnik at berkeley.edu. http://cms.mit.edu/news/2011/01/piracy_is_the_future_of_televi.php From rforno at infowarrior.org Tue Jan 4 16:57:24 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 4 Jan 2011 17:57:24 -0500 Subject: [Infowarrior] - STRATFOR: Separating Terror from Terrorism References: Message-ID: <1D1C61DD-31A8-4C19-B775-B4C918BE3CAF@infowarrior.org> Begin forwarded message: > From: Jonathan Abolins > > Good analysis & insight by Stratfor's Scott Stewart on terrorism and > the the psychological dynamics of terror: > > http://www.stratfor.com/weekly/20101229-separating-terror-terrorism > --- > On Dec. 15, the FBI and the Department of Homeland Security (DHS) sent > a joint bulletin to state and local law enforcement agencies > expressing their concern that terrorists may attack a large public > gathering in a major U.S. metropolitan area during the 2010 holiday > season. That concern was echoed by contacts at the FBI and elsewhere > who told STRATFOR they were almost certain there was going to be a > terrorist attack launched against the United States over Christmas. > > Certainly, attacks during the December holiday season are not unusual. > There is a history of such attacks, from the bombing of Pan Am Flight > 103 on Dec. 21, 1988, and the thwarted millennium attacks in December > 1999 and January 2000 to the post-9/11 airliner attacks by shoe bomber > Richard Reid on Dec. 22, 2001, and by underwear bomber Umar Farouk > Abdulmutallab on Dec. 25, 2009. Some of these plots have even stemmed > from the grassroots. In December 2006, Derrick Shareef was arrested > while planning an attack he hoped to launch against an Illinois > shopping mall on Dec. 22. > > Mass gatherings in large metropolitan areas have also been repeatedly > targeted by jihadist groups and lone wolves. In addition to past > attacks and plots directed against the subway systems in major cities > such as Madrid, London, New York and Washington, 2010 saw failed > attacks against the crowds in New York?s Times Square on May 1 and in > Pioneer Courthouse Square in downtown Portland, Ore., on Nov. 26. > > With this history, it is understandable that the FBI and the DHS would > be concerned about such an attack this year and issue a warning to > local and state law enforcement agencies in the United States. This > American warning also comes on the heels of similar alerts in Europe, > warnings punctuated by the Dec. 11 suicide attack in Stockholm. > > So far, the 2010 holiday season has been free from terrorist attacks, > but as evidenced by all the warnings and concern, this season has not > been free from the fear of such attacks, the psychological impact > known as ?terror.? In light of these recent developments, it seems > appropriate to discuss the closely related phenomena of terrorism and > terror. > > --- > > Stewart goes on to examine how various things, including the media, > government, and the Internet, can magnify the terror from the actual > terrorist attacks and generate fear. > > He concludes: > --- > In the final analysis, the world is a dangerous place. Everyone is > going to die, and some people are certain to die in a manner that is > brutal or painful. In 2001, more than 42,000 people died from car > crashes in the United States and hundreds of thousands of Americans > died from heart disease and cancer. The 9/11 attacks were the > bloodiest terrorist attacks in world history, and yet even those > historic attacks resulted in the deaths of fewer than 3,000 people, a > number that pales in comparison to deaths by other causes. This is in > no way meant to trivialize those who died on 9/11, or the loss their > families suffered, but merely to point out that lots of people die > every day and that their families are affected, too. > > If the public will take a cue from groups like AQAP, it too can > separate terrorism from terror. Recognizing that terrorist attacks, > like car crashes and cancer and natural disasters, are a part of the > human condition permits individuals and families to practice > situational awareness and take prudent measures to prepare for such > contingencies without becoming vicarious victims. This separation will > help deny the practitioners of terrorism and terror the ability to > magnify their reach and power. > ---- From rforno at infowarrior.org Tue Jan 4 17:03:59 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 4 Jan 2011 18:03:59 -0500 Subject: [Infowarrior] - AF SAP Policy Limits Congressional Contacts Message-ID: Air Force SAP Policy Limits Congressional Contacts January 4th, 2011 by Steven Aftergood http://www.fas.org/blog/secrecy/2011/01/usaf_sap.html The Air Force issued updated guidance (pdf) last week concerning its highly classified special access programs, including new language prohibiting unauthorized communications with Congress. Special access programs (SAPs) involve access and safeguarding restrictions that are more extensive than those that apply to other classified programs. SAPs are nominally established ?to protect the Nation?s most sensitive capabilities, information, technologies and operations.? The new Air Force guidance emphatically limits contacts with Congress concerning SAPs. ?It is strictly forbidden for any employee of the Air Force or any appropriately accessed organization or company to brief or provide SAP material to any Congressional Member or staff without DoD SAPCO [Special Access Program Central Office] approval. Additionally, the Director, SAF/AAZ will be kept informed of any interaction with Congress.? See Air Force Policy Directive 16-7, ?Special Access Programs,? December 29, 2010. From rforno at infowarrior.org Tue Jan 4 17:06:30 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 4 Jan 2011 18:06:30 -0500 Subject: [Infowarrior] - =?windows-1252?q?WH_Directive_on_=93Post-WikiLeak?= =?windows-1252?q?s=94_Security?= Message-ID: <81297F02-28E4-424C-B27F-9B3A376616D1@infowarrior.org> Tightening Security in the ?Post-WikiLeaks? Era January 4th, 2011 by Steven Aftergood http://www.fas.org/blog/secrecy/2011/01/tightening_security.html The Obama Administration is moving to increase the security of classified information in response to the massive leaks of classified documents to Wikileaks in recent months. The White House Office of Management and Budget yesterday issued a detailed memorandum (pdf) elaborating on the requirement to conduct an initial assessment of agency information policies and to initiate remedial steps to tighten security. Agency assessments are to be completed by January 28. The Wikileaks model for receiving and publishing classified documents exploits gaps in information security and takes advantage of weaknesses in security discipline. It therefore produces greater disclosure in open societies, where security is often lax and penalties for violations are relatively mild, than in closed societies. Within the U.S., the Wikileaks approach yields greater disclosure from those agencies where security is comparatively poor, such as the Army, than from agencies with more rigorous security practices, such as the CIA. What this means is that Wikileaks is exercising a kind of evolutionary pressure on government agencies, and on the government as a whole, to ratchet up security in order to prevent wholesale compromises of classified information. If the Army becomes more like the CIA in its information security policies, or so the thinking goes, and if the U.S. becomes more like some foreign countries, then it should become less vulnerable to selective security breaches. The government?s response to this pressure from Wikileaks, which was entirely predictable, is evident in the new memorandum circulated by OMB, which calls on agencies to address ?any perceived vulnerabilities, weaknesses, or gaps in automated systems in the post-WikiLeaks environment.? See ?Initial Assessments of Safeguarding and Counterintelligence Postures for Classified National Security Information in Automated Systems,? Office of Management and Budget, January 3, 2011. In an attachment to the OMB memo, the National Counterintelligence Executive and the Information Security Oversight Office provided an 11-page list of questions and requirements that agencies are supposed to use in preparing their security self-assessment. ?If your agency does not have any of the required programs/processes listed, you should establish them.? Agencies are asked to ?deter, detect, and defend against employee unauthorized disclosures? by gathering ?early warning indicators of insider threats? and also by considering ?behavioral changes in cleared employees.? So, for example, agencies are asked ?Do you capture evidence of pre-employment and/or post-employment activities or participation in on-line media data mining sites like WikiLeaks or Open Leaks?? It is unclear how agencies might be expected to gather evidence of ?post-employment? activities. Among other troubling questions, agencies are asked: ?Are all employees required to report their contacts with the media?? This question seems out of place since there is no existing government-wide security requirement to report ?contacts with the media.? Rather, this is a security policy that is unique to some intelligence agencies, and is not to be found in any other military or civilian agencies. Its presence here seems to reflect the new ?evolutionary pressure? on the government to adopt the stricter security policies of intelligence. ?I am not aware of any such requirement? to report on media contacts, a senior government security official told Secrecy News. But he noted that the DNI was designated as Security Executive Agent for personnel security matters in the 2008 executive order 13467. As a result, ?I suspect that an IC requirement crept in? to the OMB memo. From rforno at infowarrior.org Tue Jan 4 19:18:00 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 4 Jan 2011 20:18:00 -0500 Subject: [Infowarrior] - Volunteer Cyber Army Emerges In Estonia Message-ID: <5F3AA378-1F49-4550-9918-5B5624971803@infowarrior.org> Volunteer Cyber Army Emerges In Estonia by Tom Gjelten January 4, 2011 http://www.npr.org/2011/01/04/132634099/in-estonia-volunteer-cyber-army-defends-nation In April 2007, the Baltic republic of Estonia became the first country in the world to experience cyberwar. Government, financial and media computer networks were paralyzed by a series of attacks, which authorities ultimately concluded originated in Russia. In the years since that cyberassault, Estonia has distinguished itself once again: Now it is a model for how a country might defend itself during a cyberwar. The responsibility would fall to a force of programmers, computer scientists and software engineers who make up a Cyber Defense League, a volunteer organization that in wartime would function under a unified military command. "[Our] league brings together specialists in cyberdefense who work in the private sector as well as in different government agencies," Defense Minister Jaak Aaviksoo says. The force carries out regular weekend exercises, Aaviksoo says, "to prepare for possible cyber contingencies." The unit is but one division of Estonia's Total Defense League, an all-volunteer paramilitary force dedicated to maintaining the country's security and preserving its independence. 2007 Cyberattack Targeted Country Aaviksoo says Estonian civilians are willing to be mobilized to defend their country because of their experience of invasion and occupation: by the Soviet Army in 1939, followed by the Germans in 1941 and then again by the Soviet Union, which occupied Estonia until it broke free in 1991. "Insurgent activity against an occupying force sits deep in the Estonian understanding of fighting back," Aaviksoo says, "and I think that builds the foundation for understanding total defense in the case of Estonia." The 2007 cyberassault followed a controversial government decision to relocate a Soviet war memorial, and authorities ultimately traced the attacks to Russia, which was angered by the government decision. In a speech last September, Aaviksoo described the attacks as "a coordinated attempt to destabilize our government." Whoever the attacker was, the choice of cyberwar methods made sense. Estonia is one of the most wired countries on the planet. Eighty percent of Estonians pay their taxes online and engage in electronic banking. The sense of cyber vulnerability in Estonia has been a key rallying point for the Cyber Defense League. No democratic country in the world has a comparable force, with computer specialists ready and willing to put themselves under a single paramilitary command to defend the country's cyber infrastructure. Aaviksoo says it's so important for Estonia to have a skilled cyber army that the authorities there may even institute a draft to make sure every cyber expert in the country is available in a true national emergency. "We are thinking of introducing this conscript service, a cyber service," Aaviksoo says. "This is an idea that we've been playing around [with]. We don't have the mechanism or laws in place, but it might be one option." Private Sector Cooperation In the United States, most top cybersecurity experts work in the private sector and are not available for government duty, even in times of an emergency. Stewart Baker, who tried to coordinate cyberdefense efforts at the Department of Homeland Security under President George W. Bush, says a Cyber Defense League like Estonia has would have been helpful. "It means people are keeping their skills up to date in the private sector, and those skills can be called on in an emergency, which is the only time the government really needs all of them," Baker says. "That's a very sensible approach, and I only wish we had the same kind of relationship with our [Information Technology] sector that they obviously have with theirs." When top cybersecurity experts are willing if necessary to put themselves under a single paramilitary command, a country's computer networks can be defended more efficiently. In Estonia, as in the United States, the information technology underpinning the power, transportation and financial systems is largely in private hands. With the responsibility for defending that I.T. infrastructure split between government and private industry, there are always security gaps. But Baker, a former general counsel at the National Security Agency, says it's been hard in the United States to promote public-private collaboration in cybersecurity. "The people who work in IT in the U.S. tend to be quite suspicious of government," Baker says. "Maybe they think that they're so much smarter than governments that they'll be able to handle an attack on their own. But there's a standoffishness that makes it much harder to have that kind of easy confidence that you can call on people in an emergency and that they'll be respond." Estonia's firsthand experience with cyberwar has probably made it easier for authorities there to implement innovative security measures, from its Cyber Defense League to a new requirement for using digital IDs to carry out many online transactions. Many countries would face resistance to such efforts. But that only means Estonia now has the opportunity to serve as a model, and NATO has recognized Estonia's efforts: The alliance's new Cyber Defense Center for Excellence has its headquarters there. From rforno at infowarrior.org Tue Jan 4 19:56:49 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 4 Jan 2011 20:56:49 -0500 Subject: [Infowarrior] - DHS "Risk Lexicon" Message-ID: <376F0110-F85D-484A-AADE-419DC2A9CE28@infowarrior.org> "Risk Lexicon" US Department of Homeland Security http://www.dhs.gov/xlibrary/assets/dhs-risk-lexicon-2010.pdf This is the second edition of the Department of Homeland Security (DHS) Risk Lexicon and represents an update of the version published in September 2008. More than seventy terms and definitions were included in the first edition of the DHS Risk Lexicon. The 2010 edition includes fifty new terms and definitions in addition to revised definitions for twenty-three of the original terms. From rforno at infowarrior.org Tue Jan 4 21:50:23 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 4 Jan 2011 22:50:23 -0500 Subject: [Infowarrior] - Nader: Tweeting Away the Time Message-ID: A Society of Buyers Tweeting Away the Time By RALPH NADER http://www.counterpunch.org/nader01042011.html The start of the New Year is a good time to talk about Time. About this, we can all agree?there are only twenty four hours in a day. Zillions of companies and persons want a piece of that time from us in order to make money. But that supply of Time is not expandable. Unlike other supplies in the marketplace, this one has no give beyond twenty four hours a day. Note the massive increase in commercial requests for our time in return for our dollars?directly or indirectly?compared to 60 years ago. Instead of three television networks bidding for our time in order to sell advertising, there are over 100 channels on any cable system. There are ever more radio stations, more online blogs and websites, more video games, more music. In 1950, there were no cell phones, no iPhones, no Blackberries, no e-mails, no text messaging, no apps, no E-books, no faxes. Entertainment fare is now 24/7 and expanding rapidly on the Internet. But there are still only twenty four hours per day. What are these merchants expecting of the consumers' time? Squeezing more into less time as attention spans shorten, for one. Marketing so irresistibly that people buy far more of these videos and other entertainment services than they have time to listen or to view. Think of the VCRs and the DVDs piled up at home that have never been seen. Same for many books. The big bestseller on the universe: The Grand Design by scientist Stephen Hawking became status furniture on sitting room tables except for the one in a hundred who actually read that book. In short, the gap between what we think we have time for when we buy these products and what we actually expend time on is setting records every day. However, people of all ages are spending more time on casual gaming (75 million Americans is the estimate) than on solitaire or cards?apart from being addicted to competitive video games. So there is some substitution at play here. E-mails and text messaging are taking a large slice out of the day, in part because they are so cheap and in part because they are so personal. "What gives" here is that less time is being spent on the telephone but by no means in equal measure. So cheap and easy are modern communications that it is often harder to actually reach people than during the days of the dial phone. How much time do we spend trying to get someone to return calls or even to react to E-mails (which are increasingly pass? in favor of text-messages) during the day or week? After awhile one stops trying to make telephone contact because of the low probability of actually talking to the person you want to reach. People are so overloaded that just getting them to respond to a friendly letter, call or electronic message requires many repetitions. The banality of abundance is at work here. On the other hand, where you do get quick replies are from your "friends" with mutual gossip and personal tid-bits drive up the back and forth volume immensely. A 16 year old girl said that she sends 600 text messages a day and "would die without her cell phone." Still the sellers are more and more vigorously competing for a piece of the buyers' time. Where is all this going? First the sales appeal may ostensibly be for the buyers' time?eg. toys, DVDs?but it really is an appeal to the buyers' hope or belief that he/she has the time sometime. That is what gives what economists call the "elasticity" to the seemingly finite twenty four hour day. Whether that time is devoted to the program or product is immaterial to the seller once the sale is made. The successful seller is happy. But what is happening to the buyer? More stuff piles up. More sense of being time burdened when weeks and months pass without getting around to using the purchased goods or services. More susceptibility to buying the newest upgrade or version out of a sense of getting to now what they haven't had time to get to before with the older purchase. Moreover, as a society of buyers, we become ever more fractured audiences?especially for national television?and it is less likely that we see or react to the events of the day as a community. I was reminded of this observation recently when Washington's current outrages of endemic wars, waste and corruption rattle the public far less than Nixon's Watergate behavior. In 1974 after Nixon fired his Attorney General and the Special Prosecutor who were investigating his involvement in the Watergate burglary and cover-up, Tennesseans sent 40,000 telegrams to one of their Senators over three days. Members of Congress, even with the ease of E-mail and Twitter, do not get that kind of meaningful volume. When our time feels overwhelmed and the marketers are banging on our doors for more time claims, what time is there left for necessary solitude, for family and other socializing, for kids playing outside instead of being addicted to indoor screens, even at dinner, for, excuse the words, reflection and contemplation? It comes down to whether we have any time from our absorption into virtual reality to engage reality, including civil and political realities. A Society whose people do not show up for public meetings, hearings, protests and even local folklore events is a society that is cannibalizing its democracy, its critical sense of community purpose. Take back some of those discretionary hours from the marketers and electronic entertainers. Devote them to shaping the future for you and your children. Ralph Nader is the author of Only the Super-Rich Can Save Us!, a novel. From rforno at infowarrior.org Wed Jan 5 09:17:50 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 5 Jan 2011 10:17:50 -0500 Subject: [Infowarrior] - Calling Out the NYT Message-ID: Source: Graphics Ability Is the New Goal for Chip Makers http://www.nytimes.com/2011/01/04/technology/04chip.html?_r=1&hpw In describing the new Intel Sandy Bridge chips, Ashlee Vance of the NYT writes: "Other features in the new Intel chips are aimed at helping movie studios deliver high-definition versions of their films and to move video streams between computers and TV screens." Sadly, Vance uses Hollywood's standard talking points to obliquely refer to the new Sandy Bridge onboard DRM technologies. His choice of words here was a gross misrepresentation of these "features" and glosses over some of the products' more controversial aspects. -- rick From rforno at infowarrior.org Wed Jan 5 13:16:48 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 5 Jan 2011 14:16:48 -0500 Subject: [Infowarrior] - MPAA hires first technology policy officer Message-ID: <0D7AF8C2-2894-4FA1-91FE-A67B9E17FD53@infowarrior.org> Anyone care to offer alternate job titles? 'Chief DRM Proponent' or 'Chief Defender of Failing Industry Models' or 'Chief Gas Lamp Lighter' would be more accurate, don'tcha think? --- rick Paul Brigner Hired as MPAA's First Chief Technology Policy Officer 1:36 PM 1/5/2011 by Alex Ben Block http://www.hollywoodreporter.com/news/paul-brigner-hired-mpaas-chief-68686 The Motion Picture Association of America, which has taken a leading role in protecting entertainment content worldwide, has created a new position for a chief technology policy officer to spearhead issues impacting the protection of intellectual property. Paul Brigner, who has also been named senior vice president, will report to Bob Pisano, MPAA president and interim CEO, and will be based at Washington, D.C. headquarters when he begins on Jan. 10. He will also be involved in creating industry standards to help consumers access content in the digital era. ?Paul?s depth and breadth of experience will be crucial as he helps steer our members through a rapidly changing technological landscape. With his counsel, we will continue to strike a balance between protecting the intellectual property rights of our members and our continuing desire to provide fans around the world with the content they enjoy in the format of their choice,? Pisano said in a statement. Brigner, who has a MBA and law degree from Georgetown, most recently was executive director, Internet and technology policy for Verizon, and held senior positions at Digital Focus and Cambridge Technology Partners. From rforno at infowarrior.org Wed Jan 5 19:34:36 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 5 Jan 2011 20:34:36 -0500 Subject: [Infowarrior] - More info on Goldman-Facebook offering Message-ID: <5AB75FBE-5AFD-4331-963B-ED82D0DEDA5C@infowarrior.org> (GS making out like a bandit on the fees here. Wonder how many takers they have. -- rick) Bloomberg Goldman Sachs May Sell or Hedge Facebook Stake Without Warning January 05, 2011, 8:12 PM EST By Max Abelson and Christine Harper http://www.businessweek.com/news/2011-01-05/goldman-sachs-may-sell-or-hedge-facebook-stake-without-warning.html Jan. 6 (Bloomberg) -- Goldman Sachs Group Inc. clients considering whether to buy shares in closely held Facebook Inc. should take heed: Wall Street?s most profitable securities firm could unload its own holdings without letting them know. In the last sentence of a one-page investment profile sent to private wealth clients, the firm explains: ?GS Group may at any time further reduce its exposure to its investment in Facebook (through hedging arrangements, sales or otherwise), without notice to the fund or investors in the fund.? The offering document, obtained by Bloomberg News, shows that $75 million of the $450 million investment in Facebook by Goldman Sachs is coming from Goldman Sachs Investment Partners, a hedge fund that handles client money. The firm?s own $375 million investment will probably be cut to $300 million because Goldman Sachs expects to sell $75 million to third parties or to the fund it created so clients could buy a stake in Facebook. ?There may be conflicts of interest relating to the underlying investments of the fund and Goldman Sachs,? according to the Facebook offering document?s disclosures section. Material in the documents ?is not guaranteed as to accuracy or completeness.? Goldman Sachs paid $550 million in July to settle fraud charges filed by the Securities and Exchange Commission relating to the 2007 sale of a mortgage-linked investment called Abacus. The company said it made a ?mistake? by failing to inform clients in the 2007 deal that it allowed a hedge fund betting against the investment to help put together the deal. Stephen Cohen, a Goldman Sachs spokesman in New York, declined to comment yesterday. Rules for Clients To get a stake in Facebook, Goldman Sachs clients are required to make a minimum investment of $2 million by Jan. 7 in what?s described as limited partnerships based in the Cayman Islands and Delaware. Goldman Sachs is charging 0.5 percent of any capital committed to the partnership as an ?expense reserve? as well as a 4 percent placement fee and 5 percent of any gains, according to the document. Facebook has more than 600 million monthly active users, of whom more than 230 million access the site on mobile devices, the document shows. Statistics available on Facebook?s website indicate it has more than 500 million monthly active users and more than 200 million access from mobile devices. A letter addressed to ?potential investor? that introduces the Facebook investment profile ends with a two- sentence paragraph. The first asks potential investors to contact a Goldman Sachs representative for further information. The second says: ?Do not contact Facebook.? --With assistance from Brian Womack in San Francisco. Editors: Dan Reichl, Otis Bilodeau To contact the reporters on this story: Max Abelson in New York at mabelson at bloomberg.net; Christine Harper in New York at charper at bloomberg.net To contact the editor responsible for this story: David Scheer at dscheer at bloomberg.net. From rforno at infowarrior.org Wed Jan 5 19:38:44 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 5 Jan 2011 20:38:44 -0500 Subject: [Infowarrior] - Five reasons why I'm not buying Facebook Message-ID: (OK, to followup my previous comment, apparently Goldman got ton of investors and are closing the 'offering' a day earlier than planned. -- rick) Five reasons why I'm not buying Facebook Posted by Duff McDonald, Contributing Editor January 4, 2011 12:13 pm http://finance.fortune.cnn.com/2011/01/04/five-reasons-why-im-not-buying-facebook/ Before you start scrambling to get a piece of the Facebook pie, it's worth looking at a few glaring risk factors. Excuse me for raining on the Facebook parade, but yesterday's news about the $450 million investment by Goldman Sachs (GS) and $50 million from Russia's Digital Sky Technology didn't move me the way it seemed to move others. This despite the suggested $50 billion valuation, as big and beautiful a number as the stock market has seen in some time. I am certainly not moved in the same way it appears to have moved Goldman's own clients: the Wall Street firm has pledged to line up another $1.5 billion in sales to its high net worth investors, who are said to be champing at the bit to get a piece of the action, which starts with a $2 million minimum. Not that I have $2 million lying around, but I wouldn't buy this stock if I did. Reason #1: Someone who knows a lot more than I do is selling. While the identities of the specific sellers remain unknown, the current consensus seems to be that most will be from venture capital investors like Accel Partners, Peter Thiel, and Greylock Partners. Maybe Mark Zuckerberg will kick in $50 million or so himself, just for some fooling around money. But it's not a dilutive primary offering from the company. "Facebook needs no cash!" say its cheerleaders. Okay, fine. Let's just say for argument's sake that it is early stage investors who are selling. Why would they sell? Because they're in need of cash to invest somewhere else? The way the social network is talked about these days, it's the best investment opportunity in town. So why would anyone want to forsake it? And don't give me that crap about VCs being "early stage" and wanting to cash out of a "mature" investment. These people are as money hungry as any other institutional investor, and would let it ride unless?.they saw something that suggested that the era of stupendous growth was over. Facebook reached 500 million users in July. There's been no update since, even though the company had meticulously documented every new 50 million users to that point. Might the curve have crested? And let's not even talk about the fact that they don't really make much money per user ? a few dollars a year at most. (Its estimated $2 billion in 2010 revenues would amount to $4 per user at that base.) I certainly haven't spent any money on the site, despite being a fairly regular visitor. And any advertiser who is trying to target me on the social network is wasting their money. But that's just me. Reason #2: Goldman Sachs. I've got nothing against Goldman Sachs. Hell, I worked there. But when Reuters' Felix Salmon says that the Goldman investment "ratifies" a $50 billion valuation, he's only half right. That is, someone, somewhere?perhaps the Russians at DST Global?might just believe this imaginary number. (It's hard to see why, though: DST got in at a $10 billion valuation in May 2009. Facebook's user base has more than doubled since then. So its valuation should?quintuple?) But concluding that Goldman Sachs believes in a $50 billion valuation is poor reasoning. As Salmon does point out, Goldman has likely earned the lead book runner slot in any initial public offering. Consider a 20% sale of the company in such an event ? or $10 billion at today's "valuation" ? and a 2% underwriting fee of $200 million. Goldman would have to share such spoils, so let's call it $100 million into their pocket. Subtracting that underwriting fee from the Goldman investment, and you could easily make the case that for a net purchase price of $350 million, Goldman's ante only values Facebook at $39 billion. Hey, that's just off by $11 billion, so don't worry about it. Buy your shares where you can get them. In other words, go open a $10 million minimum private client account at Goldman Sachs. (Who says Goldman didn't learn its lesson about shafting its own customers? This time around, they've managed to get the customers to line up the shaft themselves.) Reason #3: Zynga. For all the success of the largely-Facebook-hosted games of Farmville and Cityville, it's hard not to wonder what the success of the anachronistic game maker Zynga really means. Do people really miss their Atari that much? I doubt there's any crossover between the people playing Farmville and those playing the technologically advanced Call of Duty: Black Ops. Which is fine ? to each his own. But all the Zynga games make me think about is Wal-Mart (WMT). Which is also fine ? there's nothing wrong with being compared to one of the world's most successful companies. But here's the disconnect: if Facebook's future success depends on aiming for the lowest common denominator with the most people possible, that implies pretty slim margins a la Wal-Mart. You think they're going to justify a $50 billion market capitalization through banner ads? Are you kidding me? Reason #4: The niggling details. Important question: Just what are Facebook's numbers? Important answer: Who the hell knows? In November, Zuckerberg told the world not to hold its breath for an IPO. No worries, Mark, because I'm not. Google (GOOG), if you recall, was pretty open by the end of its life as a private company ? everybody knew what it was doing and how it was doing it. Facebook (and, in the same sense, Twitter) reminds me of Kozmo.com during the dot-com boom. Kozmo, you will recall, somehow had people convinced that they were going to make tons of money doing something remarkably pedestrian ? that is, delivering Ben & Jerry's by bicycle to Manhattanites. (I remember sitting in the offices of Flatiron Partners way back when. Someone ordered some ice cream on the Web, and ? voila! ? half an hour later some delivery guy shows up. Kind of like what would happen if you called the deli on the phone. The future was ours to see!) Facebook reportedly pulled in $2 billion in revenues in 2010. I don't know about you, but I'm disinclined to pay 25 times revenues for anything, let alone a company the finances of which I know pretty much nothing about. Reason #5: Warren Buffett. The legendary investor cautions those looking at outsize valuations to consider one's purchase of company stock in a different way than price of an individual share, whatever it may be. He suggests one look at the total market valuation ? in this case, a sketchy $50 billion ? and to consider: Would you buy the whole company for that price, if you had the money? The market value of Goldman Sachs is just $88 billion. I'd take more than half that company over the whole of Facebook any day of the week. I bet Warren Buffett would too. From rforno at infowarrior.org Thu Jan 6 19:31:22 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 6 Jan 2011 20:31:22 -0500 Subject: [Infowarrior] - Why the Mac App Store Sucks Message-ID: <61554BAD-A50E-4C64-B1AC-DC15AC2A2DA3@infowarrior.org> Why the Mac App Store Sucks http://lifehacker.com/5726764/ Apple launched the Mac App Store today, allowing you to browse, search, read reviews, and buy Mac software of all kinds in one streamlined location. And it's terrible. Here's why. For a counterpoint, check out why you might really like the Mac App Store in the long run. Sure, the Mac App Store is a good idea in theory. Just like the Linux repositories that came before it, it provides a one-stop shop for all your software needs. There's just one big problem: Apple made it. You'll Have to Re-Purchase Many of Your Apps One of the biggest questions on everyone's mind is "can I take advantage of the App Store if I've already purchased an app?" The answer is no. Developers have confirmed that there isn't currently a way to migrate your purchases to the App Store for free, so even if an app shows up as "installed" under the Mac App Store, you still won't be able to get updates for it. You'll have to re-purchase an app to get full App Store support. Sure, some developers are trying to work around this, but most are stuck with no easy solution. If you've spent years using Macs and purchasing good commercial software, it's unlikely that you'll be able to take advantage of the App Store anytime soon without shelling out more money?basically, those that use free software are fine, but those that pay to support good developers are doing so with no thanks from Apple. You Won't Be Able to Test Trial, Demo, or Beta Versions of Software One of the best parts about commercial software is that you are often allowed to try a piece of software for 30 days before buying. That way, you know whether the software is worth your money or not. Furthermore, those of us that like to live on the edge can test out beta versions of software to help the developers find and fix bugs, and in return we get a sneak peek of upcoming features. If you use the Mac App Store to download software, however, you will not benefit from either of these. One of the restrictions on the Mac App Store is that no pieces of software will allowed to be labeled as "trial", "demo", or "beta" versions. This rule is annoying enough in the iOS store, but it's worse on the Mac. Most mobile apps only run for a few bucks a pop, so if I hear that an app is really good or I think it sounds like something useful, I can usually risk spending $0.99 to try it out. Desktop software tends to be more expensive, though. I don't want to spend $20 just to see if an app is the right one for me?I'd like to be able to try out all its features (meaning no "lite" versions) before buying. It Will Be Harder to Get Support Forget that Apple's taking 30% of each developer's paycheck, but they're also making it harder for developers to give us good support. Before, you could just download an app from a developer, try it out, and get support directly from them. Now, though, with Apple as a middleman, the developer doesn't always have as much power to fix problems that arise. They can't release quick updates, since all updates have to be approved by Apple. They can't fix any problems you have with downloading or purchasing an app (that's all on Apple's head). Having Apple in the middle of the developer/customer relationship is just going to muddle things up and make it more difficult for everyone involved. Apps Will Still Be Heavily Restricted The other restrictions on apps are just as ridiculous as on iOS, although once again, they have much more weight on the Mac. There's a pretty hefty list of them, that are all going to basically require developers write toned-down versions of their apps, most notably: No paid upgrades: One of the great ways developers reward longtime users is by offering updates to them at a discounted price. This won't be allowed in the App Store?if a developer wants to have a paid upgrade, they'll have to submit it as a completely separate app, and everyone will have to buy it again at the same price. No background processes or login items: Apps aren't allowed to keep any code running in the background after they've been quit. So, for example, Apple's own FaceTime has the convenience of staying out of your way until you get a call, but you're going to have to manually launch and keep any other video chat program fully open and minimized at all times. That doesn't seem fair, does it? No imitating the UI of other applications: Apps aren't allowed to imitate other pre-bundled Apple programs. Not only is this something most users want (how many times have you heard someone say they don't like an app because it doesn't "fit in" with other Mac programs?), but it's really vague. Does this mean no Adium, since it often imitates iChat? Where's the line? I can see this being an annoyance (or at least confusing) for both developers and users. Many Apps Just Plain Won't Make it To the Store The above are just a few examples of restrictions that will be placed on software inside the App Store. There are, of course, much heavier restrictions that basically eliminate any possibility of some apps getting accepted in the first place, like: No root permissions: No apps are allowed to request root permissions (even with the user's consent), which means that no backup software or anything else that needs access to system files. No programs that download other programs: This is also pretty vague, but does this mean no other browsers? Does this mean no FTP clients, or anything else you could use to share files (like Dropbox)? Or are we just talking about downloading and executing code? Will we see free and open source software?: This one's just speculation right now, but we saw what almost happened with VLC in the iOS App Store: VideoLan decided Apple's closed-off model might violate the GPL. It doesn't seem there's been a consensus on this yet (and VLC is still in the iOS app store), but developers that really care about software being free (as in speech, not as in beer) may just stay away entirely. Of course, you aren't required to use the Mac App Store. And you should take advantage of that fact. From the looks of it now, the headache that this is going to cause far outweighs the minor benefits. Sure, it's a one-stop shop for all your software?but honestly, I'll stick to scouring Google if it means I can bypass Apple's walled garden. If half the apps I use won't even end up in the App Store to begin with, then what benefits am I reaping by using it? What I really fear, though, that the store will have repercussions on us that don't even use it?how many developers do you think are going to code two versions of their apps, just to keep us old-fashioned users reaping the benefits of an free market? I wouldn't wager that many would. Of course, you all probably have your own opinions, whether you agree with us or not. So share your thoughts with us in the comments! Send an email to Whitson Gordon, the author of this post, at whitson at lifehacker.com. From rforno at infowarrior.org Fri Jan 7 07:05:21 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 7 Jan 2011 08:05:21 -0500 Subject: [Infowarrior] - Jon Stewart Weighs In On The Facebook Investment Frenzy Message-ID: <5C680EEC-6488-403E-950E-2B2CB55CF8F0@infowarrior.org> ?The Daily Show? Weighs In On The Facebook Investment Frenzy [Video] John Stewart took a bite out of Facebook tonight on ?The Daily Show,? specifically Goldman Sachs? recent $450 million investment at a $50 billion valuation and what it means with regards to a possible Facebook IPO in 2012. Stewart wryly comments on the irony of Zuckerberg?s reluctance to go public, ?Mark Zuckerberg doesn?t want to be transparent? The guy whose immense success was founded on mining our personal data, the guy who shares my photos with the whole world unless I change my privacy settings every half an hour!?? Stewart also goes on to call John Battelle?s Web 2.0 Summit ?Nerdfest 2008? and show hypothetical pictures of Facebook employees having a money fight and frolicking in a cash bonfire and well ? Just watch. Trust me, it?s good. < -- > http://techcrunch.com/2011/01/07/facebook-4/ From rforno at infowarrior.org Fri Jan 7 09:41:47 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 7 Jan 2011 10:41:47 -0500 Subject: [Infowarrior] - The problem of Bufferbloat Message-ID: The criminal mastermind: bufferbloat! By gettys Each of these initial experiments were been designed to clearly demonstrate a now very common problem: excessive buffering in a network path. I call this ?bufferbloat?. We all suffer from it end-to-end, and not just in our applications, operating systems and home network, as you will see. Large network buffers can be thought of as ?dark buffers?, analogous to ?dark matter? in the universe; they are undetectable under many/most circumstances, and you can detect them only by indirect means. Buffers do not cause problems when they are empty. But when they fill they introduce additional latency (and create other problems, possibly very severe) to other traffic sharing the link. In the past, memory was expensive, and bandwidth on a link fixed; in most parts of the path your bytes take through the network, necessary buffering was easy to predict and there were strong cost incentives to minimize extra buffering. Times have changed, memory is really cheap, but our engineering intuition is to avoid dropping data. This intuition turns out to be wrong, and has become counter-productive. < -- > http://gettys.wordpress.com/2010/12/03/introducing-the-criminal-mastermind-bufferbloat/ Part 2 .... (really good piece) http://gettys.wordpress.com/2010/12/06/whose-house-is-of-glasse-must-not-throw-stones-at-another/ From rforno at infowarrior.org Fri Jan 7 16:05:41 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 7 Jan 2011 17:05:41 -0500 Subject: [Infowarrior] - Mass Market Encryption Software Export Eased Message-ID: <69904693-503B-46E0-9753-B58DC148816D@infowarrior.org> http://cryptome.org/0003/bis010711.htm SUMMARY: The Bureau of Industry and Security (BIS) is removing from the scope of items subject to the Export Administration Regulations (EAR) ``publicly available'' mass market encryption object code software with a symmetric key length greater than 64-bits, and ``publicly available'' encryption object code classified under Export Control Classification Number (ECCN) 5D002 on the Commerce Control List when the corresponding source code meets the criteria specified under License Exception TSU. This change is being made pursuant to a determination by BIS that, because there are no regulatory restrictions on making such software ``publicly available,'' and because, once it is ``publicly available,'' by definition it is available for download by any end user without restriction, removing it from the jurisdiction of the EAR will have no effect on export control policy. This action will not result in the decontrol of source code classified under ECCN 5D002, but it will result in a simplification of the regulatory provisions for publicly available mass market software and specified encryption software in object code. DATES: This rule is effective: January 7, 2011. From rforno at infowarrior.org Fri Jan 7 16:10:27 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 7 Jan 2011 17:10:27 -0500 Subject: [Infowarrior] - Internet Identity System Said Readied by Obama Administration Message-ID: Internet Identity System Said Readied by Obama Administration January 07, 2011, 7:10 AM EST By James Sterngold http://www.businessweek.com/news/2011-01-07/internet-identity-system-said-readied-by-obama-administration.html Jan. 7 (Bloomberg) -- The Obama administration plans to announce today plans for an Internet identity system that will limit fraud and streamline online transactions, leading to a surge in Web commerce, officials said. While the White House has spearheaded development of the framework for secure online identities, the system led by the U.S. Commerce Department will be voluntary and maintained by private companies, said the officials, who spoke on condition of anonymity ahead of the announcement. A group representing companies including Verizon Communications Inc., Google Inc., PayPal Inc., Symantec Corp. and AT&T Inc. has supported the program, called the National Strategy for Trusted Identities in Cyberspace, or NSTIC. ?This is going to cause a huge shift in consumer use of the Internet,? said John Clippinger, co-director of the Law Lab at Harvard?s Berkman Center for Internet and Society in Cambridge, Massachusetts. ?There?s going to be a huge bump and a huge increase in the amount and kind of data retailers are going to have.? Most companies have separate systems for signing on to e- mail accounts or conducting secure online transactions, requiring that users memorize multiple passwords and repeat steps. Under the new program, consumers would sign in just once and be able to move among other websites, eliminating the inconvenience that causes consumers to drop many transactions. Fewer Passwords For example, once the system is in place, Google would be able to join a trusted framework that has adopted the rules and guidelines established by the Commerce Department. From that point, someone who logged into a Google e-mail account would be able to conduct other business including banking or shopping with other members of the group without having to provide additional information or verification. Bruce McConnell, a senior counselor for national protection at the Department of Homeland Security, said NSTIC may lead to a big reduction in the size of Internet help desks, which spend much of their time assisting users who have forgotten their passwords. Because the systems would be more secure, he said, it may also result in many transactions that are now done on paper, from pharmaceutical to real estate purchases, to be done online faster and cheaper. A draft paper outlining NSTIC was released for comment by the White House in June. ?Who Do You Trust?? ?NSTIC could go a long way toward advancing one of the fundamental challenges of the Internet today, which is -- Who do you trust?? said Don Thibeau, chairman of the Open Identity Exchange, an industry group based in San Ramon, California, representing companies that support development of the new framework. ?What is holding back the growth of e-commerce is not technology, it?s policy. This gives us the rules, the policies that we need to really move forward.? The new system will probably hasten the death of traditional passwords, Clippinger said. Instead, users may rely on devices such as smartcards with embedded chips, tokens that generate random codes or biometric devices. ?Passwords will disappear,? said Clippinger. ?They?re buggy whips. The old privacy and security conventions don?t work. You need a new architecture.? Secure, Efficient Development of a more advanced security system began in August 2004, when President George W. Bush issued a Homeland Security Presidential Directive that required all federal employees be given smartcards with multiple uses, such as gaining access to buildings, signing on to government websites and insuring that only people with proper clearances would have access to restricted documents. The system was intended to be more secure and more efficient. The Obama administration advanced the process when it issued its ?Cyberspace Policy Review? in 2009. One of the 10 priorities was the security identification system. The federal government is facilitating what it calls a ?foundational? system in two ways. It is developing the framework for the identification plan, and it will make a large number of government agencies, services and products available through the secure system, from tax returns to reserving campsites at national parks. ?Innovation is one of the key aspects here,? said Ari Schwartz, a senior adviser for Internet policy at the Department of Commerce. ?There?s so much that could be done if we could trust transactions more.? Schwartz said use of the system, once companies voluntarily choose to participate, may spur a range of efficiencies and e- commerce similar to the way ATM machines transformed banking, opening the way to a growing number of services little by little. Privacy Concerns Civil libertarians have expressed concern that the system may not protect privacy as well as the government is promising. ?If the concept were implemented in a perfect way it would be very good,? said Jay Stanley, a senior policy analyst for privacy and technology at the New York-based American Civil Liberties Union. ?It?s a convenience. But having a single point of failure may not be good for protecting privacy. The devil?s really in the details.? He said the ACLU would ?vehemently oppose? anything that resembled a national ID card. Aaron Brauer-Rieke, a fellow at the Center for Democracy & Technology in Washington, a civil liberties group, said it was important that the system would be operated by private companies, not the government. He said he was concerned about how the data on consumer online transactions would be used. ?New identity systems will allow moving from one site to another with less friction and open up data flows, but might also enable new kinds of targeted advertising,? he said. ?We have to make sure privacy doesn?t get lost in this.? Schwartz and McConnell said the new system wouldn?t be a national identity card and that companies, not the government, would manage the data being passed online. ?There will not be a single data base for this information,? McConnell said. --Editors: Elizabeth Wollman, Joe Winski To contact the reporter on this story: James Sterngold in New York at jsterngold2 at bloomberg.net To contact the editor responsible for this story: David Scheer at dscheer at bloomberg.net. From rforno at infowarrior.org Fri Jan 7 16:21:29 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 7 Jan 2011 17:21:29 -0500 Subject: [Infowarrior] - Intel Claims DRM'd Chip Is Not DRM, It's Just Copy Protection Message-ID: http://www.techdirt.com/articles/20110107/10153912573/intel-claims-drmd-chip-is-not-drm-its-just-copy-protection.shtml Intel Claims DRM'd Chip Is Not DRM, It's Just Copy Protection There's been a lot of talk this week about Intel building DRM into its Sandy Bridge chip. I had initially passed on writing this story, as we seem to hear the same thing every few years. Back in 2005, for example, there were similar stories about Intel planning DRM built into its chip. However, what got me interested enough to actually write about this is Intel's bizarre response to the press coverage, in which they play one of the most ridiculous games of corporate doublespeak in ages. First, they insist it's not DRM. They say that right up in the headline: "No, It's Not DRM" Then they kick it off with an explanation of what DRM is, followed up by again saying: "I am not going to get into a discussion about the pros and cons of DRM in this blog; but I will say that Intel Insider is NOT a DRM technology." Ok. So what is it. That's in the next paragraph: Intel Insider is a service that enables consumers to enjoy premium Hollywood feature films streamed to their PC in high quality 1080P high definition. Currently this service does not exist because the movie studios are concerned about protecting their content, and making sure that it cannot be stolen or used illegally. So Intel created Intel insider, an extra layer of content protection. Um. So it is DRM. You just said it's not, and then described DRM. Content protection is DRM. I'm not sure exactly what Intel thinks it's doing here. If they say it's not DRM and then explain how it is DRM, they think people will think it's not DRM? If you're going to include DRM, just admit that it's DRM. Then we can argue about whether or not it's smart (and, no, it's not). From rforno at infowarrior.org Fri Jan 7 17:47:56 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 7 Jan 2011 18:47:56 -0500 Subject: [Infowarrior] - Microsoft wants to patent 'fans' Message-ID: <0A4E980E-6D0A-4166-8A1E-021F1DCFB154@infowarrior.org> Good luck with keeping that one, Redmond. --- rick Microsoft wants to patent 'fans' In a filing made public today, Microsoft is seeking a patent for something it calls "One-Way Public Relationships" in social networks and other online properties. Even though you've probably never heard or used that phrase, chances are you're involved in many of these types of relationships already. That's because it's more commonly known as being a "fan" of something online. < -- > http://techflash.com/seattle/2011/01/microsoft-applies-for-patent-on-being.html From rforno at infowarrior.org Fri Jan 7 22:40:34 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 7 Jan 2011 23:40:34 -0500 Subject: [Infowarrior] - US tells Twitter to hand over WikiLeaks supporter's messages Message-ID: <17A37A69-EDB2-4748-8722-BFD8DE8CCE2B@infowarrior.org> US tells Twitter to hand over WikiLeaks supporter's messages ? Dominic Rushe in New York ? The Guardian, Saturday 8 January 2011 http://www.guardian.co.uk/media/2011/jan/08/us-twitter-hand-icelandic-wikileaks-messages A member of parliament in Iceland who is also a former WikiLeaks volunteer says the US justice department has ordered Twitter to hand over her private messages. Birgitta Jonsdottir, an MP for the Movement in Iceland, said last night on Twitter that the "USA government wants to know about all my tweets and more since november 1st 2009. Do they realize I am a member of parliament in Iceland?" She said she was starting a legal fight to stop the US getting hold of her messages, after being told by Twitter that a subpoena had been issued. She wrote: "department of justice are requesting twitter to provide the info ? I got 10 days to stop it via legal process before twitter hands it over." She said the justice department was "just sending a message and of course they are asking for a lot more than just my tweets." Jonsdottir said she was demanding a meeting with the US ambassador to Iceland. "The justice department has gone completely over the top." She added that the US authorities had requested personal information from Twitter as well as her private messages and that she was now assessing her legal position. "It's not just about my information. It's a warning for anyone who had anything to do with WikiLeaks. It is completely unacceptable for the US justice department to flex its muscles like this. I am lucky, I'm a representative in parliament. But what of other people? It's my duty to do whatever I can to stop this abuse." Twitter would not comment on the case. In a statement, the company said: "We're not going to comment on specific requests, but, to help users protect their rights, it's our policy to notify users about law enforcement and governmental requests for their information, unless we are prevented by law from doing so." Most of Twitter's messages are public, but users can also send private messages on the service. Marc Rotenberg, president of the online watchdog the Electronic Privacy Information Centre (EPIC) in Washington, said it appeared the US justice department was looking at building a case against WikiLeaks and its founder, Julian Assange, over its publication of secret US documents. EPIC has already requested that the US authorities hand over information about their investigations into people who have donated to WikiLeaks via Mastercard, Visa or PayPal. "The government has the right to get information, but that has to be done in a lawful way. Is there a lawful prosecution that could be brought against WikiLeaks? It seems unlikely to me. But it's a huge question here in the US," said Rotenberg. Jonsdottir was involved in WikiLeaks' release last year of a video which showed a US military helicopter shooting two Reuters reporters in Iraq. US authorities believe the video was leaked by Private Bradley Manning. Adrian Lamo, the hacker who reported Manning to the authorities, indicated that Manning first contacted WikiLeaks in late November 2009 ? a period covered by the request for Jonsdottir's tweet history. In 2009 Jonsdottir invited Assange to a party at the US embassy in Reykjavik where he chatted with the ambassador to Iceland. WikiLeaks had recently published a secret report on the collapse of the country's banks. "I said it would be a bit of a prank to take him and see if they knew who he was. I don't think they had any idea," Jonsdottir said last year. The MP has distanced herself from Assange and WikiLeaks, saying he should take a step back to deal with an investigation in Sweden. The 39-year-old is fighting extradition to the country, where two women have accused him of sexual misconduct. He denies the allegations. In Iceland she has championed the Icelandic Modern Media Initiative which is aimed at creating legislation to make Iceland a legal haven for journalists and media outlets. She is not the first WikiLeaks associate to be targeted by US officials. Last July Jacob Appelbaum, one of Assange's closest colleagues, was interrogated for three hours and had his phones confiscated upon entering the country at Newark airport. Customs officials photocopied receipts and searched his laptop. The justice department did not returns calls seeking comment last night. From rforno at infowarrior.org Fri Jan 7 23:18:53 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 8 Jan 2011 00:18:53 -0500 Subject: [Infowarrior] - US revamps science, technology standard-setting efforts Message-ID: <231854E2-9AF5-4E7B-824D-B0F86945AA91@infowarrior.org> http://www.networkworld.com/community/blog/us-revamps-science-technology-standard-settin US revamps science, technology standard-setting efforts NIST to bolster cloud computing, green building, emergency communications development. By Layer 8 on Fri, 01/07/11 - 11:57am. The National Institute of Standards and Technology (NIST) has been given new marching orders: expand work with the private sector to develop standards for a range of key technologies such as cloud computing, emergency communications and tracking, green manufacturing and high performance green building construction. NIST could also see its core science and technology budget double by 2017. NIST has also cut the number of labs it runs to 6 from 10. NIST labs now include, engineering, physical measurement, information technology, material measurement, the Center for Nanoscale Science and Technology and the NIST Center for Neutron Research. In addition to the standards-setting bump, the NIST Director adds the title of undersecretary of Commerce for Standards and Technology. All of these changes are part of the America Competes Reauthorization Act of 2010 that President Obama signed this week and represents some of the biggest changes to the standards-setting body in years. And other changes are sure to come. For example, the White House's National Science and Technology Council recently issued a notice in the Federal Register looking for public input on development and implementation of future standards. "The subcommittee is seeking answers to such questions as: How is the Federal government doing with respect to standards activities? What works well? What can be improved? The challenges of the 21st century, including the need to build a clean energy economy, reduce the high cost of health care, and secure our information technology systems, require that we actively consider ways to enhance the efficiency and responsiveness of the standards development process. Send responses to SOS_RFI at nist.gov," according to the to the government's Office of Science and Technology Policy blog. The blog goes on to state: "Technical standards are not the stuff of everyday conversation, but they are crucial to smart development and economic growth. Since World War II, the United States has played a key role in international standardization-a role made possible by the unique public-private sector cooperation that has been a hallmark of the U.S. standardization system. Through this system, the private sector has largely led the way, with the Federal government engaging as both producer and consumer and with representatives from science and technology agencies often contributing to the standards development process through memberships on technical committees." The America Competes Act also goes beyond NIST and includes provisions to let every government agency conduct prize competitions. Prizes and challenges have an excellent track record of accelerating problem-solving by tapping America's top talent and best expertise. According to the Office of Science and Technology Policy blog: "Whether it's developing new products that will be manufactured in America, or getting and using energy more sustainably, or improving health care with better therapies and better use of information technology, or providing better protection for our troops abroad and our citizens at home, innovation will be key to our success." The prize competition idea follows on some very successful challenge programs offered by the X Prize Foundation and the government's own Defense Advanced Research Projects Agency and Challenge.gov site. From rforno at infowarrior.org Sat Jan 8 13:30:25 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 8 Jan 2011 14:30:25 -0500 Subject: [Infowarrior] - AZ Congresswoman, 6 Others, Killed By Gunman Message-ID: Congresswoman, 6 Others, Killed By Gunman January 8, 2011 http://www.npr.org/2011/01/08/132764367/congresswoman-shot-in-arizona Rep. Gabrielle Giffords and six others died after a gunman opened fire at a public event on Saturday, member station KJZZ in Phoenix has confirmed. The Pima County, Ariz., sheriff's office told news director Mark Moran the 40-year-old Democrat was killed. Giffords, who was re-elected to her third term in November, was hosting a "Congress on Your Corner" event at a Safeway in northwest Tucson when a gunman ran up and started shooting, according to Peter Michaels, news director of Arizona Public Media. Giffords was talking to a couple when the suspect ran up and fired indiscriminately from about four feet away, Michaels said. The suspect ran off and was tackled by a bystander. He was taken into custody. Witnesses described him as in his late teens or early 20s. Giffords was first elected to represent Arizona's 8th District in 2006. The "Congress on Your Corner" events allow constituents to present their concerns directly to her. Giffords was married to astronaut Mark Kelly, a veteran of Desert Storm. They have two children. From rforno at infowarrior.org Sat Jan 8 13:38:29 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 8 Jan 2011 14:38:29 -0500 Subject: [Infowarrior] - Clarification -- AZ Congresswoman, 6 Others, Killed By Gunman In-Reply-To: References: Message-ID: <4357E4CB-600D-4CBD-BDC5-49EE3E619E2F@infowarrior.org> Reuters reporting Congresswoman sitll alive in surgery at 1437. More to follow once confirmed. -- rick On Jan 8, 2011, at 14:30 , Richard Forno wrote: > > Congresswoman, 6 Others, Killed By Gunman > January 8, 2011 > > http://www.npr.org/2011/01/08/132764367/congresswoman-shot-in-arizona > > Rep. Gabrielle Giffords and six others died after a gunman opened fire at a public event on Saturday, member station KJZZ in Phoenix has confirmed. > > The Pima County, Ariz., sheriff's office told news director Mark Moran the 40-year-old Democrat was killed. > > Giffords, who was re-elected to her third term in November, was hosting a "Congress on Your Corner" event at a Safeway in northwest Tucson when a gunman ran up and started shooting, according to Peter Michaels, news director of Arizona Public Media. > > Giffords was talking to a couple when the suspect ran up and fired indiscriminately from about four feet away, Michaels said. > > The suspect ran off and was tackled by a bystander. He was taken into custody. Witnesses described him as in his late teens or early 20s. > > Giffords was first elected to represent Arizona's 8th District in 2006. The "Congress on Your Corner" events allow constituents to present their concerns directly to her. > > Giffords was married to astronaut Mark Kelly, a veteran of Desert Storm. They have two children. > From rforno at infowarrior.org Sat Jan 8 14:37:51 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 8 Jan 2011 15:37:51 -0500 Subject: [Infowarrior] - Giffords was on Palin's infamous "target" map Message-ID: <4D6D47AB-A895-4F59-892B-7329AED76533@infowarrior.org> Congresswoman Gabrielle Giffords shot in Arizona, was on Palin's infamous "target" map http://www.boingboing.net/2011/01/08/congresswoman-gabrie.html (Rick comment: Let's not forget the "We don't retreat, we reload" rhetoric (Palin) or Sharon Angle's "Second Amendment remedies" soundbytes. Neither the "target" map nor these soundbytes have 'made' the news coverage yet. If the shooter cites such soundbytes in his interrogation or trial, there will be political hell to pay for these people's choice of words on the campaign trail.) -- rick From rforno at infowarrior.org Sat Jan 8 14:40:19 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 8 Jan 2011 15:40:19 -0500 Subject: [Infowarrior] - Pentagon, industry swap cyber experts Message-ID: <6E1146CB-8E6B-4886-A14E-7D147EE0A0BC@infowarrior.org> Pentagon, industry swap cyber experts January 3, 2011 http://www.federalnewsradio.com/index.php?nid=150&sid=2220417 A new year and a new pilot program. The Pentagon and top industry are launching a program to swap cybersecurity experts. The idea is to beef up information sharing and cybersecurity defenses by exchanging know-how. Information Security reports the program would involve temporary assignment of DoD cybersecurity experts to companies and private sector experts to the Pentagon. DISA, DARPA and the Office of Naval Research are just a few of the DoD agencies that have signed up for the program. From rforno at infowarrior.org Sat Jan 8 14:49:14 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 8 Jan 2011 15:49:14 -0500 Subject: [Infowarrior] - Work commences on $1B NSA 'spy' center Message-ID: <42EB3AB4-9764-4E8E-AE38-9AB2412630BF@infowarrior.org> Work commences on $1B NSA 'spy' center Cyber intelligence data center reportedly will support the Comprehensive National Cybersecurity Initiative ? By Henry Kenyon ? Jan 07, 2011 http://defensesystems.com/articles/2011/01/07/nsa-spy-cyber-intelligence-data-center-utah.aspx?admgarea=DS The U.S. Army Corps of Engineers broke ground this week on a massive new National Security Agency cyber intelligence center in Utah. Located at Camp Williams, 25 miles south of Salt Lake City, the $1.2 billion facility ? officially known as the Utah Data Center ? will be responsible for collecting and aggregating incoming intelligence data. According to USACE, the center will have 100,000 square feet of raised-floor data center space and more than 900,000 square feet of technical support and administrative space. Support facilities will include an electrical substation, a vehicle inspection facility and visitor control center, fuel storage, water storage, and a chiller plant. Camp Williams is a National Guard training site operated by the Utah National Guard. Nextgov reported that the facility will support the Comprehensive National Cybersecurity Initiative, which seeks to improve how the federal government defends sensitive data and agency networks from state- and nonstate-based threats. Nextgov also noted that, in 2009, national security officials said the Utah Data Center would support the intelligence community by helping collect foreign intelligence about cybersecurity threats and protecting Defense Department networks. The facility will also offer technical aid to the Homeland Security Department in defending the networks of civilian federal agencies. The facility?s potential for cyber intelligence has already earned it the name Spy Center within the intelligence community, theDeseret News reported. Additionally, the Deseret News noted that the center, also known as the Community Comprehensive National Cybersecurity Initiative Data Center, is the first of its kind for the U.S. intelligence community. Speaking at this week?s groundbreaking ceremony, Sen. Orrin Hatch (R-Utah) said, ?Just as we defend our lands, America also needs to also defend our cyberspace. The data center will be part of our expanding efforts to defend our Department of Defense computer systems from cyberattack and will also pay a key role in helping [the Homeland Security Department] keep our government?s civilian computer systems safe.? Hatch added that he began work on bringing the data center to his state in 2007. After consulting with senior members of the intelligence community, officials chose Camp Williams over 37 other potential sites for the facility in 2008. According to the senator?s office, Hatch worked with congressional committees to ensure that the center was fully authorized and avoided any regulatory pitfalls. He told the Deseret News that he promoted Utah because of its affordable energy costs, Internet infrastructure, energetic software industry and the camp?s proximity to Salt Lake City International Airport. USACE will construct a 1.5 million-square-foot facility on 200 acres inside Camp Williams. Hatch said the center will provide 5,000 to 10,000 construction jobs and employ 100 to 200 people when it opens. According to Nextgov, power requirements are one of the reasons NSA looked West for its new facility. The center will need 65 megawatts, which can be more affordably accessed in Utah than at NSA?s headquarters in Fort Meade, Md. The region?s ample power supply will also allow the agency to expand its facilities there, something that it cannot do in Maryland. Data Center Knowledge reported that NSA?s operations at Fort Meade have been constrained since 2006, when the agency maxed out the capacity of the Baltimore Gas and Electric power grid. Nextgov noted that the center?s $1.2 billion cost does not include the price of hardware, data storage, software maintenance and secure communications systems, which could cost an additional $2 billion. The facility is scheduled to be completed by October 2013. From rforno at infowarrior.org Sat Jan 8 14:52:37 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 8 Jan 2011 15:52:37 -0500 Subject: [Infowarrior] - Germany Blasted with Cyber Attacks in 2010; Plans Cyber-Defense Cente Message-ID: <726D8C4B-2F04-4772-8C7D-721A4ACFD037@infowarrior.org> Germany Blasted with Cyber Attacks in 2010; Plans Cyber-Defense Center http://www.thenewnewinternet.com/2010/12/28/germany-blasted-with-cyber-attacks-in-2010-plans-cyber-defense-center/ Germany experienced a significance increase in cyber attacks in 2010, many originating in China, and plans to set up a special center next year to counter the problem, the government said Monday. ?There has been a sharp rise in so-called electronic attacks on the networks of German government and local authorities,? German Interior Ministry spokesman Stefan Paris said at a briefing, according to AFP. ?Germany is a very high-tech country with considerable experience and know-how, so of course others will naturally try to get hold of this knowledge . . . China is playing a large role in this.? In the first nine months of 2010, the country saw some 1,600 cyber attacks, compared to around 900 for the whole of 2009, plus most likely a considerable number that went undetected, he said. The new center will focus on pooling the findings of all of the government agencies that have thus far been tasked with identifying and fighting cyber attacks, including the Federal Office for Information Security, federal criminal investigators and German intelligence agencies, according to Spiegel Online. However, the center?s focus will not be solely be on government ministries and agencies, but will also include private businesses that are targeted by malware attacks that cost the German economy upward of 10 million euros, Spiegel reported. From rforno at infowarrior.org Sat Jan 8 14:54:47 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 8 Jan 2011 15:54:47 -0500 Subject: [Infowarrior] - Julian Assange, Information Anarchist Message-ID: <65798777-C3D0-4424-9023-8EABE8236D8A@infowarrior.org> Julian Assange, Information Anarchist 06 Dec 2010 L. Gordon Crovitz http://online.wsj.com/article/SB10001424052748703989004575653113548361870.html Whatever else WikiLeaks founder Julian Assange has accomplished, he's ended the era of innocent optimism about the Web. As wiki innovator Larry Sanger put it in a message to WikiLeaks, "Speaking as Wikipedia's co-founder, I consider you enemies of the U.S.?not just the government, but the people." The irony is that WikiLeaks' use of technology to post confidential U.S. government documents will certainly result in a less free flow of information. The outrage is that this is Mr. Assange's express intention. .This batch includes 250,000 U.S. diplomatic cables, the kind of confidential assessments diplomats have written since the era of wax seals. These include Saudi Arabia's King Abdullah urging the U.S. to end Iran's nuclear ambitions?to "cut the head off the snake." This alignment with the Israeli-U.S. position is not for public consumption in the Arab world, which is why leaks will curtail honest discussions. Leaks will also restrict information flows within the U.S. A major cause of the 9/11 intelligence failures was that agencies were barred from sharing information. Since then, intelligence data have been shared more widely. The Obama administration now plans to tighten information flows, which could limit leaks but would be a step back to the pre-9/11 period. Mr. Assange is misunderstood in the media and among digirati as an advocate of transparency. Instead, this battening down of the information hatches by the U.S. is precisely his goal. The reason he launched WikiLeaks is not that he's a whistleblower?there's no wrongdoing inherent in diplomatic cables?but because he hopes to hobble the U.S., which according to his underreported philosophy can best be done if officials lose access to a free flow of information. In 2006, Mr. Assange wrote a pair of essays, "State and Terrorist Conspiracies" and "Conspiracy as Governance." He sees the U.S. as an authoritarian conspiracy. "To radically shift regime behavior we must think clearly and boldly for if we have learned anything, it is that regimes do not want to be changed," he writes. "Conspiracies take information about the world in which they operate," he writes, and "pass it around the conspirators and then act on the result." His central plan is that leaks will restrict the flow of information among officials?"conspirators" in his view?making government less effective. Or, as Mr. Assange puts it, "We can marginalize a conspiracy's ability to act by decreasing total conspiratorial power until it is no longer able to understand, and hence respond effectively to its environment. . . . An authoritarian conspiracy that cannot think efficiently cannot act to preserve itself." Berkeley blogger Aaron Bady last week posted a useful translation of these essays. He explains Mr. Assange's view this way: "While an organization structured by direct and open lines of communication will be much more vulnerable to outside penetration, the more opaque it becomes to itself (as a defense against the outside gaze), the less able it will be to 'think' as a system, to communicate with itself." Mr. Assange's idea is that with enough leaks, "the security state will then try to shrink its computational network in response, thereby making itself dumber and slower and smaller." WikiLeaks founder Julian Assange hopes to hobble the U.S. government. Or as Mr. Assange told Time magazine last week, "It is not our goal to achieve a more transparent society; it's our goal to achieve a more just society." If leaks cause U.S. officials to "lock down internally and to balkanize," they will "cease to be as efficient as they were." This worldview has precedent. Ted Kaczynski, another math-obsessed anarchist, sent bombs through the mail for almost 20 years, killing three people and injuring 23. He offered to stop in 1995 if media outlets published his Unabomber Manifesto. The 35,000-word essay, "Industrial Society and Its Future," objected to the "industrial-technological system" that causes people "to behave in ways that are increasingly remote from the natural pattern of human behavior." He's serving a life sentence for murder. Mr. Assange doesn't mail bombs, but his actions have life-threatening consequences. Consider the case of a 75-year-old dentist in Los Angeles, Hossein Vahedi. According to one of the confidential cables released by WikiLeaks, Dr. Vahedi, a U.S. citizen, returned to Iran in 2008 to visit his parents' graves. Authorities confiscated his passport because his sons worked as concert promoters for Persian pop singers in the U.S. who had criticized the theocracy. The cable reported that Dr. Vahedi decided to escape by horseback over the mountains of western Iran and into Turkey. He trained by hiking the hills above Tehran. He took extra heart medication. But when he fell off his horse, he was injured and nearly froze. When he made it to Turkey, the U.S. Embassy intervened to stop him being sent back to Iran. "This is very bad for my family," Dr. Vahedi told the New York Daily News on being told about the leak of the cable naming him and describing his exploits. Tehran has a new excuse to target his relatives in Iran. "How could this be printed?" Excellent question. It's hard being collateral damage in the world of WikiLeaks. From rforno at infowarrior.org Sat Jan 8 15:03:58 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 8 Jan 2011 16:03:58 -0500 Subject: [Infowarrior] - Understanding Social Networking and National Security Message-ID: Mastering the Art of Wiki: Understanding Social Networking and National Security By James Jay Carafano http://www.ndu.edu/press/social-networking-national-security.html Dr. James Jay Carafano is Deputy Director of the Kathryn and Shelby Cullom Davis Institute for International Studies and Director of the Douglas and Sarah Allison Center for Foreign Policy Studies at the Heritage Foundation. From rforno at infowarrior.org Sat Jan 8 15:07:34 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 8 Jan 2011 16:07:34 -0500 Subject: [Infowarrior] - A Commander's Strategy for Social Media Message-ID: <3E13B371-4100-4284-BD96-2E1FEE5CB44D@infowarrior.org> A Commander's Strategy for Social Media By Thomas D. Mayfield III http://www.ndu.edu/press/commanders-strategy-social-media.html ________________________________ Colonel Thomas D. Mayfield III, USA, is Chief, Plans Division (G3), Headquarters U.S. Army From rforno at infowarrior.org Sat Jan 8 15:18:10 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 8 Jan 2011 16:18:10 -0500 Subject: [Infowarrior] - U.S. Subpoenas Twitter Over WikiLeaks Supporters Message-ID: <2C97A432-4364-4ED8-8A5A-DF77B9AD5F27@infowarrior.org> January 8, 2011 U.S. Subpoenas Twitter Over WikiLeaks Supporters By SCOTT SHANE and JOHN F. BURNS http://www.nytimes.com/2011/01/09/world/09wiki.html?hp=&pagewanted=print WASHINGTON ? Prosecutors investigating the disclosure of thousands of classified government documents by the anti-secrecy group WikiLeaks have gone to court to demand the Twitter account activity of several people linked to the organization, including its founder, Julian Assange, according to the group and a copy of a subpoena made public late Friday. The subpoena is the first public evidence of a criminal investigation, announced last month by Attorney General Eric H. Holder Jr., that has been urged on by members of Congress of both parties but is fraught with legal and political difficulties for the Obama administration. It was denounced by WikiLeaks, which has so far made public only about 1 percent of the quarter-million confidential diplomatic cables in its possession but has threatened to post them all on the Web if criminal charges are brought. Dozens of Pentagon and State Department officials have worked for months to assess the damage done to American diplomatic and military operations by the disclosures. In recent weeks, Justice Department officials have been seeking a legal rationale for charging Mr. Assange with criminal behavior, investigating whether he had actively solicited leaks and or provided technology to facilitate them. The move to get the information from five prominent figures tied to the group was revealed late Friday, when Birgitta Jonsdottir, a former WikiLeaks activist who is also a member of Iceland?s Parliament, received an e-mail notification from Twitter. In the message, obtained by The New York Times, the company told her it had received a legal request for details regarding her account. It supplied the names of lawyers who specialize in electronic communications, and warned that the company would have to respond to the request unless the matter was resolved or ?a motion to quash the legal process has been filed.? The subpoena was attached. The subpoena was issued by the United States attorney for the Eastern District of Virginia on Dec. 14 and asks for the complete account information of Pfc. Bradley Manning, the Army intelligence specialist awaiting a military court martial under suspicion of leaking materials to WikiLeaks, as well as Ms. Jonsdottir, Mr. Assange and two computer programmers, Rop Gonggrijp and Jacob Appelbaum. The request covers addresses, screen names, telephone numbers and credit card and bank account numbers, but does not ask for the content of private messages sent using Twitter. Some published reports in recent weeks have suggested that the Justice Department may have secretly impaneled a grand jury in the Eastern District of Virginia, which often handles national security cases, to take evidence in the WikiLeaks inquiry. But the subpoena, unsealed by a Jan. 5 court order at the request of Twitter?s lawyers, was not issued by a grand jury. In messages in its own Twitter feed, WikiLeaks confirmed the subpoena, and suggested that Google and Facebook might also have been issued such legal demands. Officials for Facebook declined to comment, and Google did not immediately respond to an inquiry. WikiLeaks suggested that the United States was hypocritical for promoting an ?Internet Freedom? initiative and decrying Iran?s interference with activists? use of the Internet while pursuing a criminal investigation of the group?s activities. Using the abbreviation for direct messages, the only messages on Twitter that are not publicly accessible for some users, WikiLeaks said, ?If the Iranian govt asked for DMs of Iranian activists, State Dept. would be all over this violation of ?Internet freedom.? ? Mr. Appelbaum wrote in his Twitter feed on Saturday that Twitter?s lawyers had warned him against using or receiving private messages using the service. ?Do not send me Direct Messages,? he wrote. ?My Twitter account contents have apparently been invited to the (presumably-Grand Jury) in Alexandria.? Jodi Olson, a spokeswoman for Twitter, said the company would not comment on the subpoena. But she said that ?to help users protect their rights, it?s our policy to notify users about law enforcement and governmental requests for their information, unless we are prevented by law from doing so.? Of the five individuals named in the subpoena, only two ? Mr. Manning and Mr. Appelbaum ? are American citizens. The others include an Australian, Mr. Assange; Ms. Jonsdottir, of Iceland; and Mr. Gonggrijp, a Dutch citizen. This raised the possibility of a diplomatic quarrel between the United States and allied nations whose citizens were among those covered by the subpoena. They could argue that American laws were being used to stifle free communications between individuals who were not American citizens, and who were not in the United States at the time of the messages. Reached by telephone in Iceland, Ms. Jonsdottir said that she would be filing an appeal. She said that she had not exchanged sensitive information using her Twitter account, ?but it?s just the fact that another country would request this sort of personal information from an elected official without having any case against me.? Iceland?s foreign minister, she said, has requested a meeting with the American ambassador to Iceland to ask, among other things, whether a grand jury inquiry prompted the subpoena. ?It is so sad,? she said. ?I have so many friends in the U.S., and there are so many things that I respect about it. This is not how America wants to present itself to the world.? Obama administration officials on Saturday indicated that the investigation was still in an early phase, with a broad net cast for evidence regarding WikiLeaks? interactions with Private Manning, 23, who has been held for months in a military detention center at Quantico, Va., on suspicion of being WikiLeaks? source for the classified military and diplomatic records. The subpoena seeks Twitter account activity since Nov. 1, a few weeks before Private Manning is alleged to have started downloading documents from his military computer and giving them to WikiLeaks. Glenn Greenwald, a lawyer and writer who posted the subpoena on his blog at Salon.com, suggested investigators may be focusing on the first of the disclosures of which Private Manning has been accused ? a military video depicting two American helicopters in Iraq in 2007 firing at people on the ground who included two Reuters journalists, both of whom were killed. An edited version of the video listed Mr. Assange, Ms. Jonsdottir, and Mr. Gonggrijp as producers. Leak prosecutions have been rare and have almost always focused on government employees who disclose classified information, not on journalists or others who publish it. In its first two years, the Obama administration has charged five current or former government employees for such leaks, a record. But there has never been a successful prosecution of a nongovernment employee for disseminating classified information. Most legal experts believe that efforts to bring criminal charges against WikiLeaks volunteers would face numerous practical and legal obstacles, and some human rights organizations and constitutional scholars have said such a prosecution could damage press freedom. Technology and telecommunications companies receive thousands of subpoenas and court orders every year in which government and law enforcement authorities demand a broad range of information about their customers, from the content of their e-mails, to the Internet Protocol addresses of their computers, to their files that are stored online and location data from their cellphones. The volume of requests has become so large, and the rules guarding personal information so patchy, that in March a coalition of Internet companies and communications carriers teamed up with civil liberties groups in an effort to lobby Congress. The coalition, Digital Due Process, wants to strengthen the privacy protections for online information and simplify the laws governing access to those records by law enforcement authorities. WikiLeaks faced severe criticism after it posted military documents from the war in Afghanistan in July without removing the names of Afghan citizens who had assisted the United States. Since then, WikiLeaks has become far more cautious, stripping names out of Iraq war documents posted online and moving slowly in publishing the 251,287 diplomatic cables it obtained six months ago. As of Saturday morning, the group had published 2,017 State Department cables on its Web site. But Mr. Assange has posted an encrypted ?insurance? file on several Web sites containing all or most of the unpublished cables and possibly other classified documents. Thousands of supporters around the world have downloaded the file, and Mr. Assange has suggested that if legal action is taken against him or the organization, he would release the encryption key and make the documents public. ?If something happens to us, the key parts will be released automatically,? Mr. Assange said in an online interview with readers of The Guardian last month. Scott Shane reported from Washington, and John F. Burns from London. Reporting was contributed by Ravi Somaiya from London, Claire Cain Miller and Miguel Helft from San Francisco, Eric Lipton from Washington, and J. David Goodman from New York. From rforno at infowarrior.org Sat Jan 8 15:25:19 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 8 Jan 2011 16:25:19 -0500 Subject: [Infowarrior] - Renault Espionage Gained No Key Secrets, Official Says Message-ID: <49996F0C-E9E3-4108-8059-8C374BF1AFE8@infowarrior.org> January 8, 2011 Renault Espionage Gained No Key Secrets, Official Says By DAVID JOLLY http://www.nytimes.com/2011/01/09/business/global/09renault.html PARIS ? A top executive at Renault said over the weekend that ?nothing critical? appeared to have been stolen from the automaker?s electric vehicle program in an industrial espionage case that prompted the company to suspend three executives this week. A French official, meanwhile, sought to play down the possibility of Chinese involvement in the matter, saying the government would wait for the results of an investigation. In an interview published Saturday in the French newspaper Le Monde, Patrick Pelata, Renault?s chief operating officer, said that an internal investigation that began in August had led the company to conclude it was the target of ?a system organized to collect economic, technological and strategic information to serve interests abroad.? That system, he said, involved the three executives suspended on Monday. No one has been charged, but the company?s top lawyer said Wednesday that legal action was ?inevitable.? Renault has not identified the executives, though it said one was a member of the management committee. The internal investigation showed that ?not the smallest nugget of technical or strategic information on the innovation plan has filtered out of the enterprise,? Mr. Pelata said, ?including the nearly 200 patents for which we have applied or are in the process of applying. Those concern, in particular, electrode chemistry, battery architecture, assembly, charging and the motor itself.? ?We are serene,? Mr. Pelata told the newspaper. ?Nothing critical seems to have gotten out.? On Friday, Bernard Carayon, a member of President Nicolas Sarkozy?s U.M.P. party and head of the Parliament?s economic intelligence working group, said ?several, usually reliable sources? within the French government believed that a Chinese intermediary was behind the episode. On Saturday morning, though, Eric Besson, the French industry minister, told Europe 1 radio ?at this stage, I can?t say? whether Chinese interests were involved. ?Only a full investigation could tell,? he added. French officials may be wary of antagonizing Beijing at a time when French industry is counting on exports to the Chinese market to keep its economy growing. European Union officials have also welcomed China?s recent expressions of support for the embattled euro. On Thursday, Mr. Besson described the case as ?economic warfare.? In the Le Monde interview, Mr. Pelata also said a Renault project with the French Atomic Energy Commission to develop ?the battery of the future? was not affected. ?In short, we intervened in time,? he said, though information about the architecture of the electric vehicles, the program costs and the business plan might have leaked. As for who was behind the attempt on its secrets, Mr. Pelata said, ?Renault is the victim of an organized international network.? Under Carlos Ghosn, Renault and its partner Nissan Motor, of which it owns about 44 percent, are investing 4 billion euros ($5.16 billion) to develop electric cars, putting the alliance at the forefront of the industry push into the technology. Mr. Ghosn is chief executive of both companies. Nissan and Renault both declined to comment. The lawyer for Mathieu Tenenbaum, one of the executives facing the accusations, said late Friday that his client was ?stupefied? that the company was accusing him of industrial espionage and that he denied the charge. From rforno at infowarrior.org Sat Jan 8 17:02:55 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 8 Jan 2011 18:02:55 -0500 Subject: [Infowarrior] - OpEd: The "Lock and Load" Rhetoric of American Politics Isn't Just a Metaphor Message-ID: <98A8D3F0-CC28-4E64-A95B-BBB045EEDE94@infowarrior.org> The last paragraphi is particularly relevant, I think. ---- rick The "Lock and Load" Rhetoric of American Politics Isn't Just a Metaphor Marty Kaplan http://www.huffingtonpost.com/marty-kaplan/gabrielle-giffords-shooting_b_806232.html I'm not saying that putting a bullseye on Arizona Democrat Rep. Gabrielle Giffords' congressional race - as Sarah Palin did - was an explicit or intentional invitation to violence. Nor am I saying that the "Get on Target for Victory" events held by the guy Giffords beat - "Help remove Gabrielle Giffords from office Shoot a fully automatic M16 with Jesse Kelly" - was the reason her assassin went after her. This tragedy is still unfolding, and the questions of motive and incitement will be argued about for a long time to come. But I am saying that the "lock and load"/"take up your arms" rhetoric of American politics isn't just an overheated metaphor. For years, the language of sports has dominated political journalism, and discourse about hardball and the horserace and the rest of the macho athletic lexicon has been a factor in the trivialization of our public sphere. This has helped dumb down democracy, making a serious national discussion about anything important too wonky for words. The "second amendment solution," though, does something worse than make politics a branch of entertainment. It makes it a blood sport. I know politics ain't beanbag. But words have consequences, rhetoric shapes reality, and much as we like to believe that we are creatures of reason, there is something about our species' limbic system and lizard brainstems that makes us susceptible to irrational fantasies. If you're worried that violent video games may make kids prone to bad behavior; if you think that mysogenic and homophobic rap lyrics are dangerous to society; if you believe that a nipple in a Superbowl halftime show is a threat to our moral fabric - then surely you should also fear that the way public and media figures have framed political participation with shooting gallery imagery is just as potentially lethal. From rforno at infowarrior.org Sat Jan 8 23:58:47 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 9 Jan 2011 00:58:47 -0500 Subject: [Infowarrior] - Researchers Hack Internet Enabled TVs, Discover Multiple Security Vulnerabilities Message-ID: <61FE8F0A-5335-4F5D-A58E-55432FF6E9F4@infowarrior.org> Researchers Hack Internet Enabled TVs, Discover Multiple Security Vulnerabilities By Mike Lennon on Jan 03, 2011 Internet TVs - The Latest Attack Vector: Researchers Hack Internet Enabled TVs, Discover Multiple Security Vulnerabilities http://www.securityweek.com/researchers-hack-internet-enabled-tvs-discover-multiple-security-vulnerabilities?fb Was your home lucky enough to get a new Internet enabled TV over the holidays? If so, you?re probably quite excited and enjoying the features of your new digital media hub while you sit back and sip on some eggnog or hot chocolate from your couch ? which you should. But you may also want to be careful, as Internet TVs could be the newest avenue for cybercriminals to infiltrate your home or business. (I know, more FUD from a security vendor, but this is actually interesting stuff and they were able to show us how it was done) Security researchers have discovered several security flaws in one of the best-selling brands of Internet-connected HDTVs, and believe it?s likely that similar security flaws exist in other Internet TVs. During the course of its research, Mocana, the security firm that discovered the flaws, demonstrated that the TV?s Internet interface failed to confirm script integrity before scripts were run. As a result, an attacker could intercept transmissions from the television to the network using common ?rogue DNS?, ?rogue DHCP server?, or TCP session hijacking techniques. Mocana was able to demonstrate that JavaScript could then be injected into the normal datastream, allowing attackers to obtain total control over the device's Internet functionality. This attack could render the product unusable at important times and extend or limit its functionality without the manufacturer?s permission. More importantly, however, this same mechanism could be used to extract sensitive credentials from the TV?s memory, or prompt the user to fill out fake online forms to capture credit card information. (Mocana did issue a technical report on the details of the security vulnerabilities which is available here - short registration required) Additionally, researchers were able to recover the manufacturer?s private ?third-party developer keys? from the television, because in many cases, these keys were transmitted unencrypted and ?in the clear.? Many third-party search, music, video and photo-sharing services delivered over the Internet require such keys, and a big TV manufacturer often purchases high-volume ?special? access privileges to these service provider?s networks. A hacker could potentially employ these keys, for example, to access these high-volume services at no charge (or at least, on the TV manufacturer?s bill). The developer keys identified during their review, with the run- time ability to obtain other authenticators as described elsewhere in their report include: Pandora Request - Key: dc7fb2c483dabd96d641e50676e49ec09d20fd3913543b088684ff488ec4 e82a Pandora Sync Time - Key: e387bc2b437de156b999878a28be18389d20fd3913543b088684ff488ec 4e82a Google YouTube - Key: AI39si7jB9CE4nuJ3u1PT0-XJwSjZJ3WwJWV2YVHwZxmKvI-2U7gMDc0cQCw0Nc7GOx CLObL3NSnY9AkJ5wKU_0KUmo_7BFMKA The Weather Channel - Key: e88d2de8-a740-102c-bafd-001321203584 What can happen as a result of these vulnerabilities? Researchers from Mocana were able to show that attackers may be able to leverage the Internet-connected TVs to hack into a consumer?s home network and potentially: ? Present fake credit card forms to fool consumers into giving up their private information. ? Intercept and redirect Internet traffic to and from the HDTV, which could be used fool consumers into thinking that ?imposter? banking and commerce websites were legitimate. ? Steal and co-op the TV manufacturer?s digital ?corporate credentials? to gain special VIP access to backend services from third-party organizations including popular search engine, video streaming and photo sharing sites. ? Monitor and report on consumers? private Internet usage habits without their knowledge. Mocana said its researchers have met with the manufacturer to help them correct the security flaws and agreed not to disclose the manufacturer?s name until a fix is issued and have thus blocked out the manufacturer name from the vulnerability assessment details. ?Internet connected HDTVs are huge sellers this holiday season. But a lot of manufacturers are rushing Internet-connected consumer electronics to market without bothering to secure them. I think this study demonstrates how risky it is to ?connect first, worry later?, and suggests that consumer electronics companies that might lack internal security expertise should seek it out, before connecting their portfolio of consumer devices to the Internet,? said Adrian Turner, Mocana?s CEO. The flaws Mocana uncovered should raise questions about the security of consumer electronics in general?which manufacturers are scrambling to connect to the Internet, often with little or no security technology on board. Mocana?s researchers felt that while vulnerabilities may vary from brand to brand, it is reasonable to assume that many other IPTVs from many other manufacturers share similar problems. ?While much public discussion is currently focused on the recent explosion of smartphones, what?s not being talked about is that fact that the vast majority of new devices coming onto the Internet aren?t phones at all: they are devices like television sets, industrial machines, medical devices and automobiles ? devices representing every conceivable industry. And the one thing that all these manufacturers have in common is that, unlike the computing industry, they don?t have deep experience in security technology,? added Turner. Market research firm DisplaySearch, predicted that over 40 million Internet-accessible TVs were shipped worldwide in 2010 and that this number will grow to 118 million global shipments by 2014. Mocana recommends that consumers be careful, until such devices are tested and certified safe in a systematic way. From rforno at infowarrior.org Sun Jan 9 09:28:25 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 9 Jan 2011 10:28:25 -0500 Subject: [Infowarrior] - Fallows: The Cloudy Logic of 'Political' Shootings Message-ID: The Atlantic Home Sunday, January 9, 2011 http://www.theatlantic.com/politics/archive/2011/01/the-cloudy-logic-of-political-shootings/69147/ The Cloudy Logic of 'Political' Shootings By James Fallows Jan 8 2011, 7:36 PM ET After this horrible news from Tucson.... ... let me amplify something I said half-coherently in a live conversation with Guy Raz on All Things Considered a little while ago. My intended point was: Shootings of political figures are by definition "political." That's how the target came to public notice; it is why we say "assassination" rather than plain murder. But it is striking how rarely the "politics" of an assassination (or attempt) match up cleanly with the main issues for which a public figure has stood. Some killings reflect "pure" politics: John Wilkes Booth shooting Abraham Lincoln, the German officers who tried to kill Hitler and derail his war plans. We don't know exactly why James Earl Ray killed Martin Luther King, but it must have had a lot to do with civil rights. There is a longer list of odder or murkier motives: - Leo Ryan, the first (and, we hope, still the only) Representative to be killed in the line of duty, was gunned down in Guyana in 1978 for an investigation of the Jim Jones/Jonestown cult, not any "normal" political issue. - Sirhan Sirhan horribly transformed American politics by killing Robert F. Kennedy in 1968, but Sirhan's political causes had little or nothing to do with what RFK stood for to most Americans. - So too with Arthur Bremer, who tried to kill George C. Wallace in 1972 and left him paralyzed. - The only known reason for John Hinckley's shooting of Ronald Reagan involves Jodie Foster. - It's not often remembered now, but Manson family member Lynette "Squeaky" Fromme tried to shoot Gerald Ford, again for reasons that would mean nothing to most Americans of that time. - When Harry Truman was shot at (and a policeman was killed) on the sidewalk outside the White Blair House, the attackers were concerned not about Cold War policies or Truman's strategy in Korea but about Puerto Rican independence. - The assassinations of William McKinley and James Garfield were also "political" but not in a way that matched the main politics of that time. The list could go on. So the train of logic is: 1) anything that can be called an "assassination" is inherently political; 2) very often the "politics" are obscure, personal, or reflecting mental disorders rather than "normal" political disagreements. But now a further step, 3) the political tone of an era can have some bearing on violent events. The Jonestown/Ryan and Fromme/Ford shootings had no detectable source in deeper political disagreements of that era. But the anti-JFK hate-rhetoric in Dallas before his visit was so intense that for decades people debated whether the city was somehow "responsible" for the killing. (Even given that Lee Harvey Oswald was an outlier in all ways.) That's the further political ramification here. We don't know why the Tucson killer did what he did. If he is like Sirhan, we'll never "understand." But we know that it has been a time of extreme, implicitly violent political rhetoric and imagery, including SarahPac's famous bulls-eye map of 20 Congressional targets to be removed -- including Rep. Giffords. It is legitimate to discuss whether there is a connection between that tone and actual outbursts of violence, whatever the motivations of this killer turn out to be. At a minimum, it will be harder for anyone to talk -- on rallies, on cable TV, in ads -- about "eliminating" opponents, or to bring rifles to political meetings, or to say "don't retreat, reload." Meanwhile condolences on this tragedy, and deepest hopes for the recovery of all who still have a chance. From rforno at infowarrior.org Sun Jan 9 15:17:19 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 9 Jan 2011 16:17:19 -0500 Subject: [Infowarrior] - Suspect charged in congresswoman's attack Message-ID: Suspect charged in congresswoman's attack TUCSON, Ariz. ? Rep. Gabrielle Giffords was in critical condition Sunday as investigators filed five charges against the man suspected in the shooting rampage that killed six and injured 14. Jared Loughner is charged with one count of attempted assassination of member of Congress, two counts of killing an employee of the federal government and two counts of attempting to killing a federal employee. Heather Williams, the first assistant federal public defender in Arizona, says the 22-year-old suspect doesn't yet have a lawyer, but that her office is working to get a lawyer appointed for Loughner. FBI Director Robert Mueller, who was sent by Attorney General Eric Holder to Arizona to help coordinate the investigation, said the shooter's motive was still unknown. Investigators say they seized evidence suggesting Loughner planned ahead. Investigators said they carried out a search warrant at the suspect's home and seized an envelope from a safe with messages such as "I planned ahead," "My assassination" and the name "Giffords" next to what appears to be the man's signature. Court documents also show that Loughner had contact with Giffords in the past. Other evidence included a letter addressed to him from Giffords' congressional stationery in which she thanked him for attending a "Congress on your Corner" event at a mall in Tucson in 2007. Authorities don't know his motive, but said he targeted Giffords at a public gathering around 10 a.m. Saturday outside a busy Tucson supermarket. < - > http://www.msnbc.msn.com/id/40988567/ns/us_news-crime_and_courts/ From rforno at infowarrior.org Sun Jan 9 15:21:17 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 9 Jan 2011 16:21:17 -0500 Subject: [Infowarrior] - Vodafone Customer Database Breached Message-ID: Vodafone says security breach a 'one-off' Updated Sun Jan 9, 2011 6:21pm AEDT http://www.abc.net.au/news/stories/2011/01/09/3109168.htm Vodafone has confirmed it believes its secure customer database has been breached by an employee or dealer who has shared the access password, revealing the personal details of millions of customers. Vodafone chief executive, Nigel Dews, says he became aware the password to the online portal had been shared when the company was tipped-off on Saturday by a newspaper reporter. He says an internal investigation is underway to work out who breached the system and how. Passwords will also be reset. Mr Dews says a full report will be delivered to him on Monday, but at this stage, he does not believe it is a widespread problem. "It appears to have been a one-off incident, but we are investigating that thoroughly now and we will have a much better picture of that in the next 24 to 48 hours," he said. "We take this data security issue very seriously. "It's very important that we uphold the highest standards of data integrity for our customers." Mr Dews says he is not concerned about the future of the brand despite the company also facing a class action over reception and service issues. "As long as we look after our customers' data, our brand will certainly recover from this," he said. "I'm not concerned about the brand at the moment, I'm mostly concerned about making sure our customers' records are safe. "And that's why we're resetting those passwords every 24 hours. "We want to make sure that our customers can feel as safe and secure while they're on Vodafone." According to Fairfax newspapers, criminal groups are paying for the private information of some customers including home addresses and credit card details. Others have also obtained logins to check their spouses' communications. The details are reportedly accessible from any computer because they are kept on an internet site rather than Vodafone's internal system. Mobile phone dealers have also admitted that anyone with full access to the system can look up a customer's bills and m From rforno at infowarrior.org Sun Jan 9 16:38:47 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 9 Jan 2011 17:38:47 -0500 Subject: [Infowarrior] - Iceland summons US envoy over WikiLeaks probe Message-ID: Iceland summons US envoy over WikiLeaks probe January 9, 2011 By RAPHAEL G. SATTER , Associated Press http://www.physorg.com/news/2011-01-iceland-summons-envoy-wikileaks-probe.html (AP) -- The American ambassador to Reykjavik has been summoned to explain why U.S. investigators are trying to access the private details of an Icelandic lawmaker's online activity as they try to build a criminal case against WikiLeaks. Revelations that the U.S. Justice Department obtained a court order to examine data held by Twitter Inc. on Birgitta Jonsdottir, an Icelandic parliamentarian who sits on the country's Foreign Affairs Committee, immediately caused consternation in the tiny North Atlantic nation. "(It is) very serious that a foreign state, the United States, demands such personal information of an Icelandic person, an elected official," Interior Minister Ogmundur Jonasson told Icelandic broadcaster RUV. "This is even more serious when put (in) perspective and concerns freedom of speech and people's freedom in general," he added. Jonsdottir is a one-time WikiLeaks collaborator also known for her work on Iceland's media initiative, which aims to turn the island nation into a free speech haven. Jonsdottir told The Associated Press she was too overwhelmed to comment Sunday, but in a recent post to Twitter, she said she was talking with American lawyers about how to beat the order - and was drumming up support in Iceland as well. U.S. Ambassador Luis E. Arreaga has been summoned for a meeting at Iceland's Foreign Ministry to discuss the issue, Foreign Ministry spokeswoman Urdur Gunnarsdottir said Sunday. It was not clear when the meeting was taking place. U.S. Embassy in Reykjavik said no one there would be available for comment until Monday. The evolving diplomatic spat illustrates the challenge American prosecutors face as they weigh whether to bring charges against WikiLeaks, an international, tech-savvy operation that has angered and embarrassed Washington with a series of huge leaks of classified information. The most recent disclosure of thousands of secret State Department cables saw U.S. diplomats being ordered to gather the DNA and fingerprints of their international counterparts, captured backroom dealing over issues such as Guantanamo and rendition, and publicized unflattering assessments of friends and foes alike. The U.S. says the disclosures have damaged international diplomacy and put the safety of informants and foreign human rights activists at risk. WikiLeaks has dismissed the claims, but Washington has been trying to find a way to prosecute the group and its leader, 39-year-old Julian Assange, who is currently in England. A court order unsealed earlier this week revealed that American authorities had gone to court to seek data from Twitter about Assange, Jonsdottir, and others either known or suspected to have interacted with WikiLeaks. Some of those named in the court order have said they suspect other companies - such as Facebook Inc., Google Inc., and the eBay Inc.-owned Internet communications company Skype - have also been secretly asked to hand over their personal data. Assange and Jonsdottir have vowed to fight the court order. ?2010 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed. From rforno at infowarrior.org Mon Jan 10 05:50:48 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 10 Jan 2011 06:50:48 -0500 Subject: [Infowarrior] - In WikiLeaks fight, U.S. journalists take a pass Message-ID: <9A30A2CB-A582-48DB-BB8A-63471039C237@infowarrior.org> Posted on Sunday, January 9, 2011 In WikiLeaks fight, U.S. journalists take a pass By Nancy A. Youssef | McClatchy Newspapers http://www.mcclatchydc.com/2011/01/09/106445/in-wikileaks-fight-us-journalists.html WASHINGTON ? Not so long ago, WikiLeaks founder Julian Assange could count on American journalists to support his campaign to publish secret documents that banks and governments didn't want the world to see. But just three years after a major court confrontation that saw many of America's most important journalism organizations file briefs on WikiLeaks' behalf, much of the U.S. journalistic community has shunned Assange ? even as reporters write scores, if not hundreds, of stories based on WikiLeaks' trove of leaked State Department cables. Some call him a traitor, responsible for what's arguably one of the biggest U.S. national security breaches ever. Others say a man who calls for government transparency has been too opaque about how he obtained the documents. The freedom of the press committee of the Overseas Press Club of America in New York City declared him "not one of us." The Associated Press, which once filed legal briefs on Assange's behalf, refuses to comment about him. And the National Press Club in Washington, the venue less than a year ago for an Assange news conference, has decided not to speak out about the possibility that he'll be charged with a crime. With a few notable exceptions, it's been left to foreign journalism organizations to offer the loudest calls for the U.S. to recognize WikiLeaks' and Assange's right to publish under the U.S. Constitution's First Amendment. Assange supporters see U.S. journalists' ambivalence as inviting other government efforts that could lead one day to the prosecution of journalists for doing something that happens fairly routinely now ? writing news stories based on leaked government documents. "Bob Woodward has probably become one of the richest journalists in history by publishing classified documents in book after book. And yet no one would suggest that Bob Woodward be prosecuted because Woodward is accepted in the halls of Washington," said Glenn Greenwald, a lawyer and media critic who writes for the online journal Salon.com. "There is no way of prosecuting Julian Assange without harming investigative journalism." Woodward, who rose to fame by exposing the Watergate conspiracy that forced President Richard Nixon from office, told a Yale University law school audience in November that WikiLeaks' "willy-nilly" release of documents was "madness" and would be "fuel for those who oppose disclosure." But that appearance came before U.S. Attorney General Eric Holder launched a criminal probe against Assange. Woodward didn't respond to e-mails seeking comment. Woodward's newspaper, The Washington Post, however, is one of the few that's editorialized against prosecuting Assange. "The government has no business indicting someone who is not a spy and who is not legally bound to keep its secrets," the Post said. Assange increasingly has presented himself as a journalist in the weeks since Holder's threat to bring charges. He's the website's editor, and WikiLeaks publishes editorials. Few could argue that WikiLeaks didn't perform journalistic functions in April when it released video taken from an Army helicopter of a 2007 incident where Army pilots fired on civilians in Baghdad, killing 17 Iraqis, including two employees of the Reuters news agency, and wounding two children. In addition to editing and captioning the video, WikiLeaks interviewed the Iraqi families about the incident. The release of the video, which Reuters had sought for years but had been denied, was widely covered by U.S. news organizations. U.S. journalists have been far less zealous about WikiLeaks, however, in the ensuing months, as the Obama administration has mounted increasingly vocal attacks on the organization over three batches of leaked U.S. documents ? military logs of events from the war in Afghanistan, including the names of Afghans who'd cooperated with the U.S.; initial incident reports from throughout the Iraq War; and most recently, thousands of diplomatic cables. The problem with speaking up for WikiLeaks now, said Lucy Dalglish, the executive director of the Reporters Committee for Freedom of the Press, one of the country's most prominent defenders of press freedom and one of the groups that backed WikiLeaks in its 2008 court case, is that she doesn't consider Assange to be a journalist. Assange, she said, "has done some things that journalists do, but I would argue that what the New York Times does is more journalism. They vet the information. . . . They consider outside sources. They take responsibility. They publicly identify themselves. . . .They do some value added. They do something original to it," Dalglish said. She added that part of her hesitation to back Assange is that the public knows so little about him and how he acquires information. WikiLeaks "takes secrets. But they are secretive. We don't know who they are. I think one thing journalists pride themselves on is transparency. I think people are a little apprehensive because he was releasing information last summer he had an agenda to bring down the U.S. government," she said. "I think that makes people reluctant to jump into making a statement." Greenwald rejects that argument. He noted that U.S. journalists often don't reveal their sources or how they gather information for stories. Greenwald said he thinks journalists aren't rallying to defend WikiLeaks because it has no building, no ties to the U.S. and doesn't feel obliged to consult with the U.S. government before publishing. The issue, he said, is that American journalists too often befriend the government and seek its approval for their work. Besides, he said, the Constitution protects everyone's right to publish. "What matters is the activity itself and not who the person is. Bob Woodward is no more entitled to publish classified information than some random person out of the phone book," Greenwald said. Greenwald's position is echoed by Joel Simon, the executive director of the New York-based Committee to Protect Journalists, another prominent U.S. advocacy group that's made one of the rare public arguments against prosecuting Assange. Simon said he and his colleagues had an extensive debate about whether to speak up. In the end, they determined that debating whether Assange is a journalist is irrelevant. "If he is prosecuted, it will be because he is a journalist," Simon said. The group sent a letter to Holder on Dec. 17 urging him not prosecute Assange, warning that it could have a chilling effect around the world. "There is a commonality of purpose," Simon said in an interview. "The function of WikiLeaks is to take information, particularly classified information, and distribute it to the public. From a legal perspective, it is essentially a journalistic function. We have to respond when there is a threat to journalism." The current situation even has split former allies in the battle over press freedom. Daniel Ellsberg, who leaked the Pentagon Papers to The New York Times in 1971, has come out strongly in support of WikiLeaks. But Floyd Abrams, who was the Times' attorney in its fight against the Nixon administration's efforts to block publication, has taken the opposite position. In an opinion piece in the Wall Street Journal, Abrams noted that Ellsberg himself kept secret four volumes of the classified Pentagon history that became the Pentagon papers because he feared they'd harm diplomatic efforts to end the Vietnam War. Abrams said WikiLeaks' publication of so much secret material could lead to tougher restrictions for U.S. journalists. "His activities have already doomed proposed federal shield-law legislation protecting journalists' use of confidential sources in the just-adjourned Congress," Abrams wrote. "An indictment of him could be followed by the judicial articulation of far more speech-limiting legal principles than currently exist with respect to even the most responsible reporting about both diplomacy and defense." And if Assange isn't indicted or is acquitted of any charges, Abrams warned, Congress might pass "new and dangerously restrictive legislation." There was no such debate in February 2008, when 12 journalism organizations, including the Associated Press and Reporters Committee for the Freedom of the Press, filed a brief on behalf of WikiLeaks and its domain register, Dynadot, in a case brought by a Swiss bank, Bank Julius Baer. The bank filed the suit after WikiLeaks published hundreds of private documents on a land deal that suggested money laundering and tax evasion. It asked a U.S. district judge in California to enjoin WikiLeaks from publishing the documents and order Dynadot to stop hosting its website. The judge agreed, but quickly reversed his order after the U.S. journalism organizations weighed in, calling the decision an affront to the First Amendment and WikiLeaks' right to publish. The Justice Department now appears serious about building a case against Assange, though it remains unclear which law he violated ? officials acknowledge that the Espionage Act of 1917 has never been used to prosecute anyone for publication of secret documents. Last month, a U.S. magistrate in Alexandria, Va., issued a secret subpoena ordering the Twitter online messaging service to turn over all information it has about five of its users, including Assange and Army Pfc. Bradley Manning, 23, the one-time Baghdad-based intelligence analyst accused of unauthorized downloading of the hundreds of thousands of classified U.S. government documents WikiLeaks is now publishing. The subpoena was unsealed Wednesday after Twitter said it intended to notify each of the account holders that their records had been sought and became public on Friday, when one of those account holders told The Guardian newspaper in London. In addition to Assange's and Manning's, the targeted accounts include those of an Icelandic member of parliament and two computer programmers. WikiLeaks, however, argued in a "tweet" posted Saturday that the records of all 670,000 of its Twitter "followers" are subject to the subpoena because it demands information about outgoing messages from the WikiLeaks account. Dalglish said her organization might reconsider its silence if the U.S. files a criminal case against Assange. That will depend, she said, on a determination of the case's potential threat to journalism. Alan Bjerga, the president of the National Press Club, said his organization also might take a stand depending on what the Justice Department does. "The National Press Club is always concerned about any government action that would harm the ability of journalists to do their work, and any action against Julian Assange that would impede journalists is one we would oppose," he said in an e-mail Saturday. "It is difficult at this time to comment on the specifics of a case the government has yet to make." Until then, it's fallen largely to foreign-based journalism organizations to defend WikiLeaks. In August, Paris-based Reporters without Borders wrote a letter condemning Assange for publishing the names of Afghan informants, saying it could endanger lives. But it decided last month to provide a mirror site to WikiLeaks' website after the WikiLeaks site came under attack. The change came after lengthy discussion ? and because WikiLeaks has since been more cautious about redacting the documents it posts. "We think WikiLeaks is doing a public service," said Clothilde Le Coz, who directs the group's Washington office. The idea of America, heralded as a beacon of press freedom internationally, prosecuting someone for publishing secret documents would have a chilling effect throughout the world, the Australian Newspaper Editors group wrote in a letter to Australian Prime Minister Julia Gillard, whose government also is considering charges against Assange, who's an Australian citizen. "Any such action would impact not only on WikiLeaks, but every media organization in the world that aims to inform the public about decisions made on their behalf," the organization said in its Dec. 15 letter. "It is the media's duty to responsibly report such material if it comes into their possession. To aggressively attempt to shut WikiLeaks down, to threaten to prosecute those who publish official leaks, and to pressure companies to cease doing commercial business with WikiLeaks, is a serious threat to democracy, which relies on a free and fearless press." From rforno at infowarrior.org Mon Jan 10 11:35:36 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 10 Jan 2011 12:35:36 -0500 Subject: [Infowarrior] - Court won't block suit vs. RIAA for digital price fixing Message-ID: <2EDC250D-A508-4DCF-9C31-82BEF50B4A6B@infowarrior.org> Court won't block suit vs. RIAA for digital price fixing updated 11:50 am EST, Mon January 10, 2011Supreme Court drops review of digital music suit http://www.electronista.com/articles/11/01/10/supreme.court.drops.review.of.digital.music.suit/ The US Supreme Court later on Monday declined to review a lawsuit accusing RIAA music labels of price fixing for digital music. Officials cleared the lawsuit to go ahead after an appeal brought back the case, which had initially been dismissed in 2008. No comment accompanied the decision to uphold the appeal and the case. The lawsuit by Kevin Starr claimed that EMI, Sony, Universal and Warner all colluded on choosing a 70-cent wholesale price for music, even when stores like eMusic were selling tracks for less. Such pricing has usually been responsible for the most common 99-cent pricing on iTunes, Amazon MP3 and most other US music stores. Variable pricing came about in return for selling all tracks DRM-free but also follows a near-unform price across the industry, ranging from 69 cents for old titles to $1.29 for popular singles. Labels had tried to shoot down the lawsuit by arguing that the case hadn't provided enough facts to go ahead with the lawsuit before either a possible summary judgment in favor of one side or else a full trial. Attorneys supporting Starr's side of the case countered that the appeal had won based on Supreme Court precedents for what constituted a sufficient case. The lawsuit if successful would at least punish labels but could also lead to more varied and possibly lower pricing on Internet music stores instead of having uniform pricing. Apple has asked for uniform pricing to provide a consistent experience, but usually on its own terms. Amazon has been willing to sell music at lower prices but takes a loss on many sales to try and inflate its market share. From rforno at infowarrior.org Mon Jan 10 17:25:45 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 10 Jan 2011 18:25:45 -0500 Subject: [Infowarrior] - =?windows-1252?q?Record_Labels_To_Pay_=2445_Milli?= =?windows-1252?q?on_for_Pirating_Artists=92_Music?= Message-ID: Record Labels To Pay $45 Million for Pirating Artists? Music Written by Ernesto on January 10, 2011 http://torrentfreak.com/record-labels-to-pay-45-million-for-pirating-artists-music-110110/ The major record labels are known for their harsh stance on copyright infringements, which in an ironic turn of events is now costing them millions of dollars. Revealing a double standard when it comes to ?piracy?, Warner Music, Sony BMG Music, EMI Music and Universal Music now have to pay Canadian artists $45 Million for the illegal use of thousands of tracks on compilation CDs. It is no secret that the major record labels have a double standard when it comes to copyright. On the one hand they try to put operators of BitTorrent sites in jail and ruin the lives of single mothers and students by demanding hundreds of thousands of dollars in fines, and on the other they sell CDs containing music for which they haven?t always cleared the rights. This happens worldwide and more frequently than one would think. Over the years the labels have made a habit of using songs from a wide variety of artists for compilation CDs without securing the rights. They simply use the recording and make note of it on ?pending list? so they can deal with it later. This has been going on since the 1980s and since then the list of unpaid tracks (or copyright infringements) has grown to 300,000 in Canada alone. This questionable practice has been the subject of an interesting Canadian class action lawsuit which was started in 2008. A group of artists and composers who grew tired of waiting endlessly for their money filed a lawsuit against four major labels connected to the CRIA, the local equivalent of the RIAA. Warner Music, Sony BMG Music, EMI Music and Universal Music were sued for the illegal use of thousands of tracks and risked paying damages of up to $6 billion. Today the news broke that the two parties have agreed upon a settlement, where the record labels are required to pay $45 million to settle the copyright infringement claims. During the case the labels were painfully confronted with their own double standard when it comes to copyright infringement. ?The conduct of the defendant record companies is aggravated by their strict and unremitting approach to the enforcement of their copyright interests against consumers,? the artists argued in their initial claim for damages. Of course, the labels are not so quick to admit their wrongdoing and in their press release the settlement is described as a compromise. ?The settlement is a compromise of disputed claims and is not an admission of liability or wrongdoing by the record labels,? it reads. David Basskin, President and CEO of one of the major Canadian licensing collectives, was nonetheless happy with the outcome. ?This agreement with the four major labels resolves all outstanding pending list claims. EMI, Sony, Universal and Warner are ensuring that the net result is more money for songwriters and music publishers. It?s a win for everyone,? he said. The major issues that led to this dispute are not resolved though. After paying off a small part of their debt the labels can continue to ?pirate? artists? music as usual, using their work and placing the outstanding payments on a pending list for decades. A real solution would require the licensing system to change, and that?s not likely to happen anytime soon. From rforno at infowarrior.org Mon Jan 10 17:30:47 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 10 Jan 2011 18:30:47 -0500 Subject: [Infowarrior] - `Band of Brothers' inspiration Winters dies at 92 Message-ID: <77686551-CA5E-4620-9EE1-5C0C1CB17502@infowarrior.org> `Band of Brothers' inspiration Winters dies at 92 By RON TODT, Associated Press Ron Todt, Associated Press 23 mins ago http://news.yahoo.com/s/ap/20110110/ap_on_en_tv/us_obit_winters/print PHILADELPHIA ? Even as Parkinson's disease began taking its toll on Dick Winters, who led his "Band of Brothers" through some of World War II's fiercest European battles, the unassuming hero refused, as always, to let his men down. Friends accompanied him to public events, subtly clearing a path through the adoring crowds for the living legend, whose Easy Company's achievements were documented by a book and HBO miniseries. His gait had grown unsteady, and he did not want to be seen stumbling. Winters "didn't want the members of Easy Company to know," William Jackson said Monday of his longtime friend, who died last week at age 92. "Right up to the end, he was the company commander." An intensely private and humble man, Winters had asked that news of his death be withheld until after his funeral, Jackson said. Winters lived in Hershey, Pa., but died in an assisted-living center in neighboring Palmyra. The men Winters led through harrowing circumstances and under fire from the German army never let the toll of time dull their own admiration for their commander. "When he said `Let's go,' he was right in the front," William Guarnere, 88, and dubbed "Wild Bill" by his comrades, said Sunday night from his south Philadelphia home. "He was never in the back. A leader personified." Another member of the unit living in Philadelphia, Edward Heffron, 87, called Winters "one hell of a guy, one of the greatest soldiers I was ever under." "He was a wonderful officer, a wonderful leader," said Heffron, who had the nickname "Babe" in the company. "He had what you needed: Guts and brains. He took care of his men, that's very important." Winters was born Jan. 21, 1918, and studied economics at Franklin & Marshall College before enlisting, according to a biography on Penn State's website. Winters became the leader of Company E, 506th Regiment, 101st Airborne Division, on D-Day after the death of the company commander during the invasion of Normandy. During that invasion, Winters led 13 of his men in destroying an enemy battery and obtained a detailed map of German defenses along Utah Beach. In September 1944, he led 20 men in a successful attack on a German force of 200 soldiers. Occupying the Bastogne area of Belgium at the time of the Battle of the Bulge, he and his men held their place until the Third Army broke through enemy lines, and Winters shortly afterward was promoted to major. "His leadership example both on and off the battlefield will continue to inspire `Screaming Eagle' soldiers for years to come," said Lt. Col. Patrick Seiber, a spokesman for the 101st Airborne Division, currently deployed to Afghanistan. "His principles for success on the battlefield are timeless, as they are as critical today in Afghanistan as they were on `Fortress Europe' during World War II." After returning home, Winters married his wife, Ethel, in May 1948, and trained infantry and Army Ranger units at Fort Dix in New Jersey during the Korean War. He started a company selling livestock feed to farmers, and he and his family eventually settled in a farmhouse in Hershey, where he later retired. Historian Stephen Ambrose interviewed Winters for the 1992 book "Band of Brothers," upon which the HBO miniseries that began airing in September 2001 was based. The miniseries followed Easy Company from its training in Georgia all the way to the war's end in May 1945. Its producers included actor Tom Hanks and Steve Spielberg. Damian Lewis portrayed Winters. "Dick Winters was at the Vanguard of representing `The Greatest Generation' in bringing honor to all his Band of Brothers when he collaborated with Tom Hanks, Stephen Ambrose and me in the mounting of our tribute series," Spielberg said in a statement. "He would not have wanted this credit. He would have simply asked all of us to never forget how his generation served this nation and the world in WWII." Winters himself published a memoir in 2006 titled "Beyond Band of Brothers." In 2009, an exhibit devoted to Winters was dedicated at the Hershey-Derry Township Historical Society. Winters was also the subject of a campaign to raise money to erect a monument in his honor near the beaches of Normandy. Winters talked about his view of leadership for an August 2004 article in American History Magazine. "If you can," he wrote, "find that peace within yourself, that peace and quiet and confidence that you can pass on to others, so that they know that you are honest and you are fair and will help them, no matter what, when the chips are down." When people asked whether he was a hero, he echoed the words of his World War II buddy Mike Ranney: "No, but I served in a company of heroes." "He was a good man, a very good man," Guarnere said. "I would follow him to hell and back. So would the men from E Company." Arrangements for a public memorial service are pending. ___ Associated Press writers JoAnn Loviglio and Randy Pennell contributed to this report. ___ Online: The Richard Winters Leadership Project: http://easycompany.legacyconnect.com From rforno at infowarrior.org Tue Jan 11 06:24:53 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 11 Jan 2011 07:24:53 -0500 Subject: [Infowarrior] - DISA learns about DMZs. Better late than never, I guess Message-ID: This is the funniest thing I've read in a long time. DISA creates DMZ to boost security on unclassified network http://gcn.com/Articles/2011/01/07/DISA-panel-DOD-DMZ.aspx?p=1 Apart from the fact this article reads like a DISA press release, are they really proud of the fact the agency is rolling out a network DMZ as a security design? Is this so groundbreaking in nature, even by government standards, that it must be spoken of in such awed terms by the quoted DISA representatives? The way they're talking, you'd think they never heard of the DMZ concept in network design until recently and they're thusly excited about the concept. Seriously? Better late than never, I guess. I absolutely howled when the article quotes the DISA CIAE: ".... the DMZ concept ? which he said will be re-named "Project Lightning" because ?DMZ is the worst name possible? ? emerged from combatant commanders? need to take mission risks without putting other commands and leaders at risk." Reading that, I have to wonder if they're worried that some analyst somewhere in DOD or the USG will hear panicked and breathless alerts about how "someone is hitting our DMZ!!!" and think that North Korea was invading the South, thereby sounding the alarm and launching us into World War III. Since the primary other term for "DMZ" involves the geography around the 38th Parallel, after reading that quote, one wonders if this really is meant to avoid operational confusion between Cyber Command and the Korean-American Combined Forces Command. Further, DISA also is standing up the DISA Command Center, intended to "provide continuous oversight of DISA?s network and 13 subordinate regional operations centers." One has to wonder why they haven't had such a capability already given THAT IS THEIR MISSION ... but reading on, one gets the impression this 'new' organisation will be a way for DISA to retain some more bodies/positions/budgets/authorities with the closure of the JTF-GNO last year. (I'm open to comment from anyone more knowledgeable than I about the present DISA.) -- rick infowarrior.org From rforno at infowarrior.org Tue Jan 11 09:59:41 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 11 Jan 2011 10:59:41 -0500 Subject: [Infowarrior] - AP: Meth flourishes despite tracking laws Message-ID: AP IMPACT: Meth flourishes despite tracking laws By JIM SALTER, Associated Press Jim Salter, Associated Press ? Mon Jan 10, 6:41 pm ET http://www.google.com/hostednews/ap/article/ALeqM5iHhoQ0Kc7zuwJDCYkdjkRCwB47Xg ST. LOUIS ? Electronic systems that track sales of the cold medicine used to make methamphetamine have failed to curb the drug trade and instead created a vast, highly lucrative market for profiteers to buy over-the-counter pills and sell them to meth producers at a huge markup. An Associated Press review of federal data shows that the lure of such easy money has drawn thousands of new people into the methamphetamine underworld over the last few years. "It's almost like a sub-criminal culture," said Gary Boggs, an agent at the Drug Enforcement Administration. "You'll see them with a GPS unit set up in a van with a list of every single pharmacy or retail outlet. They'll spend the entire week going store to store and buy to the limit." Inside their vehicles, the so-called "pill brokers" punch out blister packs into a bucket and even clip coupons, Boggs said. At the height of the meth epidemic, several states turned the electronic systems, which allowed pharmacies to check instantly whether a buyer had already purchased the legal limit of pseudoephedrine ? a step that was supposed to make it harder to obtain raw ingredients for meth. But it has not worked as intended. In some cases, the pill buyers are not interested in meth. They may be homeless people recruited off the street or even college kids seeking weekend beer money, authorities say. Because of booming demand created in large part by the tracking systems, they can buy a box of pills for $7 to $8 and sell it for $40 or $50. The tracking systems "invite more people into the criminal activity because the black market price of the product becomes so much more profitable," said Jason Grellner, a detective in hard-hit Franklin County, Mo., about 40 miles west of St. Louis. "Where else can you make a 750 percent profit in 45 minutes?" asked Grellner, former president of the Missouri Narcotics Officers Association. Since tracking laws were enacted beginning in 2006, the number of meth busts nationwide has started climbing again. Some experts say the black market for cold pills contributed to that spike. Other factors are at play, too, such as meth trafficking by Mexican cartels and new methods for making small amounts of meth. The AP reviewed DEA data spanning nearly a decade, from 2000 to 2009, and conducted interviews with a wide array of police and government officials. Meth-related activity is on the rise again nationally, up 34 percent in 2009, the year with the most recent figures. That number includes arrests, seizures of the drug and the discovery of abandoned meth-production sites. The increase was higher in the three states that have electronically tracked sales of medication containing pseudoephedrine since at least 2008. Meth incidents rose a combined 67 percent in those states ? 34 percent in Arkansas, 65 percent in Kentucky and 164 percent in Oklahoma. Supporters of tracking say the numbers have spiked because the system makes it easier for police to find people who participate in meth production. But others question whether the tracking has helped make the problem worse by creating a new class of criminals that police must pursue. In the past, the process of "cooking" meth was often a one-person operation, with producers buying as many cold pills as they needed. Now, with laws that strictly limit purchases and record buyers' names, meth producers recruit friends, acquaintances, strangers and even their own children to buy pills. The process, known as "smurfing," is not entirely new, but it has come into wider practice over the last two to three years as states have sought to limit the availability of pseudoephedrine. Grellner recalled one case where a woman took her 17-year-old daughter out smurfing. When police caught up to them, the mother forced the girl to hide the pills in her vagina. She nearly bled to death in the county jail. Efforts to limit the availability of pseudoephedrine gained momentum in 2005, when Congress passed the Combat Meth Act, which set limits on sales of the decongestant and two other key ingredients used in meth. The law mandated that pills be placed behind the counter, made purchasers show ID and, for the first time, required pharmacies to log each sale. As technology progressed, states took logging a step further. With electronic tracking, buyers' names were entered into statewide databases. Some states link their databases together. The tracking meant that, if customers had purchased their monthly limit of pseudoephedrine, the pharmacist knew instantly, and the sale was refused. In some states, police were notified. Initially, the practice yielded swift results. Meth incidents dropped by nearly two-thirds ? from 18,581 in 2004 to 6,233 in 2007. Oklahoma, which adopted an electronic tracking system in 2006, was heralded as a success story after meth incidents dropped from 699 in 2004 to 93 in 2007. But then meth producers regrouped, largely through more smurfing. And meth-related incidents began climbing again. By 2009, the DEA cited 10,064 meth incidents, a 62 percent rise over the previous two years. Police and federal agents never expected that electronic tracking would actually draw more people into the criminal enterprise surrounding meth. "Law enforcement was surprised," St. Louis County Sgt. Tom Murley said. "People that normally wouldn't cross the line are willing to do so because they think it's such a sweet deal, and because of the economy." Advocates of tracking say the rise in meth incidents indicates success, not failure. "One reason these numbers have gone up is because of law enforcement's ability to track and locate the people producing meth," said Keith Cain, sheriff in Daviess County, Ky. "If we pull the plug on electronic tracking, we lose the ability to see where these labs are at. I fear we would regress 10 years." Ron Fitzwater, CEO of the Missouri Pharmacy Association, agrees. "It's not a perfect system, but we think it will have a major impact that will help law enforcement," Fitzwater said. Meth arrests and lab busts are not the only indicator that use of the drug is on the rise. In September, the annual report from the federal government's Substance Abuse and Mental Health Services Administration showed a 60 percent one-year increase in the number of meth users. Meanwhile, DEA statistics show an increasing amount of meth is arriving from Mexico. Authorities are concerned about the growing popularity of "shake-and-bake" meth, which is made in small amounts by simply mixing ingredients in a two-liter soda bottle. Mark Woodward, a spokesman for the Oklahoma Bureau of Narcotics and Dangerous Drug Control, said the shake-and-bake method sidesteps tracking laws. Meth producers "come in and buy one pack of cold pills and a soda, so they're really not raising any red flags," he said. More than a dozen other states are adopting their own tracking laws or considering doing so. One benefit is the cost, which amounts to virtually nothing for cash-strapped state governments. The pharmaceutical industry has spent several million dollars to fund the tracking systems. For drug makers, that is far cheaper than one alternative ? making the medication available only by prescription. Oregon began requiring a prescription for pseudoephedrine products in 2006. Mississippi became the second state to do so in July, and Missouri's governor is asking lawmakers to follow suit in 2011. If more states do the same, it could be devastating for makers of cold and sinus pills. The pseudoephedrine market is estimated at more than $550 million annually. Opponents of prescription laws say they punish mostly law-abiding consumers for the crimes of a relative few. But many law enforcement officials say it's hard to argue with Oregon's success. The state had 191 meth incidents in 2005, the year before the prescription-only law. By 2009, it had 12. Missouri led the nation in meth incidents in 2009 for the seventh straight year. The state is in the early stages of electronic tracking, but its meth problem is so bad that more than a dozen communities have passed their own prescription laws. Boggs, the DEA agent, didn't take a stand on prescription laws, but said the pill brokers are out of control: "They've created this whole other effort for law enforcement." From rforno at infowarrior.org Wed Jan 12 07:18:32 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 12 Jan 2011 08:18:32 -0500 Subject: [Infowarrior] - Gov RFC: Defense-in-Depth a Smart Investment? Message-ID: <5C1C8A0B-A172-4BFA-8016-1852CA11FC57@infowarrior.org> (The answer, I'm sure, will be "Yes, we need more 'stuff' to ensure protection. Can't have too much 'stuff' protecting us." -- rick) http://cryptome.org/0003/did-cybersec.htm Defense-in-Depth is a Smart Investment for Cyber Security There is a strong and often repeated call for research to provide novel cyber security solutions. The rhetoric of this call is to elicit new solutions that are radically different from existing solutions. Continuing research that achieves only incremental improvements is a losing proposition. We are lagging behind and need technological leaps to get, and keep, ahead of adversaries who are themselves rapidly improving attack technology. To answer this call, we must examine the key assumptions that underlie current security architectures. Challenging those assumptions both opens up the possibilities for novel solutions that are rooted in a fundamentally different understanding of the problem and provides an even stronger basis for moving forward on those assumptions that are well-founded. The SCORE Committee is conducting a series of four workshops to begin the assumption buster process. The assumptions that underlie this series are that cyber space is an adversarial domain, that the adversary is tenacious, clever, and capable, and that re-examining cyber security solutions in the context of these assumptions will result in key insights that will lead to the novel solutions we desperately need. To ensure that our discussion has the requisite adversarial flavor, we are inviting researchers who develop solutions of the type under discussion, and researchers who exploit these solutions. The goal is to engage in robust debate of topics generally believed to be true to determine to what extent that claim is warranted. The adversarial nature of these debates is meant to ensure the threat environment is reflected in the discussion in order to elicit innovative research concepts that will have a greater chance of having a sustained positive impact on our cyber security posture. The first topic to be explored in this series is ?Defense-indepth is a Smart Investment.? The workshop on this topic will be held in the Washington DC area on March 22, 2011. Initially developed by the military for perimeter protection, Defense-in-Depth was adopted by the National Security Agency (NSA) for main-frame computer system protection. The Defense-in-Depth strategy was designed to provide multiple layers of security mechanisms focusing on people, technology, and operations (including physical security) in order to achieve robust information assurance (IA).1 Today?s highly networked computing environments, however, have significantly changed the cyber security calculus, and Defense-in-Depth has struggled to keep pace with change. Over time, it became evident that Defense-in-depth failed to provide information assurance against all but the most elementary threats, in the process putting at risk mission essential functions. The 2009 White House Cyberspace Policy Review called for ?changes in technology? to protect cyberspace, and the 2010 DHS DOD MOA sought to ?aid in preventing, detecting, mitigating and recovering from the effects of an attack?, suggesting a new dimension for Defense-in-depth along the lifecycle of an attack. < -- > http://cryptome.org/0003/did-cybersec.htm From rforno at infowarrior.org Wed Jan 12 09:24:41 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 12 Jan 2011 10:24:41 -0500 Subject: [Infowarrior] - Contest: Rename The DMZ! Message-ID: <22D0CB1D-DCA1-4654-B1B9-D0E047F2F8C6@infowarrior.org> One reader (Paul) responds: "DMZ is the "worst name possible" because it misrepresents what the feature does. The "M" stands for "militarized", which pretty much universally means offensive capabilities. This has been true since at least 1940, and probably before that. A firewall DMZ has no offensive capabilities (and many of us think that is a good thing, given how easy it would be to create false positive hits with spoofed addresses). It took some actual military people to be able to point out the fact that someone in the security community used a cute-sounding name that didn't make actual sense......FWIW, I'm not suggesting I have a better name. The most accurate name I have come up with is "filtered air-gap". When I have used it, however, it has proven confusing to people who don't understand how real-world filters work (that is, most people, given our abysmal science education). Further, the acronym isn't really gonna fly." .... Paul proposes a contest to discover either an accurate and/or catchy name to replace "DMZ" as a security term for this particular item. Sounds like a plan to me. What say you? Responses will be reposted at a later date. -- rick infowarrior.org From rforno at infowarrior.org Wed Jan 12 17:06:28 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 12 Jan 2011 18:06:28 -0500 Subject: [Infowarrior] - The Sun Never Sets on the PATRIOT Act Message-ID: The Sun Never Sets on the PATRIOT Act Posted by Julian Sanchez http://www.cato-at-liberty.org/the-sun-never-sets-on-the-patriot-act/ A year ago, the protracted wrangling in Congress over the re-authorization of several expiring provisions of the PATRIOT ACT made plenty of headlines. Most observers expected the sunsetting powers to be extended, but civil libertarians hoped serious and sorely needed reforms might be part of the package. The House and Senate Judiciary Committees held multiple hearings on the topic, and an array of competing reform and reauthorization bills (PDF) were proposed, adding extra safeguards (of varying stringency) to the greatly expanded surveillance powers Congress had approved in the aftermath of the 9/11 attacks. But Congress had a full plate, and so it punted?approving a straight one-year reauthorization without any modifications at the last minute. (You?d be forgiven for not noticing: The extension passed under the heading of the ?Medicare Physician Payment Reform Act.?) As I noted in December, however, the Justice Department has promised Congress that it will voluntarily adopt some of the measures that had been floated in those reform bills?which would be a fine thing in itself, but I worried that the move seemed calculated to reduce the impetus for binding legislation. Well, I?ve just noticed?quite serendipitously, as there doesn?t appear to have been a whisper in the press?that the new House Intelligence Committee Chair, Mike Rogers (R-Mich.), has introduced yet another one-year extension, which would push the sunset of the expiring provisions back to the end of February 2012. Given the very limited number of days Congress has in session before the current deadline, and the fact that the bill?s Republican sponsor is only seeking another year, I think it?s safe to read this as signaling an agreement across the aisle to put the issue off yet again. (I?ve asked Rogers?s office for a comment and will update this post if I hear back.) In the absence of a major scandal, though, it?s hard to see why we should expect the incentives facing legislators to be vastly different a year from now. Heck, we?ve had a pretty big scandal involving the misuse of National Security Letter powers, but even right on the heels of the Inspector General?s report documenting those abuses, the mildest reforms proffered last year died on the vine. I?d love to be proven wrong, but I suspect this is how reining in the growth of the surveillance state becomes an item perpetually on next year?s agenda. From rforno at infowarrior.org Wed Jan 12 19:25:24 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 12 Jan 2011 20:25:24 -0500 Subject: [Infowarrior] - Pentagon Credit Union dataloss Message-ID: Infected PC Compromises Pentagon Credit Union By Paul Roberts Created 01/12/2011 - 12:23pm https://threatpost.com/en_us/print/7999 The Pentagon Federal Credit Union (PenFed) issued a statement to the New Hampshire Attorney General that said data, including the names, addresses, Social Security Numbers and PenFed banking and credit card account information of its members were accessed by the infected PC. The full size of the breach is not known, but 514 New Hampshire residents were affected, which suggests that the breach could effect tens of thousands of current and former members and family of military, Department of Homeland Security, and Department of Defense. By comparison, a breach by the touring firm Twin America, [2]disclosed in December, 2010, affected around 300 New Hampshire residents, but 100,000 people nationally. PenFed [3]was chartered in 1935 and now serves close to one million members of the military and defense related agencies, with $15 billion in assets, according to the credit union's Web site. The organization said it learned of the attack on December 12 and immediately took action to eliminate it. PenFed says it has identified the means by which the information was accessed and taken steps to prevent a similar breach from occurring. It has also reissued credit and debit cards to affected customers. PenFed says it doesn't know of any efforts to misuse the stolen information, but the organization's connection to members of the military, Department of Defense and other U.S. government agencies may well raise the spectre of state-sponsored attack that may, or may not have a financial motive. A recent report by the Department of Defense's Defense Security Services [4] concluded that Internet bases spying and targeted attacks connected to foreign governments continue to be a major concern, with malware and targeted "phishing" attacks on government employees offering a "low cost, high gain" method of obtaining sensitive data. From rforno at infowarrior.org Thu Jan 13 09:46:23 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 13 Jan 2011 10:46:23 -0500 Subject: [Infowarrior] - J.P. Morgan Chase to end services for diplomats; other banks ready to follow Message-ID: <4B3B126C-0DBD-49D1-8195-FF779D1E5DE6@infowarrior.org> J.P. Morgan Chase to end services for diplomats; other banks ready to follow By Colum Lynch Washington Post Staff Writer Wednesday, January 12, 2011; 11:58 PM http://www.washingtonpost.com/wp-dyn/content/article/2011/01/12/AR2011011205803_pf.html UNITED NATIONS - Dear foreign diplomats, U.S. banks might not want your business. On March 31, J.P. Morgan Chase plans to shut down its division serving the banking needs of New York- and Washington-based diplomats as well as foreign governments. In a terse letter, Chase recently wrote that "we recommend that you open a bank account with another financial institution, and begin using it immediately in order to minimize any disruption." The move by Chase - which came without explanation - marks the latest instance in which an American financial institution has cut off services to a foreign mission. In November, Bank of America cut off five accounts held by the Angolan Embassy in Washington, and several other banks have told U.S. officials they plan to get out of diplomatic banking. Diplomats say they now fear they won't be able to carry out their most basic functions in the United States. So far, Chase and other banks have not explained why they are curtailing services for the diplomatic community. U.S. and foreign diplomats say they believe banks are simply trying to avoid the high costs associated with monitoring accounts for signs of money laundering or terrorist activities. Indeed, banks have faced mounting pressure from lawmakers and federal regulators to ensure that they are not helping foreign leaders and their representatives launder ill-gotten gains around the world. In a measure of American concern about the impact of the banks' actions on foreign embassies and missions, the State Department will dispatch Patrick Kennedy, the U.S. undersecretary of state for management, to the United Nations on Thursday to help governments find alternative ways of meeting their banking needs. In an interview, Kennedy said banks have simply determined that banking for diplomats is not sufficiently profitable. "Dealing with a foreign government is more complex than dealing with Joe's Pizza Parlor," he said. "If there is a potential for greater risk, they are going to be a little more concerned." Already the closure of diplomatic accounts has had an impact on scores of countries, including powerful and wealthy governments such as France and Singapore, which will probably have little trouble finding a new bank to handle their affairs. Poorer governments, particularly those in Africa, are struggling to find banks to manage their accounts. Even those whose accounts have not been closed worry they could be next. "What happened with Chase can also hurt us," said Atoki Ileka, Congo's ambassador to the United Nations. Congo banks at Citibank. "To tell you the truth, Citibank is looking very closely at the way I'm banking. Sometimes when they see I have an unexpected amount of money coming in they call me to ask where it has come from. It's a bit humiliating, but we have to be very calm and very diplomatic to deal with these kinds of issues." One of Washington's most storied lenders, Riggs Bank, was at the center of a political scandal after revelations that it had channeled money through Saudi Arabia to two terrorists linked to the Sept. 11, 2001, attacks. In May 2004, Riggs Bank agreed to pay $25 million in civil penalties for what federal regulators called the "willful systemic" violation of anti-money-laundering laws in its dealings with the embassies of Saudi Arabia and Equatorial Guinea. In recent years, Senate investigators have mounted high-profile investigations into the efforts of government officials in Angola, Gabon and Equatorial Guinea to channel through U.S. banks millions of dollars potentially tied to corrupt activities. "My sense is that this has much to do with the general crackdown on illicit financing," said Matthew Levitt, a former deputy assistant secretary of intelligence and analysis at the Treasury Department. "There is a building global appreciation for the need to protect oneself from risk." The decision by Bank of America to close down Angola's accounts - which was first reported by Foreign Policy's Cable blog - was made without explanation. It came months after the Senate subcommittee on investigations, chaired by Sen. Carl M. Levin (D-Mich.), conducted a probe into Angola's transfer of illicit funds through U.S. banks. The investigation noted that Bank of America opened at least 30 accounts in Scottsdale, Ariz., for Pierre Falcone, an Angolan ambassador who was sentenced to six years in prison for arms trafficking. A spokesman for the bank, Jefferson George, declined to discuss the decision, saying: "Due to confidentiality, we can't comment on specific client relationships. What I can tell you is that Bank of America-Merrill Lynch is actively committed to providing banking services for the diplomatic community. We're still working with the diplomatic community and have no plans to change now. " A spokesman for J.P. Morgan Chase, Thomas Kelly, declined to comment on the bank's decision. The banking giant told diplomats in its Sept. 30 letter - which was first reported by the Wall Street Journal - that its decision to get out of the diplomatic banking business was not taken in response to improper behavior on the part of its clients. "This business decision does not reflect on your organization or how you have handled your accounts," the letter said. The bank also pledged to continue to service diplomats' personal accounts. The Obama administration has said it has no authority to require private commercial entities to do business with foreign banks. But under a 1947 U.N. agreement, the United States, as the United Nations' host country, is obliged to ensure that foreign missions have access to "necessary public services." Kennedy said the State Department is trying to persuade banks that have cut off service to diplomats to reconsider their decision and to persuade other banks to get into the business. From rforno at infowarrior.org Thu Jan 13 10:05:20 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 13 Jan 2011 11:05:20 -0500 Subject: [Infowarrior] - Senators say military cyber ops not disclosed Message-ID: <477B694C-C148-4717-98FA-2510250F9449@infowarrior.org> Senators say military cyber ops not disclosed By LOLITA C. BALDOR The Associated Press Wednesday, January 12, 2011 http://www.washingtonpost.com/wp-dyn/content/article/2011/01/12/AR2011011204042.html WASHINGTON -- The Pentagon failed to disclose clandestine cyber activities in a classified report on secret military actions that goes to Congress, according to a Senate document that provides a public peek at oversight concerns surrounding the government's computer war capabilities. A brief written exchange between Senate questioners and the Pentagon's assistant secretary for special operations, Michael Vickers, underscores unresolved questions about how and when the Pentagon conducts cyber warfare, and about the guidelines for military action in the event of a computer-based attack on the U.S. The U.S. military's use of offensive cyber warfare has only rarely been disclosed, the most well-known instance being the electronic jamming of Iraqi military and communications networks just before the lightning strike against Saddam Hussein's army in 2003. But Pentagon officials have been clear that cyber espionage and attacks from well-funded nations or terror groups are the biggest threats to military networks, including critical battlefield communications. Adm. Mike Mullen, chairman of the Joint Chiefs of Staff, told reporters Wednesday that the cyber threat from China is significant and that the Defense Department needs to focus more on cyber warfare. The Pentagon has made a lot of changes to deal with the threat, he said in remarks at the Foreign Press Center, but added that the U.S. has to "come to a place where, again, those threats are diminished, if not eliminated." The growing threat has been evident in recent global clashes including the Internet blitz against Georgian government sites just before the Russians invaded in 2008 and the Chinese government's reported efforts to develop computer viruses to attack enemy networks. The Pentagon created Cyber Command to better deal with the threats, but has yet to clearly define the parameters of its offensive and defensive cyber operations. Nowhere does the brief Senate exchange obtained by The Associated Press detail the cyber activities that were not disclosed. But cyber experts suggest they may have involved secret operations against insurgents in Iraq and Afghanistan, and could possibly include other hotspots such as Yemen or Somalia. The exchange emerged in a question posed to the Vickers, who has been nominated as undersecretary of defense for intelligence. The Senate Armed Services Committee voiced concerns that cyber activities were not included in the quarterly report on clandestine activities. But Vickers, in his answer, suggested that such emerging high-tech operations are not specifically listed in the law - a further indication that cyber oversight is still a murky work in progress for the Obama administration. Vickers told the committee that the requirement specifically calls for clandestine human intelligence activity. But if confirmed, he said, he would review the reporting requirements and support expanding the information included in the report. "It would be my intent, if confirmed, to fully comply with that responsibility, to include cyber activities," he said. The exchange was included in 33 pages of Senate questions and answers from Vickers in preparation for his nomination hearing. No hearing date has been set. Pentagon spokesman Cmdr. Bob Mehal declined to discuss the clandestine activities report or the answers Vickers submitted to the panel, because the report is classified, and Vickers' submission has not been made public. James Lewis, a cyber security expert and longtime consultant for the government on such high-tech related issues, said it is likely the committee complaint referred to ongoing military cyber activities in the Iraq and Afghanistan wars, although there also could be similar efforts in Yemen or other countries where the U.S. is supporting counterinsurgency operations. Lewis said there have been longstanding tensions between the congressional committees and the various military and intelligence agencies over how much sensitive information is given to lawmakers, as well as historical turf battles that have played out repeatedly between the various panels with overlapping oversight of military and intelligence. The oblique exchange between Vickers and the Senate panel also highlight congressional efforts to map out strict oversight and command and control guidelines for the military's shadowy cyber role. "Congress members and staff always feel they should be getting much more info about clandestine operations than they get," said Lewis. He added that while there are times when it's better to strictly control access to some classified information, there is still "a legitimate need for oversight since such clandestine activity can have political consequences." The exchanges between Vickers and the Senate panel also cover a wide range of other intelligence issues. If confirmed, Vickers said, his big challenge would be the continuing struggle to meet the military's "unmet demand" for intelligence as the U.S. fights two wars and works to dismantle terrorist networks, including those in Yemen and Somalia. Asked whether the intelligence community has devoted enough counterterrorism resources to Yemen and Somalia, Vickers said the military needs more intelligence and special operations forces with language and cultural expertise. He added that he would like to see funding increase from $40 million to $50 million for counterterror operations in Iraq and Afghanistan and efforts to train other nations' forces. Such training is being done in a number of countries including Yemen and Pakistan. Vickers also offered a sharp condemnation of recent leaks of classified data. He did not specifically cite the more than a quarter-million diplomatic records obtained by WikiLeaks, but he said unauthorized disclosures are among the most serious problems he would face. "The spate of unauthorized disclosures of very sensitive information places our forces, our military operations and our foreign relations at risk," he said. Vickers, a former Green Beret, has had a long and storied career, including his engineering the clandestine arming of Afghan rebels who drove the Soviet Union out of their country in the 1980s. His role in one of the largest covert actions in the CIA history was chronicled in the 2003 book "Charlie Wilson's War," which became a film in 2007. From rforno at infowarrior.org Thu Jan 13 17:02:59 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 13 Jan 2011 18:02:59 -0500 Subject: [Infowarrior] - Police turn to drones for domestic surveillance Message-ID: <6CED883D-DA33-4366-B9BF-E458210C7A60@infowarrior.org> Police turn to drones for domestic surveillance http://www.usatoday.com/tech/news/surveillance/2011-01-13-drones_N.htm By Larry Copeland, USA TODAY Police agencies around the USA soon could have a new tool in their crime-fighting arsenal: unmanned aerial vehicles inspired by the success of such drones on the battlefields of Iraq and Afghanistan. Local governments have been pressing the Federal Aviation Administration for wider use of unmanned aircraft ? a demand driven largely by returning veterans who observed the crafts' effectiveness in war, according to experts at New Mexico State University and Auburn University. Police could use the smaller planes to find lost children, hunt illegal marijuana crops and ease traffic jams in evacuations of cities before hurricanes or other natural disasters. The FAA is expected this year to propose new rules for smaller unmanned aircraft, a process that will include input from the public, says FAA spokesman Les Dorr. The agency also is talking with the Justice Department and national law enforcement groups "about possibly trying to streamline the process of applying for certificates of authorization" to operate such planes, he says. Drones have flown in the USA for several years but have been limited to restricted airspace and to portions of the borders with Canada and Mexico. The FAA authorized the Physical Science Laboratory at New Mexico State University to research the issues involved. "We're extremely interested in being able to pave the way to integrate unmanned aircraft into the civil air space," says Doug Davis, deputy director of the Technical Analysis and Applications Center at NMSU. Davis says UAVs, or unmanned aerial vehicles, range in size from 15 ounces to 34,000 pounds and a wing span bigger than a Boeing 737. One of the chief obstacles to widespread use of UAVs is their inability to "see and avoid" other aircraft as required by federal regulations, a key to flight safety. Davis says he believes operators on the ground can comply with federal rules if they can see the aircraft and the surrounding environment. Wesley Randall, principal investigator on an FAA grant awarded last year to researchers at Auburn University to study the risks associated with unmanned aircraft, predicts drones will be used by police departments in five to 10 years. Randall predicts that much larger unmanned aircraft will be used to transport cargo within 15-20 years. No local police departments have been authorized to use unmanned aircraft, although police departments in Houston and Miami have conducted field tests of such planes, Dorr says. The Miami-Dade Police Department has tested two 18-pound UAVs equipped with a camera for about 18 months, Sgt. Andrew Cohen says. The department has been licensed to operate the craft up to 200 feet in the air, but the drone must remain within 1,000 feet of the operator. Cohen says the department wants to use the craft to reduce risks to manned aircraft or personnel in circumstances involving a hostage situation or a barricaded suspect. "It's an opportunity to increase safety for the officers," Cohen says. From rforno at infowarrior.org Thu Jan 13 17:11:12 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 13 Jan 2011 18:11:12 -0500 Subject: [Infowarrior] - ep. Peter King Wants Treasury Dept. To Put Wikileaks On Terrorist List Message-ID: <43A70ED8-0F51-43BD-A9B8-A530109C2335@infowarrior.org> (BTW King has his own history with allegedly supporting terrorism via the IRA. http://www.salon.com/news/politics/war_room/2011/01/07/peter_king_ira_bombing_survivor) Rep. Peter King Wants Treasury Dept. To Put Wikileaks On Terrorist List from the overreact-much? dept http://www.techdirt.com/articles/20110113/01220912647/rep-peter-king-wants-treasury-dept-to-put-wikileaks-terrorist-list.shtml Apparently Rep. Peter King is in a competition with Senator Joe Lieberman to see who can overreact more to Wikileaks. It seems like a neck-and-neck competition, with Peter King's brand of craziness potentially taking the lead. King, of course, was the guy who insisted that Wikileaks should be declared a terrorist organization and claimed (with nothing whatsoever to back this up) that the cable leak was worse than a military attack. His latest move is to ask Treasury Secretary Timothy Geithner to add Wikileaks to the Treasury Department's "Specially Designated National and Blocked Persons List," which is usually used to designate terrorist and organized crime operations. So while Lieberman merely used political pressure to get companies to block or censor Wikileaks, King wants it to become official government policy that no US companies or individuals should be doing anything with Wikileaks. Overreact much? From rforno at infowarrior.org Thu Jan 13 18:30:23 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 13 Jan 2011 19:30:23 -0500 Subject: [Infowarrior] - Computer beats 'Jeopardy' champs in test round Message-ID: <9A44DDC4-01A5-4BF8-8BA2-75849C39C6B0@infowarrior.org> http://www.msnbc.msn.com/id/41065439/ns/technology_and_science-innovation/ Computer beats 'Jeopardy' champs in test round IBM's Watson built to play game show ... and keep track of vast information databases By David R. Martin and Jim Fitzgerald The Associated Press updated 14 minutes ago 2011-01-14T00:11:30 YORKTOWN HEIGHTS, N.Y. ? The clue: It's the size of 10 refrigerators, has access to the equivalent of 200 million pages of information and knows how to answer in the form of a question. The correct response: "What is the computer IBM developed to become a 'Jeopardy' whiz?" Watson, a "Jeopardy"-playing computer that IBM says marks a profound advance in artificial intelligence, edged out game-show champions Ken Jennings and Brad Rutter on Thursday in its first public test, a short practice round ahead of a million-dollar tournament that will be televised next month. Later, the human contestants made jokes about the "Terminator" movies and robots from the future. Indeed, four questions into the round, you had to wonder if the rise of the machines was already upon us ? in a trivial sense at least. Watson tore through a category about female archaeologists, repeatedly activating a mechanical button before either Ken Jennings or Brad Rutter could buzz in, then nailing the questions: "What is Jericho?" "What is Crete?" Its gentle male voice even scored a laugh when it said, "Let's finish 'Chicks Dig Me.'" Jennings, who won a record 74 consecutive "Jeopardy" games in 2004-05, then salvaged the category, winning $1,000 by identifying the prehistoric human skeleton Dorothy Garrod found in Israel: "What is Neanderthal?" He and Rutter, who won a record of nearly $3.3 million in prize money, had more success on questions about children's books and the initials "M.C.," though Watson knew about "Harold and the Purple Crayon" and that it was Maurice Chevalier who sang "Thank Heaven for Little Girls" in the film "Gigi." The computer pulled in $4,400 in the practice round, compared with $3,400 for Jennings and $1,200 for Rutter. Watson is powered by 10 racks of IBM servers running the Linux operating system. It's not connected to the Internet but has digested encyclopedias, dictionaries, books, news, movie scripts and more. The system is the result of four years of work by IBM researchers around the globe, and although it was designed to compete on "Jeopardy," the technology has applications well beyond the game, said John Kelly III, IBM director of research. He said the technology could help doctors sift through massive amounts of information to draw conclusions for patient care, and could aid professionals in a wide array of other fields. "What Watson does and has demonstrated is the ability to advance the field of artificial intelligence by miles," he said. Watson, named for IBM founder Thomas J. Watson, is reminiscent of IBM's famous Deep Blue computer, which defeated chess champion Garry Kasparov in 1997. But while chess is well-defined and mathematical, "Jeopardy" presents a more open-ended challenge involving troves of information and complexities of human language that would confound a normal computer. "Language is ambiguous; it's contextual; it's implicit," said IBM scientist David Ferrucci, a leader of the Watson team. Sorting out the context ? especially in a game show filled with hints and jokes ? is an enormous job for the computer, which also must analyze how certain it is of an answer and whether it should risk a guess, he said. The massive computer was not behind its podium between Jennings and Rutter; instead, it was represented by an IBM Smart Planet icon on an LCD screen. Next stop: 'Terminator'? The practice round was played on a stage at an IBM research center in Yorktown Heights, north of Manhattan and across the country from the game show's home in California. A real contest among the three, to be televised Feb. 14-16, will be played at IBM on Friday. The winner of the televised match will be awarded $1 million. Second place gets $300,000, third place $200,000. IBM, which has headquarters in Armonk, said it would give its winnings to charity, while Jennings and Rutter said they would give away half theirs. In a question-and-answer session with reporters after the practice round, Rutter and Jennings made joking reference to the jump in technology Watson represents. "When Watson's progeny comes back to kill me from the future," Rutter said, "I have my escape route planned just in case." Jennings said someone suggested his challenge was like the legend of John Henry, the 19th-century laborer who beat a steam drill in a contest but died in the effort. Jennings prefers a comparison to "Terminator," where the hero was a little more resilient. "I had a friend tell me, 'Remember John Henry, the steel-drivin' man.' And I was like ... 'Remember John Connor!'" Jennings said. "We're gonna take this guy out!" Associated Press writer Leon Drouin-Keith in New York City contributed to this report. From rforno at infowarrior.org Thu Jan 13 19:22:29 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 13 Jan 2011 20:22:29 -0500 Subject: [Infowarrior] - Pentagon Deletes Social Media Office Message-ID: <89B164C5-2D47-4920-A7FA-B713068AE75C@infowarrior.org> Unfollowed: Pentagon Deletes Social Media Office ? By Spencer Ackerman ? January 13, 2011 | ? 5:53 pm | ? Categories: Info War http://www.wired.com/dangerroom/2011/01/unfollowed-pentagon-deletes-social-media-office/ At a time when Facebook has 500 million users and Twitter is closing in on 200 million, the Pentagon no longer has a single person guiding its communications shop on how to use social media to get the military?s message out. Gone are communication pro Price Floyd and technology exec Sumit Agarwal, the two men brought in during the past two years to get the Pentagon comfortable with online interaction in the 21st century. Floyd, a relentless tweeter, decamped in August to join defense giant BAE Systems. Agarwal, a former Google manager, now works on cybersecurity issues in the Pentagon policy directorate. Their old boss, assistant security of defense for public affairs Douglas Wilson, decided not to replace Agarwal, who left in November. Instead, now that the Facebook pages and Twitter feeds they set up are in place, Wilson says using social media ought to be the responsibility of the approximately 100 people he oversees. ?I was increasingly concerned our approach to social media was a stovepiped professional area,? he tells Danger Room. ?It?s important for people in press operations, community and public outreach and communications and planning to be able to know how to use and access Facebook, Twitter and the other social media tools, rather than just have a single unit or single person do nothing but social media.? Time will tell if Pentagon Social Media 2.0 is an actual upgrade. For one thing, it?s doesn?t make policy on servicemembers? access to YouTube or Facebook, ? a deeply controversial topic in certain military circles. The Pentagon?s shockingly open social media guidelines expire on March 1st. Deputy Defense Secretary William Lynn is in charge of deciding whether a soldier in Afghanistan should be allowed to tweet freely over military networks. He?s also one of the officials sounding the alarm about the Pentagon?s need to secure its networks. Given the new mindfulness in the post-WikiLeaks Pentagon about the downside of online communications tools, it?s worth wondering how the Pentagon will strike the new balance without an active social-media point person arguing for openness. Wilson denies that social media will be placed on the back burner. Rather, he says, it?s the new normal inside his communications shop. ?Our people are being trained in how best to use [social media], apply it to their day-to-day work, beyond sending personal Twitter messages or being on Facebook on their own,? Wilson says. From there, they advise the military services on how to interact with their followers and Facebook fans. That is, if the services ask the Pentagon for help: they tend to have bigger online presences than the Pentagon. But some of the ways that Wilson?s people adapt social media to their workaday responsibilities are more reactive than interactive themselves. Harold Hielsnis, who runs the Public Affairs Research and Analysis office, says that he now trolls Twitter, Facebook, and Google?s blog search to figure out what people interested in defense are saying about. But if others working for Wilson are engaging with the defense community, Hielsnis isn?t one of them: He?s not on either Twitter or Facebook himself. It?s up to the press shop to figure out whether and how they want to use his social media-informed research. And don?t expect to see in explosion in Pentagon tweeters with handles like @DODJohnny. A single staffer, whom Hielsnis declined to identify, maintains the Department?s Facebook page and Twitter feed, so the department speaks in a single virtual voice. ?We are a centralized organization and we work in that way,? he says. But it needs to be said that whomever is in charge of those accounts is familiar with all internet traditions. Both are filled with material that engages with people?s concerns about the military, as with this tweet today directing @AZBoojum to a feed where he could get information on traumatic brain injury. The Defense Department?s Facebook wall is a defense-community sounding board, and the page itself acts as a portal to all things military. Personally, I wouldn?t have known that the military was extending the time it was taking for troops to recoup any extra stop-loss pay if it weren?t for the Pentagon?s social media outreach. That might be why Floyd isn?t sweating the lack of a social media chief. ?The policy is in place,? he emails from the U.K., ?no need to have a champion since it is being implemented literally everywhere.? There are some mixed signals, though. With the exception of longtime social media maven Lt. Gen. William Caldwell, it?s been months since the Pentagon?s blogger roundtables ? which this blog engages in, and did so as recently as this morning ? featured a prominent general or flag officer Wilson says social media is now a part of his shop?s muscle memory, something that should come naturally given that it?s hard to find professionals in the D.C. area who aren?t using some form of social media. (Hell, even Donald Rumsfeld is.) ?There are a lot of people in here who do their own personal little Twitter accounts,? he says ? before conceding, ?I don?t.? From rforno at infowarrior.org Fri Jan 14 05:42:36 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 14 Jan 2011 06:42:36 -0500 Subject: [Infowarrior] - WH Tour Cybersecurity: Send In Your SSN - Via Unencrypted, Unprotected Email! Message-ID: <7779DDF6-666A-4255-81A9-65A69BAD061E@infowarrior.org> Begin forwarded message: From: Lauren Weinstein Date: January 13, 2011 11:42:16 PM EST White House Tour Cybersecurity: Send In Your SSN - Via Unencrypted, Unprotected Email! http://lauren.vortex.com/archive/000799.html Greetings. Before the U.S. government proceeds at all with their controversial and risky Trusted Identities in Cyberspace Internet ID scheme ( http://bit.ly/eZug4M ), perhaps they should demonstrate their ability to follow for themselves the most basic of Internet security procedures. Very large numbers of persons tour the White House every year. All prospective tour guests 14 years of age and older are required to pre-submit their Social Security Numbers (SSN) for security checks (apparently it is common for children under the age 14 to have their SSNs submitted as well). One might assume that information as sensitive as SSNs would be handled by the associated authorities with the same care and diligence as, say, a typical bank Web site -- using SSL/TLS encryption for the protection of this data that is so often abused for identity fraud. But that assumption would apparently be false. An array of Congressional Web sites instruct would-be White House tour guests to submit their personal information (names, dates of birth, *social security numbers*, etc.) via *standard unencrypted e-mail* to (for example) various addresses @mail.house.gov! Here are just a few randomly selected examples where (apparently customized by Congressional district in these cases) White House Tour "XLS" Security Forms are provided for download along with instructions for emailing them in for processing -- ( Form: http://bit.ly/frTSn4 [house.gov] ): Congressman Steve King: http://bit.ly/gqPG5L [house.gov] Congressman Raul M. Grijalva: http://bit.ly/gQbUyV [house.gov] Congressman John Kline: http://bit.ly/dUT4YY [house.gov] And so on. Search around a bit for yourself -- you'll easily find others. In fact, it appears that emailing back the Security Forms -- with absolutely no Internet transit protection for the personal information included such as SSNs, is the standard mechanism that Congress is mostly using -- and presumably the White House has approved -- for White House tour requests. If an insurance company, bank, or even a local school were caught telling persons to submit required personal information such as Social Security Numbers via easily diverted, observed, and otherwise abused unencrypted email channels, there would likely be investigations and hell to pay. But Congress and the White House -- the same entities who presumably wish to play such important "Cybersecurity" roles, apparently can't even handle this basic aspect of Internet security correctly. Yet we're supposed to trust their judgment relating to the creation of a vast and complex Internet Trusted Identities infrastructure. It would actually be quite funny -- if it weren't so utterly frightening. --Lauren-- Lauren Weinstein (lauren at vortex.com) http://www.vortex.com/lauren Tel: +1 (818) 225-2800 Co-Founder, PFIR (People For Internet Responsibility): http://www.pfir.org Founder, NNSquad (Network Neutrality Squad): http://www.nnsquad.org Founder, GCTIP (Global Coalition for Transparent Internet Performance): http://www.gctip.org Founder, PRIVACY Forum: http://www.vortex.com Member, ACM Committee on Computers and Public Policy Lauren's Blog: http://lauren.vortex.com Twitter: https://twitter.com/laurenweinstein Google Buzz: http://bit.ly/lauren-buzz From rforno at infowarrior.org Fri Jan 14 08:54:58 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 14 Jan 2011 09:54:58 -0500 Subject: [Infowarrior] - Results: "Rename The DMZ!" Contest Message-ID: Here are selected comments from the 'Rename The DMZ!' contest I announced the other day. No clear winner, but lots of snark. --- rick < -- > DMZ --- It is a fantastic name - an inherently flawed architecture that is incredibly expensive and does not work in the real world. Single best representative concept in the business < -- > Point of Cyberspatial Demarcation (PCD) < -- > I'll bite: Mobius. (maybe Mobius zone? Mobius network?) The Mobius strip doesn't have an inside or outside, per se. Similarly, that-which-we-until-recently-called-the-DMZ isn't really inside or outside, but shares some attributes with both. And just as what you see when you look at a Mobius strip depends on how you look at it, what goes in the Mobius nee DMZ is highly implementation-dependent. < -- > Vapor-Lock Zone < -- >. Communications Unrequited Traffic Zone < -- > The Taint. It's between the a---hole (the internet) and the... interior. *ahem* < -- > I agree in spirit that it's not a great name, although I disagree with this explanation - it's DE-militarized, so by definition there should be no offensive capabilities within the DMZ (even though there may also be no offensive capabilities outside of the DMZ either). The name actually does make sense in the context that it's sort of a no-man's land between two heavily fortified lines which is probably what most of us military lay-people think of when we hear it in reference to Korea.... Nonetheless, as sort of an insulated area between the trusted internal network and the Internet, it always brought to my mind an image of a thermos bottle - the trusted network inside, the Internet outside, and the DMZ in between the inner and outer walls. So my proposal is the Dewar Zone as in Dewar Flask, which invokes (at least to my mind) a decent image of what's going on. Thermos Zone might be a little more accessible, but hasn't Stanley already suffered enough from having their trademark genericized? Since Dewar starts with 'D' it also gives us an opportunity for a backronym like "Dewar Managed Zone" or something similar so people can still use DMZ (although this would still probably be no good for military folks). From rforno at infowarrior.org Sat Jan 15 22:58:02 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 15 Jan 2011 23:58:02 -0500 Subject: [Infowarrior] - Library clears its shelves in protest at closure threat Message-ID: Library clears its shelves in protest at closure threat Users urged to take out full allowance of library books in campaign to keep Stony Stratford branch open ? Maev Kennedy ? guardian.co.uk, Friday 14 January 2011 17.47 GM http://www.guardian.co.uk/books/2011/jan/14/stony-stratford-library-shelves-protest The library at Stony Stratford, on the outskirts of Milton Keynes, looks like the aftermath of a crime, its shell-shocked staff presiding over an expanse of emptied shelves. Only a few days ago they held 16,000 volumes. Now, after a campaign on Facebook, there are none. Every library user was urged to pick their full entitlement of 15 books, take them away and keep them for a week. The idea was to empty the shelves by closing time on Saturday: in fact with 24 hours to go, the last sad bundle of self-help and practical mechanics books was stamped out. Robert Gifford, chair of Stony Stratford town council, planned to collect his books when he got home from work in London, but left it too late. The empty shelves, as the library users want to demonstrate, represent the gaping void in their community if Milton Keynes council gets its way. Stony Stratford, an ancient Buckinghamshire market town famous only for its claim that the two pubs, the Cock and the Bull, are the origin of the phrase "a cock and bull story", was one of the communities incorporated in the new town in 1967. The Liberal Democrat council, made a unitary authority in 1997, now faces budget cuts of ?25m and is consulting on closing at least two of 10 outlying branch libraries. Stony Stratford council got wind in December and wrote to all 6,000 residents ? not entirely disinterestedly, as the council meets in the library, like many other groups in the town. "In theory the closure is only out for consultation," Gifford said, "but if we sit back it will be too late. One man stopped me in the street and said, 'The library is the one place where you find five-year-olds and 90-year-olds together, and it's where young people learn to be proper citizens'. It's crazy even to consider closing it."? they should be finding ways to expand its services and bring even more people in." Emily Malleson, of the Friends of Stony Stratford Library, said: "I was lucky, I got in early, so I got some nice children's books ? and my children came along and took out all their books too. I had to bring the car to get them all home.The late-comers just had to take whatever was left." From rforno at infowarrior.org Sat Jan 15 23:00:18 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 16 Jan 2011 00:00:18 -0500 Subject: [Infowarrior] - Israel Tests on Worm Called Crucial in Iran Nuclear Delay Message-ID: January 15, 2011 Israel Tests on Worm Called Crucial in Iran Nuclear Delay By WILLIAM J. BROAD, JOHN MARKOFF and DAVID E. SANGER This article is by William J. Broad, John Markoff and David E. Sanger. http://www.nytimes.com/2011/01/16/world/middleeast/16stuxnet.html The Dimona complex in the Negev desert is famous as the heavily guarded heart of Israel?s never-acknowledged nuclear arms program, where neat rows of factories make atomic fuel for the arsenal. Over the past two years, according to intelligence and military experts familiar with its operations, Dimona has taken on a new, equally secret role ? as a critical testing ground in a joint American and Israeli effort to undermine Iran?s efforts to make a bomb of its own. Behind Dimona?s barbed wire, the experts say, Israel has spun nuclear centrifuges virtually identical to Iran?s at Natanz, where Iranian scientists are struggling to enrich uranium. They say Dimona tested the effectiveness of the Stuxnet computer worm, a destructive program that appears to have wiped out roughly a fifth of Iran?s nuclear centrifuges and helped delay, though not destroy, Tehran?s ability to make its first nuclear arms. ?To check out the worm, you have to know the machines,? said an American expert on nuclear intelligence. ?The reason the worm has been effective is that the Israelis tried it out.? Though American and Israeli officials refuse to talk publicly about what goes on at Dimona, the operations there, as well as related efforts in the United States, are among the newest and strongest clues suggesting that the virus was designed as an American-Israeli project to sabotage the Iranian program. In recent days, the retiring chief of Israel?s Mossad intelligence agency, Meir Dagan, and Secretary of State Hillary Rodham Clinton separately announced that they believed Iran?s efforts had been set back by several years. Mrs. Clinton cited American-led sanctions, which have hurt Iran?s ability to buy components and do business around the world. The gruff Mr. Dagan, whose organization has been accused by Iran of being behind the deaths of several Iranian scientists, told the Israeli Knesset in recent days that Iran had run into technological difficulties that could delay a bomb until 2015. That represented a sharp reversal from Israel?s long-held argument that Iran was on the cusp of success. The biggest single factor in putting time on the nuclear clock appears to be Stuxnet, the most sophisticated cyberweapon ever deployed. In interviews over the past three months in the United States and Europe, experts who have picked apart the computer worm describe it as far more complex ? and ingenious ? than anything they had imagined when it began circulating around the world, unexplained, in mid-2009. Many mysteries remain, chief among them, exactly who constructed a computer worm that appears to have several authors on several continents. But the digital trail is littered with intriguing bits of evidence. In early 2008 the German company Siemens cooperated with one of the United States? premier national laboratories, in Idaho, to identify the vulnerabilities of computer controllers that the company sells to operate industrial machinery around the world ? and that American intelligence agencies have identified as key equipment in Iran?s enrichment facilities. Seimens says that program was part of routine efforts to secure its products against cyberattacks. Nonetheless, it gave the Idaho National Laboratory ? which is part of the Energy Department, responsible for America?s nuclear arms ? the chance to identify well-hidden holes in the Siemens systems that were exploited the next year by Stuxnet. The worm itself now appears to have included two major components. One was designed to send Iran?s nuclear centrifuges spinning wildly out of control. Another seems right out of the movies: The computer program also secretly recorded what normal operations at the nuclear plant looked like, then played those readings back to plant operators, like a pre-recorded security tape in a bank heist, so that it would appear that everything was operating normally while the centrifuges were actually tearing themselves apart. The attacks were not fully successful: Some parts of Iran?s operations ground to a halt, while others survived, according to the reports of international nuclear inspectors. Nor is it clear the attacks are over: Some experts who have examined the code believe it contains the seeds for yet more versions and assaults. ?It?s like a playbook,? said Ralph Langner, an independent computer security expert in Hamburg, Germany, who was among the first to decode Stuxnet. ?Anyone who looks at it carefully can build something like it.? Mr. Langner is among the experts who expressed fear that the attack had legitimized a new form of industrial warfare, one to which the United States is also highly vulnerable. Officially, neither American nor Israeli officials will even utter the name of the malicious computer program, much less describe any role in designing it. But Israeli officials grin widely when asked about its effects. Mr. Obama?s chief strategist for combating weapons of mass destruction, Gary Samore, sidestepped a Stuxnet question at a recent conference about Iran, but added with a smile: ?I?m glad to hear they are having troubles with their centrifuge machines, and the U.S. and its allies are doing everything we can to make it more complicated.? In recent days, American officials who spoke on the condition of anonymity have said in interviews that they believe Iran?s setbacks have been underreported. That may explain why Mrs. Clinton provided her public assessment while traveling in the Middle East last week. By the accounts of a number of computer scientists, nuclear enrichment experts and former officials, the covert race to create Stuxnet was a joint project between the Americans and the Israelis, with some help, knowing or unknowing, from the Germans and the British. The project?s political origins can be found in the last months of the Bush administration. In January 2009, The New York Times reported that Mr. Bush authorized a covert program to undermine the electrical and computer systems around Natanz, Iran?s major enrichment center. President Obama, first briefed on the program even before taking office, sped it up, according to officials familiar with the administration?s Iran strategy. So did the Israelis, other officials said. Israel has long been seeking a way to cripple Iran?s capability without triggering the opprobrium, or the war, that might follow an overt military strike of the kind they conducted against nuclear facilities in Iraq in 1981 and Syria in 2007. Two years ago, when Israel still thought its only solution was a military one and approached Mr. Bush for the bunker-busting bombs and other equipment it believed it would need for an air attack, its officials told the White House that such a strike would set back Iran?s programs by roughly three years. Its request was turned down. Now, Mr. Dagan?s statement suggests that Israel believes it has gained at least that much time, without mounting an attack. So does the Obama administration. For years, Washington?s approach to Tehran?s program has been one of attempting ?to put time on the clock,? a senior administration official said, even while refusing to discuss Stuxnet. ?And now, we have a bit more.? Finding Weaknesses Paranoia helped, as it turns out. Years before the worm hit Iran, Washington had become deeply worried about the vulnerability of the millions of computers that run everything in the United States from bank transactions to the power grid. Computers known as controllers run all kinds of industrial machinery. By early 2008, the Department of Homeland Security had teamed up with the Idaho National Laboratory to study a widely used Siemens controller known as P.C.S.-7, for Process Control System 7. Its complex software, called Step 7, can run whole symphonies of industrial instruments, sensors and machines. The vulnerability of the controller to cyberattack was an open secret. In July 2008, the Idaho lab and Siemens teamed up on a PowerPoint presentation on the controller?s vulnerabilities that was made to a conference in Chicago at Navy Pier, a top tourist attraction. ?Goal is for attacker to gain control,? the July paper said in describing the many kinds of maneuvers that could exploit system holes. The paper was 62 pages long, including pictures of the controllers as they were examined and tested in Idaho. In a statement on Friday, the Idaho National Laboratory confirmed that it formed a partnership with Siemens but said it was one of many with manufacturers to identify cybervulnerabilities. It argued that the report did not detail specific flaws that attackers could exploit. But it also said it could not comment on the laboratory?s classified missions, leaving unanswered the question of whether it passed what it learned about the Siemens systems to other parts of the nation?s intelligence apparatus. The presentation at the Chicago conference, which recently disappeared from a Siemens Web site, never discussed specific places where the machines were used. But Washington knew. The controllers were critical to operations at Natanz, a sprawling enrichment site in the desert. ?If you look for the weak links in the system,? said one former American official, ?this one jumps out.? Controllers, and the electrical regulators they run, became a focus of sanctions efforts. The trove of State Department cables made public by WikiLeaks describes urgent efforts in April 2009 to stop a shipment of Siemens controllers, contained in 111 boxes at the port of Dubai, in the United Arab Emirates. They were headed for Iran, one cable said, and were meant to control ?uranium enrichment cascades? ? the term for groups of spinning centrifuges. Subsequent cables showed that the United Arab Emirates blocked the transfer of the Siemens computers across the Strait of Hormuz to Bandar Abbas, a major Iranian port. Only months later, in June, Stuxnet began to pop up around the globe. The Symantec Corporation, a maker of computer security software and services based in Silicon Valley, snared it in a global malware collection system. The worm hit primarily inside Iran, Symantec reported, but also in time appeared in India, Indonesia and other countries. But unlike most malware, it seemed to be doing little harm. It did not slow computer networks or wreak general havoc. That deepened the mystery. A ?Dual Warhead? No one was more intrigued than Mr. Langner, a former psychologist who runs a small computer security company in a suburb of Hamburg. Eager to design protective software for his clients, he had his five employees focus on picking apart the code and running it on the series of Siemens controllers neatly stacked in racks, their lights blinking. He quickly discovered that the worm only kicked into gear when it detected the presence of a specific configuration of controllers, running a set of processes that appear to exist only in a centrifuge plant. ?The attackers took great care to make sure that only their designated targets were hit,? he said. ?It was a marksman?s job.? For example, one small section of the code appears designed to send commands to 984 machines linked together. Curiously, when international inspectors visited Natanz in late 2009, they found that the Iranians had taken out of service a total of exactly 984 machines that had been running the previous summer. But as Mr. Langner kept peeling back the layers, he found more ? what he calls the ?dual warhead.? One part of the program is designed to lie dormant for long periods, then speed up the machines so that the spinning rotors in the centrifuges wobble and then destroy themselves. Another part, called a ?man in the middle? in the computer world, sends out those false sensor signals to make the system believe everything is running smoothly. That prevents a safety system from kicking in, which would shut down the plant before it could self-destruct. ?Code analysis makes it clear that Stuxnet is not about sending a message or proving a concept,? Mr. Langner later wrote. ?It is about destroying its targets with utmost determination in military style.? This was not the work of hackers, he quickly concluded. It had to be the work of someone who knew his way around the specific quirks of the Siemens controllers and had an intimate understanding of exactly how the Iranians had designed their enrichment operations. In fact, the Americans and the Israelis had a pretty good idea. Testing the Worm Perhaps the most secretive part of the Stuxnet story centers on how the theory of cyberdestruction was tested on enrichment machines to make sure the malicious software did its intended job. The account starts in the Netherlands. In the 1970s, the Dutch designed a tall, thin machine for enriching uranium. As is well known, A. Q. Khan, a Pakistani metallurgist working for the Dutch, stole the design and in 1976 fled to Pakistan. The resulting machine, known as the P-1, for Pakistan?s first-generation centrifuge, helped the country get the bomb. And when Dr. Khan later founded an atomic black market, he illegally sold P-1?s to Iran, Libya, and North Korea. The P-1 is more than six feet tall. Inside, a rotor of aluminum spins uranium gas to blinding speeds, slowly concentrating the rare part of the uranium that can fuel reactors and bombs. How and when Israel obtained this kind of first-generation centrifuge remains unclear, whether from Europe, or the Khan network, or by other means. But nuclear experts agree that Dimona came to hold row upon row of spinning centrifuges. ?They?ve long been an important part of the complex,? said Avner Cohen, author of ?The Worst-Kept Secret? (2010), a book about the Israeli bomb program, and a senior fellow at the Monterey Institute of International Studies. He added that Israeli intelligence had asked retired senior Dimona personnel to help on the Iranian issue, and that some apparently came from the enrichment program. ?I have no specific knowledge,? Dr. Cohen said of Israel and the Stuxnet worm. ?But I see a strong Israeli signature and think that the centrifuge knowledge was critical.? Another clue involves the United States. It obtained a cache of P-1?s after Libya gave up its nuclear program in late 2003, and the machines were sent to the Oak Ridge National Laboratory in Tennessee, another arm of the Energy Department. By early 2004, a variety of federal and private nuclear experts assembled by the Central Intelligence Agency were calling for the United States to build a secret plant where scientists could set up the P-1?s and study their vulnerabilities. ?The notion of a test bed was really pushed,? a participant at the C.I.A. meeting recalled. The resulting plant, nuclear experts said last week, may also have played a role in Stuxnet testing. But the United States and its allies ran into the same problem the Iranians have grappled with: the P-1 is a balky, badly designed machine. When the Tennessee laboratory shipped some of its P-1?s to England, in hopes of working with the British on a program of general P-1 testing, they stumbled, according to nuclear experts. ?They failed hopelessly,? one recalled, saying that the machines proved too crude and temperamental to spin properly. Dr. Cohen said his sources told him that Israel succeeded ? with great difficulty ? in mastering the centrifuge technology. And the American expert in nuclear intelligence, who spoke on the condition of anonymity, said the Israelis used machines of the P-1 style to test the effectiveness of Stuxnet. The expert added that Israel worked in collaboration with the United States in targeting Iran, but that Washington was eager for ?plausible deniability.? In November, the Iranian president, Mahmoud Ahmadinejad, broke the country?s silence about the worm?s impact on its enrichment program, saying a cyberattack had caused ?minor problems with some of our centrifuges.? Fortunately, he added, ?our experts discovered it.? The most detailed portrait of the damage comes from the Institute for Science and International Security, a private group in Washington. Last month, it issued a lengthy Stuxnet report that said Iran?s P-1 machines at Natanz suffered a series of failures in mid- to late 2009 that culminated in technicians taking 984 machines out of action. The report called the failures ?a major problem? and identified Stuxnet as the likely culprit. Stuxnet is not the only blow to Iran. Sanctions have hurt its effort to build more advanced (and less temperamental) centrifuges. And last January, and again in November, two scientists who were believed to be central to the nuclear program were killed in Tehran. The man widely believed to be responsible for much of Iran?s program, Mohsen Fakrizadeh, a college professor, has been hidden away by the Iranians, who know he is high on the target list. Publicly, Israeli officials make no explicit ties between Stuxnet and Iran?s problems. But in recent weeks, they have given revised and surprisingly upbeat assessments of Tehran?s nuclear status. ?A number of technological challenges and difficulties? have beset Iran?s program, Moshe Yaalon, Israel?s minister of strategic affairs, told Israeli public radio late last month. The troubles, he added, ?have postponed the timetable.? From rforno at infowarrior.org Sun Jan 16 22:12:39 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 16 Jan 2011 23:12:39 -0500 Subject: [Infowarrior] - In New Military, Data Overload Can Be Deadly Message-ID: January 16, 2011 In New Military, Data Overload Can Be Deadly By THOM SHANKER and MATT RICHTEL http://www.nytimes.com/2011/01/17/technology/17brain.html When military investigators looked into an attack by American helicopters last February that left 23 Afghan civilians dead, they found that the operator of a Predator drone had failed to pass along crucial information about the makeup of a gathering crowd of villagers. But Air Force and Army officials now say there was also an underlying cause for that mistake: information overload. At an Air Force base in Nevada, the drone operator and his team struggled to work out what was happening in the village, where a convoy was forming. They had to monitor the drone?s video feeds while participating in dozens of instant-message and radio exchanges with intelligence analysts and troops on the ground. There were solid reports that the group included children, but the team did not adequately focus on them amid the swirl of data ? much like a cubicle worker who loses track of an important e-mail under the mounting pile. The team was under intense pressure to protect American forces nearby, and in the end it determined, incorrectly, that the villagers? convoy posed an imminent threat, resulting in one of the worst losses of civilian lives in the war in Afghanistan. ?Information overload ? an accurate description,? said one senior military officer, who was briefed on the inquiry and spoke on the condition of anonymity because the case might yet result in a court martial. The deaths would have been prevented, he said, ?if we had just slowed things down and thought deliberately.? Data is among the most potent weapons of the 21st century. Unprecedented amounts of raw information help the military determine what targets to hit and what to avoid. And drone-based sensors have given rise to a new class of wired warriors who must filter the information sea. But sometimes they are drowning. Research shows that the kind of intense multitasking required in such situations can make it hard to tell good information from bad. The military faces a balancing act: how to help soldiers exploit masses of data without succumbing to overload. Across the military, the data flow has surged; since the attacks of 9/11, the amount of intelligence gathered by remotely piloted drones and other surveillance technologies has risen 1,600 percent. On the ground, troops increasingly use hand-held devices to communicate, get directions and set bombing coordinates. And the screens in jets can be so packed with data that some pilots call them ?drool buckets? because, they say, they can get lost staring into them. ?There is information overload at every level of the military ? from the general to the soldier on the ground,? said Art Kramer, a neuroscientist and director of the Beckman Institute, a research lab at the University of Illinois. The military has engaged researchers like Mr. Kramer to help it understand the brain?s limits and potential. Just as the military has long pushed technology forward, it is now at the forefront in figuring out how humans can cope with technology without being overwhelmed by it. At George Mason University in Virginia, researchers measure the brain waves of study subjects as they use a simulation of the work done at the Nevada Air Force base. On a computer screen, the subjects see a video feed from one drone and the locations of others, along with instructions on where to direct them. The subjects wear a cap with electrodes attached, measuring brain waves. As the number of drones and the pace of instructions increases, the brain shows sharp spikes in a kind of electrical activity called theta ? cause for concern among the researchers. ?It?s usually an index of extreme overload,? said Raja Parasuraman, a director of the university?s human factors and applied cognition program. As the technology allows soldiers to pull in more information, it strains their brains. And military researchers say the stress of combat makes matters worse. Some research even suggests that younger people wind up having more trouble focusing because they have grown up constantly switching their attention. For the soldier who has been using computers and phones all his life, ?multitasking might actually have negative effects,? said Michael Barnes, research psychologist at the Army Research Lab at Aberdeen, Md., citing several university studies on the subject. In tests at a base in Orlando, Mr. Barnes?s group has found that when soldiers operate a tank while monitoring remote video feeds, they often fail to see targets right around them. Mr. Barnes said soldiers could be trained to use new technology, ?but we?re not going to improve the neurological capability.? On the other hand, he said, the military should not shy away from improving the flow of data in combat. ?It would be like saying we shouldn?t have automobiles because we have 40,000 people die on the roads each year,? he said. ?The pluses of technology are too great.? The military is trying novel approaches to helping soldiers focus. At an Army base on Oahu, Hawaii, researchers are training soldiers? brains with a program called ?mindfulness-based mind fitness training.? It asks soldiers to concentrate on a part of their body, the feeling of a foot on the floor or of sitting on a chair, and then move to another focus, like listening to the hum of the air-conditioner or passing cars. ?The whole question we?re asking is whether we can rewire the functioning of the attention system through mindfulness,? said one of the researchers, Elizabeth A. Stanley, an assistant professor of security studies at Georgetown University. Recently she received financing to bring the training to a Marine base, and preliminary results from a related pilot study she did with Amishi Jha, a neuroscientist at the University of Miami, found that it helped Marines to focus. Even as it worries about digital overload, the Army is acknowledging that technology may be the best way to teach this new generation of soldiers ? in particular, a technology that is already in their pockets. In Army basic training, new recruits can get instruction from iPhone apps on subjects as varied as first aid and military values. As part of the updated basic training regimen, recruits are actually forced into information overload ? for example, testing first aid skills while running an obstacle course. ?It?s the way this generation learns,? said Lt. Gen. Mark P. Hertling, who oversees initial training for every soldier. ?It?s a multitasking generation. So if they?re multitasking and combining things, that?s the way we should be training.? The intensity of warfare in the computer age is on display at a secret intelligence and surveillance installation at Langley Air Force Base in Virginia, a massive, heavily air-conditioned warehouse where hundreds of TVs hang from black rafters. Every day across the Air Force?s $5 billion global surveillance network, cubicle warriors review 1,000 hours of video, 1,000 high-altitude spy photos and hundreds of hours of ?signals intelligence? ? usually cellphone calls. At the Langley center, officially called Distributed Common Ground System-1, heavy multitasking is a daily routine for people like Josh, a 25-year-old first lieutenant (for security reasons, the Air Force would not release his full name). For 12 hours a day, he monitors an avalanche of images on 10 overhead television screens. They deliver what Josh and his colleagues have nicknamed ?Death TV? ? live video streams from drones above Afghanistan showing Taliban movements, suspected insurgent safehouses and American combat units headed into battle. As he watches, Josh uses a classified instant-messaging system showing as many as 30 different chats with commanders at the front, troops in combat and headquarters at the rear. And he is hearing the voice of a pilot at the controls of a U-2 spy plane high in the stratosphere. ?I?ll have a phone in one ear, talking to a pilot on the headset in the other ear, typing in chat at the same time and watching screens,? Josh says. ?It?s intense.? The stress lingers when the shift is over. Josh works alongside Anthony, 23, an airman first class who says his brain hurts each night, the way feet ache after a long march. ?You have so much information coming in that when you go home ? how do you take that away? Sometimes I work out,? Anthony said. ?Actually, one of my things is just being able to enjoy a nice bowl of cereal with almond milk. I feel the tension is just gone and I can go back again.? Video games don?t do the trick. ?I need something real,? he said. From rforno at infowarrior.org Mon Jan 17 08:32:36 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 17 Jan 2011 09:32:36 -0500 Subject: [Infowarrior] - MPAA struggles to choose a new leader Message-ID: <9CEE7161-6DC3-41E0-AE0C-2BC3DC9A8155@infowarrior.org> Motion Picture Association of America struggles to choose a new leader By Amanda Becker Monday, January 17, 2011; 13 http://www.washingtonpost.com/wp-dyn/content/article/2011/01/14/AR2011011405972_pf.html One of the most glitzy job openings in Washington has gone unfilled for nearly a year. The top spot at the Motion Picture Association of America has been in flux since its chief executive left last April and interim chief executive and president Bob Pisano took the helm. For more than a year, a prominent national search firm has struggled to find a suitable candidate with enough glamour and grit to satisfy the whims of the association's notoriously demanding board, generating conjecture and buzz at lunch tables across town. Industry insiders describe the job as among the top three association gigs in the city -- a $1.2 million salary with a whiff of celebrity. But the lucrative and high-profile position comes with a host of responsibilities to the six major studios the association represents, which grapple with the intellectual property issues created by new technology and at times have interests that diverge. "You don't go to work and have movie stars in your office and paparazzi following you around, it's a hard job and you work for difficult people," said the association's former leader, Dan Glickman, who left the MPAA five months before his contract was set to expire last September and landed at the Bipartisan Policy Center. Glickman joined the MPAA in 2004 after a similarly exhaustive search to replace Jack Valenti, the iconic figure who spearheaded Hollywood's efforts in Washington for 38 years. The MPAA brought on the recruiting group Spencer Stuart, a favorite of member studios Sony, Warner Bros. and others, which cycled through a list of rumored candidates that included former senator John Breaux (D-La.), who is now with the lobbying firm Patton Boggs, and former representative W.J. "Billy" Tauzin (R-La.), who ended up at PhRMA, the pharmaceutical lobby, before completing the deal with Glickman, a longtime Democratic congressman from Kansas and Cabinet secretary. This time around, the names bandied about as potential replacements are no less varied. Former Democratic governor of New Mexico Bill Richardson, retired senator Christopher J. Dodd (D-Conn.) and retired congressman Tom Davis (R-Va.) have all been mentioned as potential targets of the recruiting firm Korn/Ferry International, which is handling the search. Then there is Pisano himself. "Handling both the interim CEO and COO jobs gives me no time to think about what comes next in my career," Pisano said. "I'm happy to leave to our members the question of whether I or someone else should become the next CEO." Davis, currently with the government group at the consultancy Deloitte, declined to discuss the matter but suggested that if a career change was in the works it was not imminent. Richardson and Dodd could not be reached for comment. An MPAA representative demurred from discussing specific candidates, saying the board has given no indication when an announcement might be made. "Associations mimic the industries they represent. Hollywood is a business driven by rumor and publicity, so to certain extent, it's not unlike 'you've got Johnny Depp to play so and so' -- it's Entourage in real life," one association executive across town said of the leaks, buzz and longevity surrounding the search. Though candidates who possess a bit of star power are likely to catch the MPAA's eye, the individual who is eventually cast as Hollywood's face on Capitol Hill will need the bite to match the bark. Both Glickman and Pisano say the Internet has created a "new world" where studios must struggle to combat an explosion of illegal piracy that plagues its products. At the same time, the MPAA's most recent filings with the Internal Revenue Service show that its revenue dropped by more than $20 million from 2007 and 2008 after member studios slashed its funding. The association then decreased the amount it spent lobbying federal lawmakers from $2.7 million in 2008 to $1.9 million in 2009, according to OpenSecrets.org figures. The reductions are likely in part due to the fact that the media conglomerates that own the studios at Walt Disney, Paramount, Sony Pictures, 20th Century Fox, Universal Studios and Warner Bros. are more apt to hire their own lobbyists to handle what they perceive as unrelated or even competing concerns. "It's a much more complicated world now. They're no longer only movie companies, they became television companies. Now they operate everything from billboards, theme parks and social media sites to newspapers," Glickman said. "Notwithstanding all of that, the heart of the association is advocating for the people who produce entertainment, it's a very special place and the industry is extremely important. They need to get someone in there quickly and I hope they do." From rforno at infowarrior.org Mon Jan 17 11:36:37 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 17 Jan 2011 12:36:37 -0500 Subject: [Infowarrior] - Dancho Danchev found Message-ID: <49D81F30-1AFB-4600-8B28-BFED22E42BE6@infowarrior.org> (c/o Anonymous) \ IT security expert Dancho Danchev is placed in a psychiatric hospital by EastSmith 3 hours ago | 16 comments According to bulgarian newspaper Dnevnik (http://www.dnevnik.bg/tehnologii/2011/01/17/1026425_ekspertut_po_it_sigurnost_dancho_danchev_e_nastanen_v/) IT security expert Dancho Danchev is placed in a psychiatric hospital. Dancho Danchev, an expert on cybersecurity, is placed in a psychiatric hospital in Bulgaria. The information was confirmed by two sources of "Dnevnik", although from the hospital refused comment. Google translation @ http://translate.google.com/translate?js=n&prev=_t&hl=en&ie=UTF-8&layout=2&eotf=1&sl=bg&tl=en&u=http%3A%2F%2Fwww.dnevnik.bg%2Ftehnologii%2F2011%2F01%2F17%2F1026425_ekspertut_po_it_sigurnost_dancho_danchev_e_nastanen_v%2F From rforno at infowarrior.org Mon Jan 17 12:14:53 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 17 Jan 2011 13:14:53 -0500 Subject: [Infowarrior] - Thoreau's Cellphone Experiment Message-ID: <8811DFD0-928C-4ACF-BF04-1D89764E8189@infowarrior.org> (c/o EP) January 16, 2011 Thoreau's Cellphone Experiment By William Major http://chronicle.com/article/Thoreaus-Cellphone-Experiment/125962/ I took their smartphones, and the world continued to spin. I took their BlackBerries, and that did not lead to chaos. If I could have, I would have taken their Internet access, too, just to see the looks on their faces. I rarely offer my students extra-credit assignments, because I don't typically like to create more work for myself than necessary. Inspired, however, by Henry David Thoreau's calls for simplicity and solitude, I have, for the past few years, conducted a classroom experiment: On our final day of discussing Walden in my literature course for sophomores, I ask students to get out their BlackBerries and smartphones and lay them on their desks. I then offer the extra credit they've been begging for since day one: They'll get it if they let me keep their phones for five days. You would think I'd asked the class to remove their collective clothes. Which, in a way, I had. The hyperbolic Thoreau told us that he never received much worthy news through the mail, never found anything of interest in the papers. For the person striving to understand the right way to live, "all news, as it is called, is gossip." Nineteenth-century America had its own version of Twitter in the penny papers of the day, whose allegiance to fear and gossip-mongering was every bit as real as our own. But most of my students don't read newspapers. They rarely watch the news. Their connections, such as they are, are not with the latest dust-up in Burma or tuition hikes in England. They are not particularly engaged in Obama's fight with the Republicans. In fact, many don't know we recently had an election. And while it may seem that Thoreau's most difficult lesson for the American student is to "simplify," to reduce both needs and wants, I don't see it that way. My students say they are generally (and theoretically) in favor of conserving, spending less, and (again, theoretically) living their lives with fewer things?as long they are not asked to do too much. No, where they take a stand is when Thoreau asks them to spend time alone, away from family and friends: disconnected, separated, out of touch. Solitude, it seems, scares them. "I find it wholesome to be alone the greater part of the time," Thoreau wrote. "I never found the companion that was so companionable as solitude." That is a sentiment so disturbing to my students as to make some of them angry. As part of the experiment, I always ask my students to write about being left in the technological cold. I want to know about their expectations, reservations, and day-to-day experience of disconnection. Give me the good and the bad. Their most common response? Fear. Initially, most of them worried that they would miss something: a family emergency, a party, a job offer, a friend who "really needed" them. Many were anxious they would be stuck somewhere on the road, having had an accident. Some surmised that they wouldn't be able to call someone if they were robbed or, worse, raped. In short, most of them thought little good could come of an experiment meant to liberate them from the incessant presence of other people. The reluctance to give up their phones (many students didn't participate) derived from a sense that they would either be absent when something happened to someone they knew, or that they would be present, sans phone, when something terrible happened to themselves. "I'm not sure how people made it through the weekends without cellphones," one student wrote. It did no good for me to explain that there was a time, not long ago, when none of us had cellphones, yet we still traveled hither and yon, we missed friends at parties, and our cars broke down?a lot more frequently than they do now. And when our cars broke down, we figured things out as we went along?you know, practiced a little self-reliance. In a burst of honesty, a student wrote: "My expectation as well as fear about giving up my phone was that I would not have anyone to talk to. I had imagined myself just being all alone for the entire weekend. I was basically afraid of being alone." She experienced a "feeling of emptiness. I felt like I lost a friend." I don't know whether it occurred to her that such emptiness might be a good thing, that she would have many more such feelings during her life, with or without her phone, and that she might want to get used to them, or at least find a way to use them. Another student wrote that even though "I enjoyed the feeling of walking to my own music, I found it difficult to be without a phone for the past six days, simply because I didn't like thinking about my life so much, and my phone was always there to help me keep my mind off things." She didn't say what it was she was trying to ignore, but I noted her very Thoreauvian description of "walking to my own music" coupled with a clear distaste for her self, her need to be in the very un-Zen place called elsewhere. When I began the experiment, I explained that I, too, had close friends, and that we remained close, in part, because we didn't make a habit of talking with or seeing each other frequently. I see two of my closest friends for only a few days every two years. My students were stunned. I made clear that my friends don't need me in constant contact. At least, they don't need to know what I do every day. Neither do I require frequent updates from my friends, who are secure in the knowledge that, to use the common parlance, I would "be there for them" if necessary. Moreover, when my phone rings, I answer it sporadically and reluctantly, not out of spite toward whoever is on the other end, but because I don't feel compelled to jump when someone else is feeling whimsical. I told the students that I speak with my mother, who lives halfway across the country, once a week?sometimes once every two weeks?and that I like it that way. What if something happens to your mom? they wanted to know. What could I do from 1,000 miles away? I answered. But what if she died? What if? What if? What if? Many of my students speak with their parents several times a day. They are, I am assured, Best Friends! A few students said they couldn't possibly give up their phones, because their parents would think something had happened to them. "They might think I'm dead." I had trouble with that one. What kind of parents think their adult sons and daughters are dead if they don't hear from them for a day or two? What kind of sophomore in college lives with such odious responsibility? Perhaps the kind who live in fear. And so I proposed the extra-credit assignment knowing that it might hurt. The outcome? Several students complained that they had missed their morning classes because I had their alarms. One or two said their significant others were fuming mad because they weren't answering texts. It must, after all, mean something that he's not responding. Conversely, one male wrote that the "best part of not having a cellphone was freedom from my girlfriend." Not freedom to look for another girlfriend, he hinted, but simply out of a desire for some "alone time": "When I have my cellphone on me, she is constantly text-ing me." For some reason he feels compelled to answer. Another student put an odd gender spin on the experiment: "Being a man I assumed being without a phone for a few days wouldn't hurt me. It has only been a matter of three hours and I'm panicking like crazy." He didn't say what he was panicked over or what being a man had to do with it. However, when I returned his phone, he didn't seem panicked at all. Indeed, several students had hundreds of unanswered texts yet appeared embarrassingly healthy?even though one complained that her "fingers can't stop twitching." They had found themselves reaching for their phones in the vain hope that someone was trying to reach them, when, in fact, their connections to the world lay silent at the bottom of my desk near the hand lotion and ibuprofen. It took several hours for them to adjust to not having that little shot of adrenaline, dopamine, serotonin, or whatever chemical makes us feel alive whenever we anticipate the most important of communications: "im at the library where r u?" Of the students who thought it a useful enterprise, several mentioned noticing the campus for the first time?that there are trees, plaques, and signage, and all manner of people in their midst, many of whom are texting or talking on their phones even as they walk with their friends. One student said he found himself talking with strangers, which I thought a perfect way for him to begin to question the fearful lessons his parents drummed into his head. Even the students who mentioned feeling liberated said their behavior wouldn't change. Their novel sensation of freedom was perhaps too much to bear. But Thoreau had hope. He knew that "it is never too late to give up our prejudices." I, too, have prejudices. I, too, have a smartphone. I will endeavor to give up both. William Major is an associate professor of English at the University of Hartford's Hillyer College. From rforno at infowarrior.org Mon Jan 17 15:41:02 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 17 Jan 2011 16:41:02 -0500 Subject: [Infowarrior] - Facebook Apps Allowing Access to Numbers, Addresses Message-ID: <3E6FB644-4FCD-4F29-BF93-DC57AA4F3633@infowarrior.org> Facebook Apps Allowing Access to Numbers, Addresses ARTICLE DATE: 01.17.11 By Chloe Albanesius http://www.pcmag.com/print_article2/0,1217,a=259440,00.asp?hidPrint=true Facebook recently announced that it is making user phone numbers and addresses available to developers, a move that a security expert said "could herald a new level of danger" for Facebook members. Facebook isn't just releasing this information into the wild; it's adding it to the company's "User Graph object," or the permissions required to install an app. "Because this is sensitive information, we have created the new user_address and user_mobile_phone permissions," Facebook wrote in a blog post. "These permissions must be explicitly granted to your application by the user via our standard permissions dialogs." Facebook said the permissions only provide access to a user's address and mobile phone number, not their friend's addresses or mobile phone numbers. Before installation, Facebook apps currently display a permissions-based menu that informs users what type of information the app is accessing. Going forward, users will be informed when the app accesses their phone numbers or addresses. Sophos's Graham Cluley, however, said that even though the information will only be accessible when a user gives permission, "there are just too many attacks happening on a daily basis which trick users into doing precisely this." "Facebook is already plagued by rogue applications that post spam links to users' walls, and point users to survey scams that earn them commission - and even sometimes trick users into handing over their cellphone numbers to sign them up for a premium rate service," Cluley wrote in a blog post. Cluley suggested that scammers could set up a rogue app that collects mobile phone numbers and then uses that information to send SMS spam or sell the data to cold-calling companies. Cluley wrote that only Facebook-approved app developers should be able to request this information or that app developers ask for the data rather than automatically grabbing it. In the meantime, he wrote, users should delete their phone numbers and addresses from their profile information. Last year, there were reports that Facebook user IDs were being sent to third parties. Facebook initially proposed encryption as a possible workaround, but later opted to embed a user ID in a HTTP POST body, which means it will not be exposed in any HTTP referrer header at all; encrypted or not. Copyright (c) 2011 Ziff Davis Inc. All Rights Reserved. From rforno at infowarrior.org Mon Jan 17 16:08:24 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 17 Jan 2011 17:08:24 -0500 Subject: [Infowarrior] - New Type of Ads Trick Viewers, Help Circumvent DVRs Message-ID: <00C27040-875E-4CF1-A6C3-862B8B9B6F8C@infowarrior.org> Okay - finally a good use of the annoying channel bugs on TV. Since networks would neeeever "stamp" an advertiser's time, you can just wait until you see the channel bug on screen to know the commercial break is over. ---- rick New Type of Ads Trick Viewers, Help Circumvent DVRs Submitted by Anne Landman on January 16, 2011 - 7:01pm Main Source: NPR, January 12, 2011 Advertisers are using a new technique to trick DVR users and people who mute TV ads into watching their ads. The new ads, called "interstitial ads," "podbusters" or "DVR busters," are designed to look and feel just like the shows viewers are watching. They often feature the same actors, in character, and may use brief, insipid out-takes from the real show to lure unsuspecting viewers into watching them. Advertisers run podbusters late in the show, around the time that cliffhanger-endings are keeping viewers on the edge of their seats. Examples of DVR busters include Tina Fey starring in an ad for American Express during her show, 30 Rock, and commercials seen near the end AMC's Mad Men that feature actors from the show in an office environment and wearing 60's fashions, to make people think the show has started again. By the time people realize they are really watching an ad and not the show, the commercial is almost over. Mike Rosen, an executive with a media agency, explains that ads that mimic shows viewers really like help transfer the positive feelings people have about those shows to the products being advertised on them. http://www.prwatch.org/node/9872 From rforno at infowarrior.org Mon Jan 17 16:15:59 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 17 Jan 2011 17:15:59 -0500 Subject: [Infowarrior] - =?windows-1252?q?Apocalypse_in_Cyberspace=3F_It?= =?windows-1252?q?=92s_Overdone?= Message-ID: http://www.nytimes.com/2011/01/17/technology/17cache.html January 16, 2011 Apocalypse in Cyberspace? It?s Overdone By ERIC PFANNER PARIS ? The Web site Cyberwarzone.com lists 270 books about Internet crime and warfare. In one of the highest-profile examples, ?Cyber War: The Next Threat to National Security and What to Do About It,? Richard A. Clarke, the former U.S. counterterrorism chief, and Robert K. Knake of the Council on Foreign Relations, describe a digital ?Day After? in which large parts of the U.S. transportation, energy and communications systems have been wiped out by Internet-borne attackers, leaving the authorities struggling to maintain control and consumers scrambling for food. Prophets of Internet-borne G?tterd?mmerung have gotten even more breathless since the publication of ?Cyber War? last year. They describe China?s alleged hacking campaign against Google and the campaign by ?hacktivists? against foes of the anti-secrecy Web site WikiLeaks, as the opening acts. Is a cyberwar already under way and, if so, could it really cause destruction on the scale portrayed by Mr. Knake and Mr. Clarke? Nonsense, say two academics in a study commissioned by the Organization for Economic Cooperation and Development. The report, to be released Monday, argues that doomsayers have greatly exaggerated the power of belligerents to wreak havoc in cyberspace. It is extremely unlikely that their attacks could create problems like those caused by a global pandemic or the recent financial crisis, let alone an actual shooting war, the study concludes. ?You have this sort of competition between writers to say, ?I have a scarier story than you do,? ? said Peter Sommer, a visiting professor at the London School of Economics, who wrote the report with Ian Brown, a senior research fellow at the Oxford Internet Institute, part of Oxford University. ?If you look at the way it is covered, the computer scare story of the week, you might get the sense that such a disaster is just around the corner.? In fact, the report says, ?It is unlikely that there will ever be a true cyberwar.? Mr. Sommer and Mr. Brown are not the first to protest against adoption of a Clausewitzian framework to describe international affairs in the digital world. Howard A. Schmidt, President Barack Obama?s chief cybersecurity adviser, told Wired magazine last year that ?there is no cyberwar.? ?I think that is a terrible metaphor and I think that is a terrible concept,? he said. ?There are no winners in that environment.? In their research, Mr. Sommer and Mr. Brown modeled a variety of outcomes for a possible conflict, including digital strikes against critical operations like banks, utilities and air traffic control systems. In most cases, in the economically advanced countries represented by the O.E.C.D., they determined that such organizations could recover within days, if not hours, preventing the ?cascading? of problems that would lead to widespread destruction. Yes, they acknowledged, governments are training their spooks to use the Internet for espionage purposes. Why wouldn?t they? James Bond was not the only spy to deploy hidden cameras, audio bugs and other, more fantastical tools of the trade ? wow, ejector seats and revolving license plates! ? when they were developed. The Internet, to be sure, is a particularly souped-up Aston Martin. But some of the tools recently employed by alleged cyberwarriors have a vintage feel to them. Mr. Sommer decries the use of ?lurid, bellicose? language to describe the exploits of hackers who unleashed so-called distributed denial of service attacks against foes of WikiLeaks, after its release of thousands of secret U.S. diplomatic cables. ?There is nothing new in what the hacktivists are doing,? Mr. Sommer said. ?It really should not be exaggerated. It?s really more like the kind of thing Greenpeace does.? ?We have to get used to the fact that popular protests, as well as skirmishes between nations, are going to have a cyber dimension,? he added. ?Some people say cyberespionage is just a few clicks away from cyberwar. It?s not; it?s just another way of spying.? ------------------------------------------------------- Peter Sommer and Ian Brown, "Reducing Systemic Cybersecurity Risk," OECD, Paris, 14 January, 2011: http://www.oecd.org/dataoecd/3/42/46894657.pdf From rforno at infowarrior.org Mon Jan 17 16:17:32 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 17 Jan 2011 17:17:32 -0500 Subject: [Infowarrior] - Record Labels invent 1999 process to thwart piracy Message-ID: <8057542D-7E85-4B65-9802-BE8C6DD1E0CD@infowarrior.org> Big Record Label 'Innovation': Actually Release Songs For Sale The Same Time They Hit The Radio from the this-counts-as-a-step-forward? dept I can't quite figure out which is more amusing: the fact that record labels are just now thinking that maybe it makes sense to release songs for sale the same time they're sent to radio stations, or that it's seen as newsworthy as a strategy to "beat piracy." I mean, it's a good sign that the labels are finally realizing that a lack of availability is often a driver for unauthorized copies making the rounds, but the fact that they're only coming to this conclusion in 2011 suggests just how out of touch these labels are with the world. People were making this point over a decade ago. http://www.techdirt.com/articles/20110117/02145912695/big-record-label-innovation-actually-release-songs-sale-same-time-they-hit-radio.shtml From rforno at infowarrior.org Mon Jan 17 16:18:33 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 17 Jan 2011 17:18:33 -0500 Subject: [Infowarrior] - European Commission Planning New, More Draconian 'Anti-Piracy' Laws Message-ID: <4338637E-66CA-4E71-9DA4-5B0AE8B47A01@infowarrior.org> European Commission Planning New, More Draconian 'Anti-Piracy' Laws from the but-of-course dept This is hardly surprising, but the European Commission is currently discussing "IPRED 2," its latest attempt to craft pro-Hollywood laws concerning copyright infringement. As in the past, these are incredibly broad and conflate a variety of issues. They also seek (of course) to make everyone else copyright cops for Hollywood -- with specific focus on getting ISPs to start blocking and/or filtering users. The link above highlights some of the problems with the current outline, but the very worst part in my mind is the continued conflation of copyright infringement with physical counterfeiting. We've pointed out how common and nefarious this is. It allows certain lobbyists to change their argument as necessary. Basically, they can point to organized crime's involvement in physical goods counterfeiting, and then lump in fans listening to their favorite bands, as if they were the same thing. They're not. Treating them as if they were only serves to make people respect copyright law even less. Anyone can tell the difference between these scenarios, and pretending that they're the same makes it look like these lobbyists and politicians know that they're trying to hide behind one scenario to pitch laws that the industry wants, but clearly does not need. http://www.techdirt.com/articles/20110114/10490912670/european-commission-planning-new-more-draconian-anti-piracy-laws.shtml From rforno at infowarrior.org Mon Jan 17 16:20:00 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 17 Jan 2011 17:20:00 -0500 Subject: [Infowarrior] - Why America Needs to Demonize China Message-ID: (c/o GP) The New Rules: Why America Needs to Demonize China Thomas P.M. Barnett | Bio | 17 Jan 2011 http://www.worldpoliticsreview.com/articles/7580/the-new-rules-why-america-needs-to-demonize-china President Barack Obama came into office promising a new sort of bilateral relationship with China. It was not meant to be. Washington hasn't changed any of its long list of demands regarding China, and Beijing, true to historical form, has gone out of its way to flex its muscles as a rising power. With the recent series of revelations concerning Chinese military developments, the inside-the-Beltway hyping of the Chinese threat has reached fever pitch, matching the average American's growing fears of China's economic strength. Of course, the world's established No. 1 power always greets the challenge from a rising No. 2 with fear and trepidation. But in the case of the U.S. and China, there are other reasons why so much of Washington is eager to demonize Beijing. Here's my top 10 list: 1. Unable to curb our spendthrift ways, we demand China do it for us. America has an insatiable appetite for illegal drugs, but instead of rationally dealing with the problem of domestic demand, we push it off onto poorer nations to our south via military aid that does nothing but turn their countries into war zones. Our fight with China over its currency's value is similarly framed: Americans cannot stop spending beyond their means, so we demand China raise its currency to reduce our trade imbalance with the entire world. China has 700 million interior rural poor still awaiting economic uplift, but they're no match for our 535 legislators unable to police themselves. How can Washington sell this nonsense to the American people? Easy. When polled recently, almost half of Americans wrongly identified China as the world's greatest economic power. 2. China would love to balance trade with America, but America prefers maintaining China in its role as a convenient enemy. I spent December in Beijing speaking with Chinese policy experts, all of whom opined that China would gladly balance its trade with the United States -- if only Washington would allow it. Our government restricts sales of high technology to China, so China buys it in bulk from the European Union. Our government won't sell arms to China. As a result, Russia cleans up. Our government also blocks Chinese investment into "sensitive" industries, so Beijing invests elsewhere. Washington hamstrings our bilateral trade to such a degree because it remains convinced that China is our most-likely opponent in any future great-power war. So today's trade is perceived as aid to tomorrow's enemy. But have no fear: America sells loads of weapons to all of China's neighbors, so we earn back some of those lost sales. 3. Nixon went to China four decades ago, and the Chinese are still Chinese! America had a culture war in the Sixties that amounted to a "long, strange trip." By contrast, China's Cultural Revolution left 30 million dead. After being set on a peaceful path of rapid development under Deng Xiaoping in the early 1980s, the gun-shy Chinese people have most decidedly focused on expanding their economic liberties versus their political rights, continuing to submit to one-party rule. Will this social compact last forever? History says no, but it also says that most such explosively growing countries, especially in Asia, remain de facto single-party states for roughly half a century before a truly competitive multiparty dynamic emerges. That suggests we should expect Chinese democracy to arrive sometime in the 2030s, not tomorrow. But that's not fast enough for Washington, which puts up with authoritarian allies when it cares to -- and demonizes them when it must. 4. We told Beijing there was only "one China" in 1972, and have sold arms to Taiwan ever since. Think back to the U.S. Civil War. Imagine if Jefferson Davis and the Confederacy's dead-enders had slipped away to Cuba in 1865 to set up their alternative, nose-thumbing version of America on that island. Then fast-forward to, say, 1908, and imagine how much the United States would have tolerated some distant imperial power like England telling us what we could or could not do vis-?-vis this "loser" sitting just off our shore. Imagine where Teddy "San Juan Hill" Roosevelt would have told the Brits they could shove their "Cuban Relations Act of 1879." Well, that's basically what U.S. Defense Secretary Robert Gates was told last week in Beijing when he proposed expanded military-to-military ties with the PLA. Oddly enough, when you sell arms to somebody's "breakaway" region, they take it personally. 5. Our nuclear nuttiness knows no bounds. Nuclear weapons have a perfect record of preventing great-power war for 65 years and counting. But now Obama wants them all gone. The rest of the world wonders, Who would benefit most from this? The obvious answer is, The world's sole conventional military superpower with a lengthy record of toppling regimes that it does not like. So guess what? Nukes are here to stay. China subscribes to such realism, and therefore does not follow America's orders on Iran and North Korea. Naturally, Washington sees only suspicious obstructionism in this stance. 6. The U.S. Navy and Air Force need China to survive. Prior to Sept. 11, military "transformers" inside the Pentagon had their sights set firmly on "rising" China. Then the Long War against violent extremists came along and ruined the high-tech party, pointedly favoring the manpower-intensive Army and Marines. Now, as America tires of nation-building and counterinsurgency, the Revolution in Military Affairs aficionados are back at it, freaking out over every Chinese military development with a triumphant, "I told you so!" The Pentagon's new AirSea Battle Concept -- otherwise known as the Navy-Air Force Full Employment Act -- seeks to right the bureaucratic wrongs triggered by all those ground casualties in Iraq and Afghanistan by putting the platform-heavy "big war" crowd back on top inside the E-Ring. Five-star Army Gen. Dwight D. Eisenhower, coiner of the phrase "military-industrial complex," must be rolling in his grave. 7. The neocon fantasy of primacy is alive and well and living in Washington. Per last week's column, it's not enough for America to outspend the world on defense. We've also got to dominate China militarily -- right on its doorstep. Gates last week said that spending anything less than his $553 billion proposed 2012 defense budget would be "potentially calamitous." This week, he vowed to match any Chinese military developments. So what's an alternative? The Long War-strapped U.S. military could use some help in its many overseas responsibilities from the free-riding Chinese. And taking up such an expanded global security role would allow the Chinese to address growing vulnerabilities that result from their dependence on foreign sources of energy, minerals and food. But why should either country's military-industrial complex address real-world challenges together when they can spend so much more money mindlessly scheming against one another? 8. The Pentagon's Big War crowd still dreams of nuclear-free great-power war. Check out the Center for Strategic and Budgetary Assessment's publication, "AirSea Battle: A Point-of-Departure Operational Concept," because it's a real departure from reality. A guiding assumption of the CSBA's war-scenario analysis is that, despite the high likelihood that a Sino-U.S. conventional conflict over Taiwan "would devolve into a prolonged war" in which China would suffer humiliating defeat across the board, mutual nuclear deterrence would be preserved throughout the con?flict. And what if China took the desperate step of a nuclear launch? According to the CSBA, "the character of the conflict would change so drastically as to render discussion of major conventional warfare irrelevant." As strategic miscalculations go, that's a doozy. In direct response, China's military is allegedly reconsidering its longstanding pledge not to pre-emptively strike with nuclear weapons, although China officially denied those reports. For its part, the U.S. Air Force is already developing plans to fire conventional intercontinental ballistic missiles around the world in a program dubbed Prompt Global Strike, with weapons in space soon to follow. And you thought MAD was bad. 9. We live in an age of fear-based politics. You know the drill: Every Chinese military development, no matter how far off in the future its induction, is now routinely touted in the mainstream media as "imminently deployed." If the Chinese military test-flies its new stealth fighter on the eve of Gate's recent visit, then it's proof positive that the PLA now calls all the shots in Beijing. Faith-based politics now begets fantasy-based intelligence analysis. Who cares what's actually operational? Let's just watch an animator's rendering of what's conceivable and run with that. We should know better. After all, that's what Ronald Reagan's Star Wars snow job with the Russkies amounted to! 10. We prefer the myth of a monolithic, inscrutable China to actual reality. David Shambaugh's Washington Quarterly article (.pdf) describing the plethora of foreign-policy schools now battling each other inside Beijing is on the money: I met representatives from all of those factions last month, and they are one contradictory lot. They run the gamut from advocates of Chinese primacy, as boneheaded as their American counterparts, to some of the nicest Kantian airheads you'd ever care to meet. And trust me, this internal struggle is far from over. The sad thing is that Washington has already made its choice. We have seen the enemy, and he is us. That's what happens when you use a mirror to look at the world. Thomas P.M. Barnett is chief analyst at Wikistrat and a contributing editor for Esquire magazine. His latest book is "Great Powers: America and the World After Bush" (2009). His weekly WPR column, The New Rules, appears every Monday. Reach him and his blog at thomaspmbarnett.com. From rforno at infowarrior.org Tue Jan 18 08:21:44 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 18 Jan 2011 09:21:44 -0500 Subject: [Infowarrior] - Has '4G' lost its meaning? Message-ID: <5FEBA6B1-6032-4E61-A83A-D9C13215FBAA@infowarrior.org> January 18, 2011 4:00 AM PST Has '4G' lost its meaning? by Marguerite Reardon http://news.cnet.com/8301-30686_3-20028622-266.html?part=rss&subj=news&tag=2547-1_3-0-20 Wireless carriers in the U.S. have turned 4G into a meaningless marketing term, and standards purists are none too pleased about it. With good reason: All four of the major U.S. wireless carriers are calling their faster wireless networks 4G, but the truth is that none of these networks meets the International Telecommunications Union's specifications for 4G. Top on the list is the speed requirement. The ITU defines 4G or IMT-Advanced as technology that offers download speeds of 100Mbps on mobile devices or 1Gbps on fixed wireless connections. The technologies used by the four major carriers in the U.S. today aren't as fast as that. This problem of mislabeling network technologies wasn't an issue when the industry moved from 2G wireless networks to 3G wireless networks, because the criteria for those networks were clearly defined. And the world's wireless carriers and device makers followed the criteria in defining and marketing their services and products. As the industry moves to its next evolution, the ITU has once again defined the new requirements. The group has worked since 2002 on developing these criteria, soliciting input throughout the industry. But this time, some of the most influential wireless operators have chosen to ignore the ITU's specifications and instead are pushing forward with their own marketing labels. For standards purists, the fact that carriers are doing this and the fact that the ITU has not done anything to clear up the confusion is unfortunate, since these 4G marketing wars are confusing customers. "The term 4G is basically meaningless," said Dan Warren, senior director of technology for the GSM Association, an industry group that represents the interests of mobile operators in 219 countries. "It's not a term that anyone could use with a straight face to refer to anything technical. It's a marketing term that means different things to different people." While some might protest that a label is just a label, Warren argues that labels and standards defined by organizations such as the ITU are important for growing new services and setting consumer expectations. "The people who suffer from this are the consumers, who are confused," he said. "The operators use this term interchangeably to refer to different technologies that are incompatible. Customers are confused because they think they can compare the networks like for like. But they can't." How did we get here? In October, the ITU officially designated two technologies as 4G: LTE-Advanced and WiMaxMAN-Advanced. But at the time it did not specifically refer to precursors to these technologies, which are now being deployed by U.S. carriers Verizon Wireless and Sprint Nextel, as 4G. Sprint Nextel and its partner Clearwire, which is building the nationwide WiMax network, had been marketing their next-generation wireless as 4G for more than two years when the ITU officially defined 4G. Verizon Wireless, which bought a nationwide license of 700MHz spectrum to build its next-generation wireless network using a technology called LTE, answered Sprint's marketing call and referred to its new network as 4G. In defense of both Verizon and Sprint, these companies began marketing and referring to their wireless networks as 4G before the standards were officially defined. Still, the speed requirements were well known, and the current flavors of LTE and WiMax that Verizon and Sprint are using are not able to fulfill these requirements. Again the download requirement of a mobile service under the 4G spec is 100Mbps. Verizon claims its LTE service offers average download speeds of between 6Mbps and 12Mbps, while Sprint claims its network can get average download speeds of between 3Mbps and 6Mbps. While these services do not meet the ITU's standards in terms of speeds, they are at least precursors to the technology that the ITU has designated as 4G. Then along came T-Mobile USA, which did not want to be outdone by its competitors. The carrier, which came to the 3G party later than the other U.S. carriers, has been upgrading its network with advanced 3G technology called HSPA+ . The new enhancements nearly match LTE and WiMax in terms of speed. So last summer T-Mobile began marketing its HSPA+ service as having "4G-like speeds." By the fall, the company had dropped the 4G-like reference and simply started calling its network a 4G network. Instead of stepping in to clarify the standard and its meaning, the ITU actually muddied the waters further by sending out a press release in early December stating that it was fine for these carriers to call their wireless networks 4G. "It is recognized that [4G], while undefined, may also be applied to the forerunners of these technologies, LTE and WiMax, and to other evolved 3G technologies providing a substantial level of improvement in performance and capabilities with respect to the initial third-generation systems now deployed," the ITU said in the statement. The ITU has declined to comment further and clarify its statement. In its statement, the standards body not only gave a blessing to both Verizon's and Sprint's use of the term "4G," but it also implied that T-Mobile and AT&T, which uses the same HSPA+ technology, could also call their services 4G. AT&T, which only a few months earlier had been critical of T-Mobile's 4G marketing move, jumped on the opportunity. And it announced at the Consumer Electronics Show in Las Vegas in early January that it is rebranding its HSPA+ network as 4G. The company did not mention what it plans to call its LTE network, which will be even faster than the HSPA+ network and is expected to be launched in the second half of 2011. T-Mobile CTO Neville Ray says his company's use of the term 4G is justified because T-Mobile's HSPA+ network performs as well or better than the networks of competitors that are also using the 4G moniker. Besides, he claims that T-Mobile didn't start this marketing war anyway. "Sprint chose to call WiMax 4G first," he said. "And then they chose to charge their customers $10 more for the service, even if some customers aren't in an area where they can get WiMax coverage. So who is misleading customers?" "Our service performs better than what they are offering," he went on to say. "And HSPA+ and the path this technology is on has the same ability to reach the definitions of 4G as much as LTE and WiMax do." The GSMA's Warren, who counts AT&T, Verizon Wireless, and T-Mobile USA as members of the GSMA's industry group, was careful not to point fingers, but he said the misuse of the term 4G has indeed gone too far. "T-Mobile wasn't the first to cross the line in how they used 4G," he said. "But let's just say it went the furthest. Verizon and Sprint each bent the definition, but T-Mobile stretched the most." While Verizon and Sprint are just as guilty as AT&T and T-Mobile of misusing the 4G term, standards experts say those companies' claims are somewhat more justifiable, given that the technologies they're using are on the path toward true 4G certification from the ITU. "Never anywhere on the planet have I ever heard of any version of HSPA being referred to as 4G," said Perry LaForge, founder, executive director, and chairman of the CDMA Development Group (CDG), a trade association that promotes the use of CDMA cellular technology around the world. "In general, the industry looked at LTE and WiMax as the two 4G approaches. And the ITU was going through the process. Then this marketing stuff cropped up." 2G to 3G--a smooth transition LaForge and Warren say these same issues did not occur during the industry's transition from 2G to 3G. For one, specifications for 3G were clearly defined. And Warren said that the experience and capabilities that 3G offered were very different from what was offered on 2G networks. Warren said that 2G networks were all about voice services. And 3G networks were introduced to offer cell phone users the ability to access the Internet from their phones. Even though the experience wasn't that great, 3G was still about surfing the Web. At the same time, the industry was moving from TDM technology to CDMA in a process at the ITU associated with IMT-2000. The move toward LTE and WiMax is part of yet another major technology shift as networking technologies evolve to something known as Orthogonal frequency-division multiplexing, or OFDM. WiMax and LTE are each based on this technology, while HSPA+ is not. "I have a bit of sympathy for Sprint calling its Clearwire network 4G, because it uses WiMax, and Verizon calling its network 4G because it's using LTE," Warren said. "The change from CDMA to OFDM is similar to what happened in the transition from 2G to 3G when things went from TDM to CDMA. But when T-Mobile and AT&T started using the term to refer to their networks, the term became meaningless. It's purely marketing--and bad marketing at that, because it causes total confusion." Verizon Wireless, which is the closest to offering a service that meets the ITU's 100Mbps download requirement, is not happy about the 4G marketing war. But Verizon Communications' CTO Tony Melone said that the label of 4G doesn't matter much anyway. "I do think it cheapens the 4G designation," Melone said. "(But) these are all just labels. And labels don't really matter all that much to consumers. They are more interested in the experience they can get from the network. And on LTE they will be getting a significantly different experience." Warren and LaForge, who have each worked to develop and promote technology standards, disagree. They say that the labels are important to consumers, who should have a certain expectation for what the designation of 4G really means. "It's bad for the consumer, because now everything is being labeled 4G," LaForge said. "The 3G label was useful because everyone agreed on what it was. But that's not the case with 4G." An ITU representative said that no one was available to discuss these issues. But even if the group was able to clarify the standards, these wireless carriers have already spent so much time, money, and effort on marketing their 4G networks that it might not make a difference. But the overzealous marketing could turn some consumers off down the road. LaForge added that AT&T's marketing strategy demonstrates exactly how confusing this will be for consumers. The company is now calling its HSPA+ network 4G. But it intends to launch a new LTE network this summer. " What happens when AT&T launches its LTE network?" he asked. "Will they call it 5G? How will they differentiate the LTE network from HSPA+? " From rforno at infowarrior.org Tue Jan 18 08:23:48 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 18 Jan 2011 09:23:48 -0500 Subject: [Infowarrior] - GS pulls FB offer for US'ians, blames NYT for the decision Message-ID: <223E81F9-9D33-466A-A751-D1E430D380B6@infowarrior.org> Goldman Sachs Says Facebook Offer Barred From US Investors, Blames NYT's For Making Plans Public from the and-so-it-goes dept We've already talked a bit about the Goldman Sachs/Facebook situation -- and the fact that much of it seems to involve skirting around existing regulations to try to get people to invest in Facebook without actually going public. The latest shift in this is that Goldman Sachs has announced that the offering is no longer available to US investors, and somehow it's all the NY Times' fault. The reality is a little more nuanced. The thing is, the SEC heavily regulates the IPO process, because (officially) it doesn't want companies to abuse the process, lie to investors, trick them into buying shares in something they don't understand or that's really much riskier, etc. We've discussed in the past, and years back, VentureBeat had a great article that noted many startups appeared to violate the basics of SEC regulations even in just saying they were raising money from private investors, because just talking about it publicly can be seen as a form of a "public offering." It seems that Goldman was becoming worried that all of the public scrutiny on this deal was suddenly getting mighty close to being a "public offering" type of situation, in which the SEC could conceivably step in and claim that it needs to follow all of the standard IPO rules -- which it had not been doing. Goldman has apparently hoped to keep everything a lot more quiet, but the NY Times broke the story, and then everyone else piled on. The whole thing remains a little silly. This whole thing has been an effort to route around the regulations from the beginning, so this is just the latest piece of that, though it may serve to annoy a lot of American Goldman clients. In the end, it wouldn't surprise me to find out that many of them figure out offshore vehicles for getting in on this deal anyway. http://www.techdirt.com/articles/20110117/17375012703/goldman-sachs-says-facebook-offer-barred-us-investors-blames-nyts-making-plans-public.shtml From rforno at infowarrior.org Tue Jan 18 08:30:09 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 18 Jan 2011 09:30:09 -0500 Subject: [Infowarrior] - Comcast-NBC joint venture approval expected Tuesday Message-ID: <7FA037E2-59CB-4EFD-B37B-52FF92268A3A@infowarrior.org> Posted at 6:25 PM ET, 01/17/2011 Comcast-NBC joint venture approval expected Tuesday By Cecilia Kang http://voices.washingtonpost.com/posttech/2011/01/federal_regulators_are_expecte.html?hpid=moreheadlines Federal regulators are expected to vote Tuesday to approve Comcast and NBC Universal's joint venture, putting an end to a more than year-long review of a controversial union that will combine the nation's biggest broadband Internet and cable service operator with a television and movie powerhouse. According to sources familiar with the thinking of the Federal Communications Commission, the deal is set to be approved in a four-to-one vote, with Democratic Commissioner Michael J. Copps dissenting. The senior member of the FCC has consistently expressed concern that the joint venture would harm the public interest as too much control of content goes into the hands of a company that also controls how consumer access the Internet and television. The Justice Department approved the deal in its antitrust review, and is expected to announce conditions it attached to the merger soon after the FCC's vote, according to one source familiar with the federal reviews. Sources spoke on the condition of anonymity because the deal has not been officially approved. Together, the companies have 16.7 million broadband subscribers, about 23 million cable customers and a vast library of popular shows, including "Saturday Night Live" and "The Office." The merger has sparked a flurry of lobbying at the FCC and Justice Department, with cable firms, television networks and station owners, and Internet video distributors expressing concern that the combined firm could unfairly prioritize their own business lines and quash competition. FCC Chairman Julius Genachowski threw his support behind the deal in late December with a number of conditions. Among them, senior FCC staff said the joint venture would have to commit to assurances that it wouldn't stifle competition in the fast-evolving online video market. To that end, sources said the company may also be required to share NBC content with Internet companies, such as YouTube and Roku, if other networks, such as CBS and Walt Disney, are doing so. Justice is expected to impose conditions that prohibit "anti-retaliatory" moves by the joint venture against competitors and partners. As Justice did in the merger of Ticketmaster and Live Nation, the new company couldn't retaliate against any venue owner that chooses to use another company's ticketing services or promotional services. In the Comcast-NBC deal, analysts said that would mean the new company could not punish business partners who do business with Comcast's or NBC's competitors. And the companies are expected to voluntarily agree to abide by net neutrality rules for seven years. The promise would ensure the venture treat content equally on Comcast's networks even if the FCC's separate Internet access regulations are overturned by courts. From rforno at infowarrior.org Tue Jan 18 13:47:54 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 18 Jan 2011 14:47:54 -0500 Subject: [Infowarrior] - FCC approves Comcast and NBC joint venture Message-ID: <463BFE31-FF2B-402B-844B-879B92D34C09@infowarrior.org> FCC approves Comcast and NBC joint venture By Cecilia Kang The Federal Communications Commission on Tuesday approved Comcast's acquisition of NBC Universal, allowing for a joint venture that puts a vast library of television shows and movies under the control of the nation's biggest cable and broadband Internet service provider. Together, the companies have 16.7 million broadband subscribers, about 23 million cable customer and dozens of lucrative channels such as USA, Bravo, MSNBC and CNBC. In a 4-to-1 vote, the FCC determined the deal was in the nation's public interest and assigned a number of conditions to the venture to ensure that Comcast shares content with cable competitors and gives other networks fair access to its customers. < - > Specifically, the FCC required Comcast offer Internet versions of its content -- such as "Saturday Night Live" and "Top Chef" -- to "bona fide" online distributors of video at the same terms and conditions it gives to cable and satellite providers. Those distributors aren't clearly defined but could include businesses such as Apple TV and YouTube. Comcast would also have to offer those shows to online distributors who have partnered with NBC's competitors, so as not to retaliate against competition. The FCC did not require the venture divest its stake in Hulu, a condition proposed by lawmakers such as Senator Herb Kohl (D-Wisc.). Hulu is jointly owned by NBC, News Corp. and the Walt Disney Company. But the FCC said Comcast can't "exercise corporate control over or unreasonably withhold programming from Hulu." The agency also required Comcast to offer broadband Internet access as a stand-alone service at "reasonable prices" and with "sufficient bandwidth" so customers can choose to watch video online without having to also subscribe to cable television. < - > http://voices.washingtonpost.com/posttech/2011/01/the_federal_communications_com_8.html?hpid=topnews From rforno at infowarrior.org Tue Jan 18 21:55:45 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 18 Jan 2011 22:55:45 -0500 Subject: [Infowarrior] - Doctrine Man and the AKO Password (SWJ Blog) References: <000f01cbb786$ea4bfbe0$bee3f3a0$@Loop@strike.comcastbiz.net> Message-ID: <487237C4-40FC-49FF-9473-B5831EAF4C49@infowarrior.org> Yes, this pretty much sums up the joy that is AKO -- Army Knowledge Online. (Disclosure: AKO is the only system I have *ever* written down a password for due to its idiotic requirements and my getting sick of changing passwords every few days because I forgot which syntax I was forced to use after the last time I reset the password when I forgot it.) Audio is sometimes NSFW, but-oh-so-true: http://smallwarsjournal.com/blog/2011/01/doctrine-man-and-the-ako-passw/ From rforno at infowarrior.org Wed Jan 19 09:46:42 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 19 Jan 2011 10:46:42 -0500 Subject: [Infowarrior] - U.S. officials privately say WikiLeaks damage limited Message-ID: <60E58B1D-90DA-46F4-A697-53FB6D5864FB@infowarrior.org> U.S. officials privately say WikiLeaks damage limited By Mark Hosenball WASHINGTON | Tue Jan 18, 2011 4:33pm EST http://www.reuters.com/article/idUSTRE70H6TO20110118?pageNumber=2 WASHINGTON (Reuters) - Internal U.S. government reviews have determined that a mass leak of diplomatic cables caused only limited damage to U.S. interests abroad, despite the Obama administration's public statements to the contrary. A congressional official briefed on the reviews said the administration felt compelled to say publicly that the revelations had seriously damaged American interests in order to bolster legal efforts to shut down the WikiLeaks website and bring charges against the leakers. "I think they just want to present the toughest front they can muster," the official said. But State Department officials have privately told Congress they expect overall damage to U.S. foreign policy to be containable, said the official, one of two congressional aides familiar with the briefings who spoke to Reuters on condition of anonymity. "We were told (the impact of WikiLeaks revelations) was embarrassing but not damaging," said the official, who attended a briefing given in late 2010 by State Department officials. WikiLeaks caused a media and diplomatic uproar late last year when it began to dribble out its cache of more than 250,000 U.S. diplomatic cables. Major headlines were generated by some of the cables, which revealed that Saudi leaders had urged U.S. military action against Iran and detailed contacts between U.S. diplomats and political dissidents and opposition leaders in some countries. "From our standpoint, there has been substantial damage," State Department spokesman P.J. Crowley told Reuters. "We believe that hundreds of people have been put at potential risk because their names have been compromised in the release of these cables," he said. YEMEN TIES STRAINED National security officials familiar with the damage assessments being conducted by defense and intelligence agencies told Reuters the reviews so far have shown "pockets" of short-term damage, some of it potentially harmful. Long-term damage to U.S. intelligence and defense operations, however, is unlikely to be serious, they said. Some of the cases of more serious damage have occurred in countries where WikiLeaks' revelations have publicized closer ties with Washington than local officials publicly admit. For example, a cable released by WikiLeaks quoted Yemen's president saying he would allow U.S. personnel to engage in counter-terrorism operations on Yemeni territory even as he said publicly that the operations were being handled by domestic security forces. U.S. officials say the continued media attention on such revelations has made it difficult for Washington to repair relations with governments critical to its counter-terrorism operations, such as Pakistan and Yemen. Two U.S. intelligence officials said they were aware of specific cases where damage caused by WikiLeaks' revelations have been assessed as serious to grave, though they said they could not discuss the subject matter because it remained highly classified. Crowley said the State Department had helped move a small number of people compromised by the leaks to safer locations. Damage assessments by the State Department, Pentagon and U.S. intelligence community are still continuing, so the current view of many officials that damage has been limited could change if and when WikiLeaks and its media partners publish more documents. The assessments also cover the leaking of tens of thousands of military field reports from Iraq and Afghanistan. WIKILEAKS "RECKLESS, IRRESPONSIBLE Special investigative teams are also combing through unpublished material which U.S. investigators believe is in the hands of WikiLeaks. U.S. officials and sources close to WikiLeaks have said the website is sitting on a cache of documents related to the U.S. detention facility at Guantanamo Bay, Cuba, which includes intelligence-based risk assessments of detainees. A spokeswoman for the office of Director of National Intelligence James Clapper, which oversees all U.S. intelligence agencies, said, "The irresponsible and reckless behavior of WikiLeaks has of course caused damage and will continue to be damaging in the months and years to come." But current and former intelligence officials note that while WikiLeaks has released a handful of inconsequential CIA analytical reports, the website has made public few if any real intelligence secrets, including reports from undercover agents or ultra-sensitive technical intelligence reports, such as spy satellite pictures or communications intercepts. Shortly before WikiLeaks began its gradual release of State Department cables last year, department officials sent emails to contacts on Capitol Hill predicting dire consequences, said one of the two congressional aides briefed on the internal government reviews. However, shortly after stories about the cables first began to appear in the media, State Department officials were already privately playing down the damage, the two congressional officials said. The U.S. government is examining whether criminal charges can be brought against WikiLeaks founder Julian Assange. Assange is in London fighting extradition to Sweden for questioning in a sexual misconduct investigation. (Editing by Ross Colvin and Cynthia Osterman) From rforno at infowarrior.org Wed Jan 19 16:06:51 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 19 Jan 2011 17:06:51 -0500 Subject: [Infowarrior] - RIAA Threatening ICANN About .music; Claiming It Will Be Used To Infringe Message-ID: <3CA6A1C6-74AC-4FBA-8DF3-FAD640B4AE7A@infowarrior.org> RIAA Threatening ICANN About .music; Claiming It Will Be Used To Infringe from the when-you're-an-organization-of-lawyers... dept http://www.techdirt.com/articles/20110119/02303312714/riaa-threatening-icann-about-music-claiming-it-will-be-used-to-infringe.shtml Oh look, the RIAA is overreacting yet again -- and doing so the only way it knows how: by rolling out the legal threats. This time it's threatening ICANN over its new top level domain program, which allows all sorts of new TLDs to be registered -- including planned proposals for a .music domain. But the RIAA isn't happy about this, because: We are concerned that a music themed gTLD will be used to enable wide scale copyright and trademark infringement. I'm sort of at a loss how the specific TLD makes any difference whatsoever in enabling infringement. A website's a website, no matter what the TLD is. How will having a new TLD enable any more infringement at all? It seems like the real goal of this is (of course) to get ICANN to act as a copyright cop for any such TLD. Just as the RIAA has sought to make copyright cops out of ISPs, the government and other third parties, now it's seeking help from ICANN, who hopefully knows better. So it suggests that it would like to "work with ICANN... to ensure this type of malicious behavior does not occur." And, of course, in typical RIAA fashion, if ICANN says no, the RIAA plans to go legal: We strongly urge you to take these concerns seriously... we prefer a practical solution to these issues, and hope to avoid the need to escalate the issue further. I'd love to see the RIAA try to "escalate the issue further." What's it going to do? Is any court really going to go so far as to say that just because something that has not yet been created, and might possibly in some weird stretch of the imagination be used for infringement, that ICANN has to block it? From rforno at infowarrior.org Wed Jan 19 16:22:56 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 19 Jan 2011 17:22:56 -0500 Subject: [Infowarrior] - Reid Looks to Fast-Track Cybersecurity Legislation Message-ID: <21F9B85C-5A9C-451F-8245-20C284D76BA2@infowarrior.org> www.esecurityplanet.com/features/article.php/3921211 Reid Looks to Fast-Track Cybersecurity Legislation By Kenneth Corbin January 19, 2011 WASHINGTON -- Building on the work of several committees in the last session of Congress, Senate Majority Leader Harry Reid (D-Nev.) is hoping to bring comprehensive cybersecurity legislation to a floor vote this year, and the earlier the better, a top aide said on Tuesday. In a panel discussion with several congressional staffers working on cybersecurity issues at the annual conference hosted by the nonpartisan Advisory Committee to the Congressional Internet Caucus, Reid aide Tommy Ross said that his boss is eager to reconcile committees' competing bills and bring a final product to the floor in short order. "With regard to a lot of things, but especially something as important to our national security as this -- Senator Reid can be a pretty impatient man, and I think would liked to have had this done before we finished last year," Ross said. Several bills, including some efforts at sweeping reform, were introduced in various committees last year, though none made it to the floor for general debate and vote. In part, the inter-committee turf wars in a policy arena that spans an array of jurisdictions held up the process. Additionally, various industry stakeholders and advocacy groups expressed reservations about the substance of some of the provisions, which led to extensive periods of revision. But in the coming year, Reid is hoping to meld the frameworks crafted in the last session, and move a bill to the floor once the administration and industry groups weigh in with their input on what the final legislation should look like. "That's a lot of work, and getting it done early this year may seem ambitious," Ross said. "That's certainly my tasking from Senator Reid, and I think what his tasking will be for these committees." The silence from the White House has been a particular stumbling block. Early in his administration, President Obama commissioned a top-to-bottom review of the federal cybersecurity apparatus, and has since filled out the ranks of his senior staff that work on the issue, including the appointment of Howard Schmidt, a government veteran and former executive with Microsoft and eBay, to serve as White House cybersecurity coordinator. But the administration has yet to produce a formal policy recommendation for what a cybersecurity overhaul bill should look like, which has bogged down the process. "I'll be honest -- we would have liked to see them engage sooner," Ross said. "But we also understand ... if we have a problem dealing with six or seven committees struggling over jurisdictional lines, you know they have, you know, dozens of agencies with different equities that they're trying to bring to the table." Aside from issues concerning the process of advancing legislation, several matters of substance remain unsettled, chief among them the appropriate framework for the collaboration between the federal government and private sector. Additionally, Ross said that Reid is eager to see language that would call for the largest Internet service providers to share threat information with each other, in addition to the government, a provision that was not included in the bills introduced last session. Kenneth Corbin is an associate editor at InternetNews.com, the news service of Internet.com, the network for technology professionals. From rforno at infowarrior.org Wed Jan 19 20:38:23 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 19 Jan 2011 21:38:23 -0500 Subject: [Infowarrior] - Fwd: New Dirt on the Stuxnet Worm & Cyber War References: Message-ID: <91A35CFF-A708-4278-92D7-0FD9F6E1DA27@infowarrior.org> Begin forwarded message: > From: Monty S > > http://www.onpointradio.org/2011/01/stuxnet-worm-cyber > > Wednesday, January 19, 2011 at 11:00 AM EST > > New Dirt on the Stuxnet Worm & Cyber War > > We go inside the Stuxnet worm cyber-attack on Iran's nuclear push, > and look at the reality of cyber-war. > > For years now we've been warned of cyber-war. Digital warfare. > Electronic worms and bugs that could pit nation against nation. > > In the last week, we've essentially been told it's on. The New York > Times reports that the United States and Israel worked together to > launch the "Stuxnet" worm against Iran's nuclear program. That > super-sophisticated code secretly buried in Iran's equipment caused > nearly a thousand nuclear centrifuges to tear themselves to pieces, > setting Tehran's ambitions back by years. > > This hour On Point: the Stuxnet worm, and the path of cyber warfare. > > Guests: > > John Markoff, senior correspondent covering science and technology > for the New York Times. Co-author of the new article, "Israeli Test > on Worm Called Crucial in Iran Nuclear Delay." > > James Lewis, senior fellow and director of the technology and public > policy program at the Center for Strategic and International Studies. > > Bruce Schneier, author and expert on security and technology. Author > of "Schneier on Security." > > Eric Chien, researcher at the computer security company Symantec who > has been studying the Stuxnet worm. > > > Listen > > http://www.onpointradio.org/media-player?url=http://www.onpointradio.org/2011/01/stuxnet-worm-cyber&title=New+Dirt+on+the+Stuxnet+Worm+%26%23038%3B+Cyber+War&pubdate=2011-01-19&segment=2 > > http://wbur-wm.streamguys.com/wburod/2011/01/onpoint_0119_2.wma > From rforno at infowarrior.org Thu Jan 20 16:32:05 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 20 Jan 2011 17:32:05 -0500 Subject: [Infowarrior] - D.C. expanding public surveillance camera net Message-ID: D.C. expanding public surveillance camera net By: Freeman Klopott 01/19/11 8:05 PM Examiner Staff Writer http://washingtonexaminer.com/local/dc/2011/01/dc-expanding-its-public-surveillance-camera-network Cameras from private businesses and Metro will soon be added to the network of more than 4,500 electronic eyes that the District's homeland security agency already monitors.-Photos.com Big Brother may already be watching you in the District, and he will soon have a lot more eyes trained in your direction. The city's homeland security agency is planning to add thousands of security cameras from private businesses around the nation's capital and the Metro system to the thousands of electronic eyes that authorities are already monitoring 24/7. D.C.'s Homeland Security and Emergency Management Agency has already centralized the feeds from more than 4,500 cameras operated by the District's department of transportation and school system. Those feeds are watched around the clock by officials from those departments who sit together in homeland security's Joint All-Hazards Operation Center. By bringing feeds from thousands more cameras to the central watching room through links to cameras at businesses such as banks, corner stores and gas stations, the District is joining other big cities like London, New York and Baltimore that in recent years have turned to cameras to fight crime and terrorism. But critics worry the District's government might be going too far. SHARPER VISION The long-term plan is to feed the thousands of cameras being monitored into a single system called Video Interoperability for Public Safety. When the nearly $1 million system is activated, its capabilities will include: > Bringing up images from security cameras near where the police department's "Shot Spotter" system detects gunfire. > Detecting whether a vehicle is traveling the wrong way down a one-way street. > Identifying objects (bags, for example) that are left behind. Source: D.C. Homeland Security and Emergency Management Agency "The D.C. effort to link public and private watching capabilities might be viewed as excessive," said Jeffrey Rosen, a law professor at George Washington University who studies the balance between security and civil liberties. "It would make it hard to find a place in the city where people aren't being watched by cameras." "It sounds like Big Brother to me," Maryland resident James Dewitt said Wednesday on the streets of downtown Washington, referencing George Orwell's novel foreseeing a society oppressed by a government that tracks everyone. "We're heading to '1984.' It's 2011, but we're heading to 1984." Robyn Johnson, a spokeswoman from HSEMA, told The Washington Examiner that "the program has not expanded to include private businesses." But, "We continue to explore this in a deliberative way." A plan for 2011 submitted to the city administrator by HSEMA says the agency plans to centralize cameras at private businesses and those run by Metro and the D.C. Housing Authority. The plan doesn't have a timeline, and Johnson said there isn't one. Homeland security says the centralized camera system is designed to be used to raise "situational awareness" during "developing significant events" like the shooting at the U.S. Holocaust Memorial Museum in 2009 or the terrorist attacks of Sept. 11, 2001. When it was started in spring 2008, the program immediately met resistance from the D.C. Council. Some council members worried that the closed-circuit television system was put together too quickly and without consideration of how effective it would be in reducing crime or preventing terrorism. At-large Councilman Phil Mendelson, who oversees the homeland security agency, still has those concerns. "My concern about these cameras has always been that there's no evidence they reduce crime," Mendelson said. "If HSEMA intends to put more staff on to monitor these cameras, it would not be a good use of resources." Mendelson added that "although one doesn't have much of a right of privacy on a Metro platform ... it could change when you're inside a bank, and if HSEMA were looking at a bank statement." Johnson said the agency is developing regulations to protect civil liberties. Homeland security currently operates under the same series of regulations the D.C. Council adopted for the cameras used by the police department, which are run separately from HSEMA's cameras. Those regulations make it illegal for a camera to be focused on literature being carried by someone in a protest. They also prevent footage from being stored for more than 10 days, unless it captured a crime being committed or questionable police action. fklopott at washingtonexaminer.com From rforno at infowarrior.org Thu Jan 20 16:49:30 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 20 Jan 2011 17:49:30 -0500 Subject: [Infowarrior] - FAA to pilots: Expect 'unreliable or unavailable' GPS signals Message-ID: <2BBE3E2A-9E19-4A1E-A50C-F16166C906EC@infowarrior.org> Original URL: http://www.theregister.co.uk/2011/01/20/unavailabe_gps_warning/ FAA to pilots: Expect 'unreliable or unavailable' GPS signals Unspecified Pentagon 'tests' cited By Dan Goodin in San Francisco Posted in Government, 20th January 2011 21:15 GMT The US Federal Aviation Administration is warning pilots to expect ?unreliable or unavailable? signals from their global positioning gear as a result unspecified tests being carried out by the Department of Defense. The Notice to Airmen, or NOTAM (PDF) [1] said the GPS tests will be carried out beginning Thursday and are expected to last through February 22. They will cause spotty GPS signals in a several hundred mile radius centered off the coast of Florida. Source: FAA ?Pilots are highly recommended to report anomalies during testing to the appropriate [Air Route Traffic Control Center] to assist in the determination of the extent of GPS degradation during tests.? During the effective period, test events will be active for 45 minutes followed by 15 minutes of off time. It's not clear if GPS apps in smartphones and car navigation systems will be affected. We're guessing they will. Readers who know for sure are encouraged to leave a comment. ? Links ? https://www.faasafety.gov/files/notices/2011/Jan/GPS_Flight_Advisory_CSFTL11-01_Rel.pdf From rforno at infowarrior.org Thu Jan 20 16:50:22 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 20 Jan 2011 17:50:22 -0500 Subject: [Infowarrior] - Daniel Ellsberg And Others Discuss The Serious Implications Of Wikileaks Message-ID: <10612C2F-58F7-4F4F-9BF5-5F8CE57E4CB6@infowarrior.org> Daniel Ellsberg And Others Discuss The Serious Implications Of Wikileaks from the public-discourse-on-private-infrastructure dept http://www.techdirt.com/articles/20110120/02542812739/daniel-ellsberg-others-discuss-serious-implications-wikileaks.shtml I'm not often a huge fan of panel discussions, since it's tough to get together enough people who really have something interesting to say. However, I was definitely intrigued by the lineup at The Churchill Club's event last night, entitled: WikiLeaks: Why it Matters. Why it Doesn't? The headliner on the panel, was clearly Daniel Ellsberg, of Pentagon Papers fame, who has been quite vocal about the Wikileaks situation, and outspoken in his support for both Bradley Manning and Julian Assange. However, the panel also included astute commentators on the modern tech, media and legal worlds: Clay Shirky, Jonathan Zittrain and Peter Thiel. This was clearly an A-list panel. The fifth member of the panel was Roy Singham, the founder and chair of ThoughtWorks, a company that sponsored the event -- which made me initially assume that he wouldn't have much interesting to say. This turned out to be wrong as he added quite a lot to the conversation. In fact, all five panelists added some valuable and thought-provoking insights. What we got was a fascinating, nearly two-hour discussion, on a variety of issues related to Wikileaks, transparency, freedom of speech, politics and the law, which never got slow or boring. The event was streamed live, and the Churchill Club has promised to include the video on YouTube, so I'll post that video here as soon as it's up. While it's two hours long, I'd argue that it's well worth finding the time to watch the whole thing. I'd argue that Ellsberg's commentary is the highlight of the first hour, and Zittrain's commentary is the highlight of the second hour (in fact, I don't think he even spoke until almost an hour into the discussion). But the other three panelists all made some thought-provoking points as well. Ellsberg kicked it off with a cogent analysis of the legal situation Wikileaks faces today. He noted that the US does not have an "Official Secrets Act," which would make revealing secrets illegal. In fact, he notes that while Congress passed one during the Clinton administration, President Clinton explicitly vetoed it. Instead, all we have is the Espionage Act, which is targeted at spies for foreign countries, not Americans leaking information to Americans. He points out that it's a huge stretch to make the Espionage Act cover leaking content, as it's clearly not designed to do that. However, he thinks that the Obama administration is going to try to do so, and he had an intriguing theory as to why. He notes that the Supreme Court has never actually tested the legality of criminal sanctions for leaking info, and that most previous Supreme Courts would have almost certainly rejected such an interpretation of the law. However, he's much less sure of the current Supreme Court, and he thinks the Obama administration is betting that the Supreme Court will back this questionable interpretation of the law. He then explained his theory as to why Obama would do this, noting (fairly) that this is pure speculation on his part. He notes that despite all the talk about transparency that helped get President Obama voted into office, this administration has been much more secretive and involved in many more highly questionable acts than any previous administration. He noted that President Bush was involved in all sorts of questionable activities as well... but said that when push came to shove, President Bush was proud of his abuse of power, and happy to show it off when such stories leaked out. Obama, he feels, is actually quite embarrassed by his own abuse of power, and his response to such embarrassment is to try to keep stuff as secret as possible. It's as if he's declared war on whistleblowers who call attention to the things Obama is embarrassed about. Ellsberg notes that Obama has brought more indictments for leaking (five) than all other presidents (three) before. Thus, he's hoping that he can use the Espionage Act as a de facto Official Secrets Act, with which he can intimidate the press, and effectively force them to give up any leak sources to prevent future leaks. Abuse of power equals the quest for more secrecy. Clay Shirky then spoke about the troubling nature of how we rely on the internet for public discourse, but that it's really privately owned, and how that puts tremendous pressure on guaranteeing that such speech will be in any way protected. He notes that, if you are looking to leak material, you should always leak it to an operation in a different country than the info is about, otherwise it makes it easy for the powers that be to pressure the private chokepoints to block the content. Peter Thiel then made an interesting point about the incredibly difficult position in which the heads of corporations are put in these situations. He notes that it's quite easy to say that you'd tell the government to take a hike if it called and said "stop hosting Wikileaks," but it's quite different to really be in that position. He claimed that the real issue is that the government simply has too much power, and that just by saying something, it can put tremendous pressure (much more than people realize) on companies to comply. He points out that the government has tremendous leverage, and mentions the stat that the average person "commits three felonies a day," and suggests that if the government wants, it can and will dig up such felonies to use against people. Thiel twice used the same joke that companies are to government like governments are to terrorists, claiming "we will never cave to terrorists/government... except in every single specific case." Shirky pushed back on this point, noting that with a privately controlled internet, companies always have outs in their terms of service, that would let them dump any customer they don't like, and that was his main concern. However, Thiel got the better of Shirky in response by asking the audience how many people actually think Amazon dumped Wikileaks due to terms of service violations... or due to government pressure, and everyone agreed it was really government pressure. The terms of service issue is just an excuse to cover up the government pressure. The discussion turned a bit to the players here, where Ellsberg noted that he has tremendous affinity for Bradley Manning, who is accused of leaking the cables to Wikileaks. Thankfully, the moderator pointed out that 2.5 million people had access to these documents -- a point that is often overlooked -- which suggests that others certainly could have leaked the info as well. Ellsberg also noted that he liked Julian Assange, though he believed Assange had made some mistakes -- but his real identification was with what Manning was going through, with politicians calling him a traitor and calling for his execution. History has mostly vindicated Ellsberg, but he notes that during the Pentagon Papers mess, it was not at all clear that would be the end result. Shirky tosses in a joke about how Assange is perfect for the press, in that he's "a monocle and a persian cat away from being a Bond villian," and notes how the NY Times put a massive attack piece on Assange on the front page at the same time as the first stories about the cable leaks -- and notes that no one did that with "Curveball," the source for Judith Miller's stories on WMDs in Iraq. Ellsberg also notes that almost everything that Nixon got impeached for, through Presidential fiat, has now been declared legal -- something he finds very disturbing. He specifically calls out warrantless wiretapping (and later notes that Obama voted to give telcos retroactive immunity). Later on (during the Q&A), Ellsberg made another salient point about Manning: According to international law, US officials are required to further investigate any claims of torture or any complicity in torture -- and Manning had tried to do that. As part of his job, he had discovered either that the US had tortured individuals, or handed them off to others to be tortured, and that was a violation of international law, which required him to investigate it. However, his superiors told him not to. Ellsberg's claim is that Manning was actually the only one who obeyed the law in this situation, and in exposing this issue, he was actually doing what the law required. There was also a (slightly) heated debate between Zittrain and Thiel on the question of regulation. Thiel believed that less regulation would allow companies to act more independently of government, and Zittrain shot back that then you get situations like the BP oil rig. Thiel pointed out that the situations were entirely different. Zittrain summed it up by stating: "Who should I fear more: corporations or governments, because I just want to get my fears in order." That's actually a pretty good summary of much of the debate -- with the point being that both are issues, and focusing solely on one at the exclusion of the other would be a mistake. Singham did a nice job talking about things like the massive abuse of gag orders on National Security Letters, and highlighted a group of librarians who stood up to the government, and noted Twitter's recent similar fight (though, he left out Nicholas Merrill who also stood up against a bogus gag order). However, Singham's most salient point was how Amazon's decision to shut down Wikileaks had much further reaching consequences than most people realized: "What Amazon has done has totally set back the cloud computing movement." As he pointed out, this move is making many individuals and companies think twice about using cloud computing -- especially if it involves servers based in the US or run by US companies. People haven't fully considered the ramifications of this. Of course, I'd argue that Singham and the other panelists totally skipped over the other element of backlash here: the fact that much of this is spurring people into action to create distributed solutions that are more censorproof. I don't necessarily think this is a bad thing. If the response to this is to hold back a "cloud" system that is all about centralization, and instead promote a distributed cloud solution that has many fewer political and legal points of failure... that seems like it could be a good thing. Along those lines, Tim Bray pointed out that it was a bit disappointing that the panel was so US-focused, ignoring the fact that one of the key reasons why Wikileaks is still going strong is the fact that it's not in the US and can go elsewhere in the world. This is a really good point that was unfortunately not given any time at all in the discussion. One other key thing that many people noted was lacking: no one on the panel was there to argue that Wikileaks was an unquestionably bad thing. Zittrain came the closest (but not that close) in suggesting that everyone had different roles to play, and that people like Senator Lieberman were simply using every power available him to make the case that Wikileaks was bad, suggesting this was his role to play, as it was others' roles to push back on that. I'm a bit torn on whether or not the panel would have been better off with an anti-Wikileaks panelist. While it might have added more fireworks to the panel, I'd argue that the panel was plenty interesting as is, with lots of insightful points made and discussed. If there was someone on the panel who was anti-Wikileaks, most of the debate would have likely focused on the basic "Wikileaks good/Wikileaks bad" argument where neither side would have been convincing anyone who believed otherwise, and it would have diminished or drowned out completely the other more nuanced points that were made during the discussion. All in all, I found the discussion to be fascinating to anyone interested in this subject. I wasn't quite sure what to expect going in, and I found that each of the panelists gave me something to think about -- often presenting things in a framework I hadn't really thought about. I didn't fully agree with any of the panelists on specific points, but all in all felt I learned a lot listening to the discussion, something that I rarely find to be true on panels. These notes only scratch the surface of what was said, so if you want to catch the whole thing, check out the video once it's available. http://www.techdirt.com/articles/20110120/02542812739/daniel-ellsberg-others-discuss-serious-implications-wikileaks.shtml From rforno at infowarrior.org Thu Jan 20 17:10:14 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 20 Jan 2011 18:10:14 -0500 Subject: [Infowarrior] - OT: Our culture is toxic Message-ID: <3B95AC73-5283-45C4-B7AD-FE8D5A06C9CB@infowarrior.org> While I don't agree with everything presented, or the rationales therein, this does make for some interesting food-for-thought. -- rick Our culture is toxic by erik on January 20th, 2011 http://snowedin.net/blog/2011/01/20/our-culture-is-toxic/ Welcome to the sewer. Here?s your haz-mat suit. Want to send a nice, artful note to a friend to commemorate an important event? Well you can?t make you?re own. You don?t have time or you?re bad at art. Just buy a nice card from Hallmark and add your note. That?ll be $2.95 plus tax. But you have to drive to Target to get one. That?s $1 for gas and car maintenance. Oh and while you?re don?t you want to buy some other things? ? Our culture takes away from us our divine ability to create art. And sells crappy commercial art back to us. Our culture is toxic. You?ve been sitting/standing/running around all day? don?t you want to move to some music? Don?t you want to feel rhythm and melody move through your body? You can?t make music. You suck? when was the last time you practiced? Don?t practice. Have you heard The Black Keys? Isn?t their sound incredible? You can?t do that. Anyway, their album is only $9.99 on iTunes. Wait, you?re dancing alone in your house? What a loser. You should be hanging out with people. It?s friday night. Invite people over? OK, you better clean the house. It should be spotless. You need a Swiffer. Go to target and get one, it?s only $19.99. And you need appetizers. What?s that, no one ever taught you to cook? That?s OK. Go to Trader Joe?s. They have amazing spanikopita triangles you can just put on a pan and bake them. $4.99. And some hummous and pitas. You don?t even know what?s in hummous do you? That?s good. $4.99 for 8oz. Boy, pitas are a mystery aren?t they? I wonder how they make them*. $3.99 for 10. I should get a bottle of wine too. $2.99 for Two Buck Chuck? classy. More expensive must be better. $6.99 for this one, and it comes from Australia. Sounds exotic. $2 for gas to Trader Joe?s and Target. And your guests will each bring $10 worth of alcohol or snacks. Good work, what a classy party. Now you?re not a loser who is totally alone. Our culture is toxic. Or maybe you want to avoid that. Go out somewhere. Much easier than throwing a party. And just as cool. Maybe cooler. Too bad every square inch of property for 10 miles is owned by someone, and it?s illegal to tresspass. There?s a park down the street, but don?t go there. Parks are dangerous at night. Drug addicts, you know. Anyway, there?s a bar two miles away. Why not drive there? You don?t want to drive though? drunk driving and all. It?s too bad you live in an enormous residentially zoned area where it?s illegal to operate a bar. Guess you?ll have to get a cab. $10 plus tip. Great, you?re at the bar. You now have permission to move your body to music. As long as you pay the $5 cover. That?s not much money, is it? After all that bottle of wine you bought would?ve been $5 more, but the grapes were harvested but undocumented workers who don?t have any way to get health care. That?s $5 burning a hole in your pocket! Give it to the bouncer. Great. Now you?re in the bar, time to buy a drink. Don?t get a beer, it?ll make you fat. Vodka is sexy. Absolut. Reminds you of sexy skinny women in tight dresses, right? That?s the whole point of this bar thing, isn?t it? $4 for well drinks. Tastes like shit? maybe I?ll get a specialty drink. Ginger spiced moroccan pear vodka with algerian tonic. Mmm, tasty! $8 is a lot? but boy, I feel fancy! We?re really living it up, huh? Boy this drinking makes me want to drink. Sure I?ll leave my tab open. $20. Sure I?ll buy you a drink! $30. Tip. $40. I wonder how they make alcohol. What a mystery. Thank god for bars. Want to get home? That?s another $10. Our culture is toxic. You?re moving to a new city? Great, you need an apartment. Too bad all of the properties cost hundreds of thousands of dollars, huh? Oh, you found an apartment that?s $300/month? Ew, gross. That?s a bad neighborhood. Filthy. And listen to that music the neighbors are playing. You know that?ll keep you up on the weekend. Here?s an apartment. It?s $1200/month. You and your boyfriend can afford that, can?t you? Good. Sign a 1 year lease. Oh he cheated on you? OMG DUMP HIM! Good, now 50% of your paycheck is going to rent. Better not lose that job. What?s that you?re thinking about starting your own business? Sorry, bills to pay. Anyway, you need furniture for your new house. Thrift stores are gross. Don?t bother with craigslist, how are you going to get those things home? Oh, you want to borrow a truck? Too bad all of the business around are huge chains. You don?t know any of the local businesses owners, so no one can lend you a big truck. How about Uhaul. $29.99 per day in town. Plus it guzzles gas, so that?ll be another $20. But that?s all crazy, isn?t it? Why not just go to IKEA? Everything is flat-packed in China by people who earn $0.50 a day! Look this couch is $150! And it?s new! No weird smells. You don?t want someone else?s couch with weird smells. You want a new couch. It smells like advanced chemicals. The chemicals they have these days! So adanced! Good, you?re buying it. Now you need end tables right? And a coffee table. And a dining table. And a breakfast table. And a desk. Otherwise your house will feel empty. And so cheap! $49.99 each! And look at these paper lanterns! Only $9.99! You might as well buy 4! And look at this cute shower curtain! I wonder where plastic comes from? Whatever, it?s so cute! Our culture is toxic. Oh, are you bored? It?s Thursday. You?ve been working all day, haven?t you. You deserve something nice. There?s nothing happening anywhere near you, is there? That whole residential zoning thing. No free plays. No free music. You?re dog tired from having worked under the thumb of your boss for 8 hours, and then commuted 45 minutes each way. Traffic is frustrating isn?t it? You spend 45 minutes with hundreds of other people literally feet away from you. But don?t talk to them. You?re in a glass bubble, there?s no talking to the other commuters. You have to keep your eyes on the road anyway. All of you, focus on the road for 45 minutes. You can talk to people later, when you?re paying $5 an hour for the privilege of talking to your friends in a bar. OK, good. You?re all sitting there in the car? bored, but tied up. Aren?t you bored? How about some radio? XM is only $9.99 a month? That?s nothing! You just saved $200 by having your furniture made in China where they can leech those chemicals into the environment indiscriminately. That?ll pay for almost two years of XM! Go for it. Or just listen to FM, it doesn?t matter. What?s that you?re listening to talk radio? How about a new mattress? Your back is hurting you from driving, right? Let?s get you a new mattress. You deserve it. Aren?t you making more money now that you got promoted? Let?s sell you a new mattress. Our culture is toxic. OK, you?re home. Why not watch a movie? Netflix is $9.99 a month, and none of your friends, no one in your neighborhood can make anything nearly as entertaining as Netflix. This is amazing art! Films of the decade! So entertaining?. so easy? don?t stage a play. Don?t write a song. Just pay $9.99. Anyway making art is work. You?re too tired for that. And you don?t really want to go OUT to see something, do you? Too tired for that. Stick to your day job. And Netflix. What?s that, you want to make some cupcakes? OK, great. You love baking. It?s good to have a hobby. Here?s some books you should buy. And look at this blog? look at her cupcakes! Lavender infused Madagascar vanilla bean! Look how beautiful! You should just by this $100 worth of exotic ingredients and tools so you can make cupcakes like that. Yours should be perfect. Perfect. You can make this perfect. What, you want to start a business selling cupcakes? Hah. Try to do that while paying your bills. And anyway, you only make cupcakes every couple weeks. You?re not that good. You?re not good like these people with blogs? look how good they are? This is just a hobby. Anyway, you can?t sell them to your neighborhood. Your kitchen isn?t certified by the city. That would be illegal. You could pay hundreds of dollars to get your kitchen regularly inspected? but no one wants to buy food outside of the grocery store. They have to buy their cupcakes at the grocery store. And the grocery store is a huge chain. They don?t care about you. They would never sell your cupcakes. Even if the manager wanted to they couldn?t. That?s just how things are. Our culture is toxic. Everything we do, everything we love, everything we think of as the normal way to live, eat, work, relax, and celebrate, is designed to do two things: take away our ability to take care of ourselves, and then sell it back to us. Every holiday tradition. Every leisure activity. Every piece of music. Every magazine. Every article of clothing. It?s taking away our livelihood. Or it?s selling it back. We?re swimming in toxic waste, nickel-and-dimed all day for the privilege of living in a tiny, pathetic bubble of modest protection. * Flour, water and yeast ** Take something with sugar or starch in it, add yeast and let it sit around. From rforno at infowarrior.org Thu Jan 20 17:12:55 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 20 Jan 2011 18:12:55 -0500 Subject: [Infowarrior] - How Apple Is Screwing Your iPhone Message-ID: <791F4C80-83C2-4F26-B345-E855A83AA1C4@infowarrior.org> How Apple Is Screwing Your iPhone ? By Brian X. Chen ? January 20, 2011 | ? 3:03 pm | ? Categories: Phones http://www.wired.com/gadgetlab/2011/01/apple-is-screwing-your-iphone/ Apple doesn?t want to let you inside your iPhone, even if all you want to do is fix it. That?s what repair company iFixit claims, at least. The company recently discovered that Apple has quietly switched the screws in the latest shipments of the iPhone 4 from a basic Phillips head to a tamper-resistant screw that you can?t remove with any screwdriver you?d buy at a hardware store. The screw in question is called a ?Pentalobe? (see right), a five-point head with a round shape resembling a daisy. ?They chose this ?Pentalobe? fastener specifically because it was new, guaranteeing repair tools would be both rare and expensive,? said Kyle Wiens, iFixit?s CEO. ?The iPhone 4 originally shipped with Phillips screws, but Apple has transitioned completely to this new security screw. Shame on them.? It?s not unusual for manufacturers to use obscure screws and strict software security on their products to prevent people from tampering with their devices. Sometimes tamper-resistance is designed for protecting company profits. In the case of software, Sony, for example, baked extra-strict security into the PlayStation 3?s operating system, which hackers recently infiltrated to install pirated software on the console. In a lawsuit, Sony asked a court to remove all traces of the PS3 hack from the internet, claiming it violated copyright law and would eat into PS3 game sales. And when it comes to odd screws keeping you out of hardware, it?s most likely to get you to buy new stuff sooner. On Apple products, obscure screws began showing up on the mid-2009 MacBook Pro to prevent you from removing and replacing the battery, according to iFixit, and it?s been a recurring trend ever since. In this context, Apple would rather you buy a brand-new MacBook Pro when its battery dies than simply purchase a new battery, Wiens suggests. Wiens added that if you own an iPhone 4 that came with Phillips screws and you take it to an Apple store for repair, Apple employees will replace the screws with the Pentalobular screws to prevent you from getting inside. ?This move is a part of Apple?s strategic plan to increase the rate of obsolescence of their hardware,? Wiens said. If your iPhone is tainted with those funky screws, you?re in luck: iFixit is selling the Pentalobular screwdriver for $10. Apple did not immediately respond to a request for comment. From rforno at infowarrior.org Thu Jan 20 21:50:41 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 20 Jan 2011 22:50:41 -0500 Subject: [Infowarrior] - Path Is Sought for States to Escape Debt Burdens Message-ID: January 20, 2011 Path Is Sought for States to Escape Debt Burdens By MARY WILLIAMS WALSH http://www.nytimes.com/2011/01/21/business/economy/21bankruptcy.html Policy makers are working behind the scenes to come up with a way to let states declare bankruptcy and get out from under crushing debts, including the pensions they have promised to retired public workers. Unlike cities, the states are barred from seeking protection in federal bankruptcy court. Any effort to change that status would have to clear high constitutional hurdles because the states are considered sovereign. But proponents say some states are so burdened that the only feasible way out may be bankruptcy, giving Illinois, for example, the opportunity to do what General Motors did with the federal government?s aid. Beyond their short-term budget gaps, some states have deep structural problems, like insolvent pension funds, that are diverting money from essential public services like education and health care. Some members of Congress fear that it is just a matter of time before a state seeks a bailout, say bankruptcy lawyers who have been consulted by Congressional aides. Bankruptcy could permit a state to alter its contractual promises to retirees, which are often protected by state constitutions, and it could provide an alternative to a no-strings bailout. Along with retirees, however, investors in a state?s bonds could suffer, possibly ending up at the back of the line as unsecured creditors. ?All of a sudden, there?s a whole new risk factor,? said Paul S. Maco, a partner at the firm Vinson & Elkins who was head of the Securities and Exchange Commission?s Office of Municipal Securities during the Clinton administration. For now, the fear of destabilizing the municipal bond market with the words ?state bankruptcy? has proponents in Congress going about their work on tiptoe. No draft bill is in circulation yet, and no member of Congress has come forward as a sponsor, although Senator John Cornyn, a Texas Republican, asked the Federal Reserve chairman, Ben S. Bernanke, about the possiblity in a hearing this month. House Republicans, and Senators from both parties, have taken an interest in the issue, with nudging from bankruptcy lawyers and a former House speaker, Newt Gingrich, who could be a Republican presidential candidate. It would be difficult to get a bill through Congress, not only because of the constitutional questions and the complexities of bankruptcy law, but also because of fears that even talk of such a law could make the states? problems worse. Lawmakers might decide to stop short of a full-blown bankruptcy proposal and establish instead some sort of oversight panel for distressed states, akin to the Municipal Assistance Corporation, which helped New York City during its fiscal crisis of 1975. Still, discussions about something as far-reaching as bankruptcy could give governors and others more leverage in bargaining with unionized public workers. ?They are readying a massive assault on us,? said Charles M. Loveless, legislative director of the American Federation of State, County and Municipal Employees. ?We?re taking this very seriously.? Mr. Loveless said he was meeting with potential allies on Capitol Hill, making the point that certain states might indeed have financial problems, but public employees and their benefits were not the cause. The Center on Budget and Policy Priorities released a report on Thursday warning against a tendency to confuse the states? immediate budget gaps with their long-term structural deficits. ?States have adequate tools and means to meet their obligations,? the report stated. No state is known to want to declare bankruptcy, and some question the wisdom of offering them the ability to do so now, given the jitters in the normally staid municipal bond market. Slightly more than $25 billion has flowed out of mutual funds that invest in muni bonds in the last two months, according to the Investment Company Institute. Many analysts say they consider a bond default by any state extremely unlikely, but they also say that when politicians take an interest in the bond market, surprises are apt to follow. Mr. Maco said the mere introduction of a state bankruptcy bill could lead to ?some kind of market penalty,? even if it never passed. That ?penalty? might be higher borrowing costs for a state and downward pressure on the value of its bonds. Individual bondholders would not realize any losses unless they sold. But institutional investors in municipal bonds, like insurance companies, are required to keep certain levels of capital. And they might retreat from additional investments. A deeply troubled state could eventually be priced out of the capital markets. ?The precipitating event at G.M. was they were out of cash and had no ability to raise the capital they needed,? said Harry J. Wilson, the lone Republican on President Obama?s special auto task force, which led G.M. and Chrysler through an unusual restructuring in bankruptcy, financed by the federal government. Mr. Wilson, who ran an unsuccessful campaign for New York State comptroller last year, has said he believes that New York and some other states need some type of a financial restructuring. He noted that G.M. was salvaged only through an administration-led effort that Congress initially resisted, with legislators voting against financial assistance to G.M. in late 2008. ?Now Congress is much more conservative,? he said. ?A state shows up and wants cash, Congress says no, and it will probably be at the last minute and it?s a real problem. That?s what I?m concerned about.? Discussion of a new bankruptcy option for the states appears to have taken off in November, after Mr. Gingrich gave a speech about the country?s big challenges, including government debt and an uncompetitive labor market. ?We just have to be honest and clear about this, and I also hope the House Republicans are going to move a bill in the first month or so of their tenure to create a venue for state bankruptcy,? he said. A few weeks later, David A. Skeel, a law professor at the University of Pennsylvania, published an article, ?Give States a Way to Go Bankrupt,? in The Weekly Standard. It said thorny constitutional questions were ?easily addressed? by making sure states could not be forced into bankruptcy or that federal judges could usurp states? lawmaking powers. ?I have never had anything I?ve written get as much attention as that piece,? said Mr. Skeel, who said he had since been contacted by Republicans and Democrats whom he declined to name. Mr. Skeel said it was possible to envision how bankruptcy for states might work by looking at the existing law for local governments. Called Chapter 9, it gives distressed municipalities a period of debt-collection relief, which they can use to restructure their obligations with the help of a bankruptcy judge. Unfunded pensions become unsecured debts in municipal bankruptcy and may be reduced. And the law makes it easier for a bankrupt city to tear up its labor contracts than for a bankrupt company, said James E. Spiotto, head of the bankruptcy practice at Chapman & Cutler in Chicago. The biggest surprise may await the holders of a state?s general obligation bonds. Though widely considered the strongest credit of any government, they can be treated as unsecured credits, subject to reduction, under Chapter 9. Mr. Spiotto said he thought bankruptcy court was not a good avenue for troubled states, and he has designed an alternative called the Public Pension Funding Authority. It would have mandatory jurisdiction over states that failed to provide sufficient funding to their workers? pensions or that were diverting money from essential public services. ?I?ve talked to some people from Congress, and I?m going to talk to some more,? he said. ?This effort to talk about Chapter 9, I?m worried about it. I don?t want the states to have to pay higher borrowing costs because of a panic that they might go bankrupt. I don?t think it?s the right thing at all. But it?s the beginning of a dialog.? From rforno at infowarrior.org Fri Jan 21 14:26:20 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 21 Jan 2011 15:26:20 -0500 Subject: [Infowarrior] - Classified Memo Toughens Cyber-Threat Portrayals In DOD Exercises Message-ID: (h/t Anonymous) Inside the Pentagon - 01/20/2011 https://defensenewsstand.com/component/option,com_ppv/Itemid,287/id,2351617/ Classified Memo Toughens Cyber-Threat Portrayals In DOD Exercises The military's top officer has issued a classified memo directing the Defense Department to use tougher, more realistic portrayals of cyber threats in its exercises. A reference to the September 28, 2010, memo, stamped "secret" and signed by Chairman of the Joint Chiefs of Staff Adm. Michael Mullen, is buried in the latest annual report from Michael Gilmore, the Pentagon's operational testing chief. Cyber threats portrayed during military exercises have been "consistently below that expected from a nation-state," but "red teams" playing the enemy role have generally beaten U.S. defenses, according to the report released last week by the director of operational test and evaluation (DOT&E). The report announces that "the level of cyber-threat portrayal in future exercises is expected to increase significantly" in response to Mullen's classified memo. A spokesman for Mullen declined to release the memo, but told Inside the Pentagon that the excerpts included in the report "seem to summarize an important point -- that our combatant commands must integrate aggressive cyber threats into their training events in order for us to maintain our competitive advantage in the field." Mullen's directive makes sense because cyber threats are becoming increasingly sophisticated, said Stewart Baker, who served as the Department of Homeland Security's first assistant secretary for policy. "In general, it's fair to say that you have to change your exercises on a regular basis because the threat gets more consistent on a regular basis," Baker told ITP. "If you're still doing the same thing you were doing three years ago, you're out of date." Baker acknowledged a "competing consideration" when looking to bolster the level of cyber-threat portrayal in exercises. "You don't want to run an exercise between people doing a good job and people doing a bad job," he said. "If it's so one-sided the attackers win all the time . . . then the exercise is not actually teaching people anything." However, "we're going to have to dramatically up our game given the sophistication of the attacks," he added. Gilmore's report states that "assessing organizations" within DOD performed information assurance and interoperability assessments during 21 combatant command and services exercises, eight of which involved units deployed or preparing to deploy to Iraq or Afghanistan. The information assurance posture observed during FY-10 exercise assessments is insufficient to prevent an advanced adversary from "adversely affecting the missions that were being exercised," the report states. "Improvements in certain areas of network defense were observed," but red teams "generally overcame defense during exercises by increasing their level of effort," the report adds. All red teams "reported increasing difficulty in penetrating network defense," but with sufficient time, they "typically managed to penetrate networks and systems," the report states. Although in some cases red teams were "successfully blocked from employing certain attacks due to specific preparations or precautions on the part of network defenders," the overall assessment is that information assurance "remains a significant operational concern" across the Defense Department, according to the report. DOD's operational testers also conducted interoperability assessments on cyber exercises and found that issues encountered "typically hindered, rather than prevented, mission accomplishment" due to "operators who developed and executed effective workarounds." But the workarounds "often resulted in degraded efficiency of completing tasks," the report adds. -- Amanda Palleschi From rforno at infowarrior.org Fri Jan 21 15:20:58 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 21 Jan 2011 16:20:58 -0500 Subject: [Infowarrior] - Schneier: The Legality of the Certificate Authority Trust Model Message-ID: The Legality of the Certificate Authority Trust Model Interesting research: We looked at the standard legal documents issued by the certificate authorities or "CAs," including exemplar Subscriber Agreements (agreements between CAs and website operators); "Certification Practice Statements" (statements by CAs outlining their business practices); and Relying Party Agreements (purported agreements between CAs and "relying parties," such as end-users). What we found was surprising: ? "Relying Party Agreements" purport to bind end-users to their terms despite the apparent absence of any mechanism to either affirmatively alert the end-user as to the existence of the supposed Agreements or afford the end-user an opportunity to register his or her acceptance or rejection of the Agreements' terms ? Certification Practice Statements that suffer from the same problem (i.e. no affirmative notice to the end-user and no meaningful opportunity for acceptance or rejection of terms) There were other issues as well. For example, the Relying Party Agreements and Certification Practice Statements set forth various obligations on the part of end-users (i.e. "relying parties") such as: the requirement that end-users make an independent determination of whether it is reasonable to trust a website offering a secure connection (isn't that the whole point of having a CA, so that the end-user doesn't have to do that?); the requirement that the end-user be familiar with the crypto software and processes used to carry out the authentication process; and the end-user's duty to indemnify and hold harmless the CA in the event of legal claims by third parties. http://www.schneier.com/blog/archives/2011/01/the_legality_of.html From rforno at infowarrior.org Sat Jan 22 10:00:19 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 22 Jan 2011 11:00:19 -0500 Subject: [Infowarrior] - Senate SAA: "Avoid Wikileaks" Message-ID: <1B1BAB27-6922-4229-ACF2-12703FD3F95E@infowarrior.org> Yeah, okay ... what-evarrr. -- rick Senate Offices Told to Avoid WikiLeaks January 21st, 2011 by Steven Aftergood http://www.fas.org/blog/secrecy/2011/01/senate_wikileaks.html ?Do not visit the WikiLeaks site,? the Office of Senate Security told Senate employees and contractors in a memorandum (pdf) that was circulated to Senate offices this week. Senate employees are free to access news reports that may discuss classified material, but they were instructed not to download the ?underlying documents that themselves are marked classified (including classified documents publicly available on the WikiLeaks and other websites).? The ?Updated WikiLeaks Guidance? was issued by the Office of Senate Security. The one-page memo is undated, but a Senate staffer said it was received in Senate offices this week. In a paradoxical way, the WikiLeaks project is dependent upon the very secrecy system that it works to disrupt. Without secrecy, after all, there cannot be leaks. So why doesn?t the U.S. government try to ?disarm? WikiLeaks by pro-actively disclosing the cables that WikiLeaks has already obtained? Instead of passively enduring months or years of selective disclosures, the government could seize the initiative back from WikiLeaks. Voluntary disclosure would permit it to present the most sensitive information with whatever explanatory or contextual material it wished to add. For the moment, at least, that is not a realistic option, replied William J. Bosanko of the Information Security Oversight Office. Though the leaked records held by WikiLeaks and its media partners are already compromised, he acknowledged, officially releasing them right now would interfere with other objectives that must take precedence. These include briefing foreign governments whose information has been exposed, correcting security vulnerabilities, and penalizing the unauthorized disclosures. Mr. Bosanko spoke at a January 20 panel discussion sponsored by the Collaboration on Government Secrecy at American University Washington College of Law. From rforno at infowarrior.org Sat Jan 22 16:37:29 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 22 Jan 2011 17:37:29 -0500 Subject: [Infowarrior] - Apple Taps Former Navy Information Warrior for Global Director of Security Message-ID: <27AE4340-68DD-41D4-8A89-00B9481B72FD@infowarrior.org> Apple Taps Former Navy Information Warrior for Global Director of Security by Arik Hesseldahl Posted on January 22, 2011 at 12:30 PM PT http://newenterprise.allthingsd.com/20110122/apple-taps-former-navy-information-warrior-as-global-director-of-security/ Apple has tapped security expert and author David Rice to be its director of global security, three sources who know Rice have confirmed to me. He?s expected to start at Apple in March. Apple hasn?t returned calls seeking comment. There?s no word yet about what precisely Rice?s job will entail, and knowing secrecy-obsessed Apple, there likely won?t be. But it?s not hard to make a reasonable guess. With iPhones and iPads penetrating the enterprise in ever more impressive numbers, companies want to know they?re secure. Late last year Apple started working with Unisys to help it sell Apple products to corporations and government agencies, all of which are concerned about the security implications of iPhones and iPads running on their networks. Those who know Rice describe him as a deeply respected name in IT security circles who not only can speak the kind of language that makes CIOs comfortable, but can also back up that language with the skills and knowledge to match. Rice hasn?t yet responded to my messages seeking comment, but his bio is fascinating. He?s a 1994 graduate of the U.S. Naval Academy and has a master?s degree in Information Warfare and Systems Engineering from the Naval Postgraduate School. He served as a Global Network Vulnerability analyst for the National Security Agency and as a Special Duty Cryptologic officer for the Navy. His LinkedIn profile says he?s executive director of the Monterey Group, a cybersecurity consulting firm. He?s also on the faculty of IANS, an information security research company. He also works with the U.S. Cyber Consequences Unit, a nonprofit organization that researches the potential for cyber attacks and their impact. Before that he worked for the security firm Neohapsis. His 2007 book, ?Geekonomics,? has been described as the software industry?s equivalent of Ralph Nader?s ?Unsafe at Any Speed.? In it he argues that software is modern infrastructure?just like a bridge (hence the picture on the cover)? and if it?s poorly made or insecure, it constitutes a public hazard. Those who buy software?consumers, corporations and governments?end up being ?crash test dummies? for an industry with no accountability for losses incurred by their customers, he argues. He goes on to peg the costs of patching faulty software at $180 billion a year, and says that?s probably conservative. Patching software for security weaknesses takes capital that might be used for other, more productive, things. His solution? Taxes. In a 2008 interview with Forbes, he compared security vulnerabilities in software to the unavoidable pollution emitted by factories. Since software can never be perfect, a ?bug tax? keyed to the number and severity of software bugs discovered would create an incentive for better quality control. Rice would be the latest in a string of high-profile security hires at Apple. Last March it hired Window Snyder, the former security chief at Mozilla, as its senior product manager for security, and in 2009 it hired Ivan Krsti?, the former head of security for the One Laptop per Child project, to work on core security for Mac OS X. Jon Callas, the former CTO of encryption software maker PGP, now a unit of Symantec, joined Apple last year. From rforno at infowarrior.org Sat Jan 22 16:41:33 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 22 Jan 2011 17:41:33 -0500 Subject: [Infowarrior] - Tide of cyber-scepticism sweeping the US... Message-ID: <1F232026-2265-4BCA-9F81-12989E84AA68@infowarrior.org> Social networking under fresh attack as tide of cyber-scepticism sweeps US Twitter and Facebook don't connect people ? they isolate them from reality, say a rising number of academics ? Paul Harris in New York ? guardian.co.uk, Saturday 22 January 2011 21.00 GMT http://www.guardian.co.uk/media/2011/jan/22/social-networking-cyber-scepticism-twitter The way in which people frantically communicate online via Twitter, Facebook and instant messaging can be seen as a form of modern madness, according to a leading American sociologist. "A behaviour that has become typical may still express the problems that once caused us to see it as pathological," MIT professor Sherry Turkle writes in her new book, Alone Together, which is leading an attack on the information age. Turkle's book, published in the UK next month, has caused a sensation in America, which is usually more obsessed with the merits of social networking. She appeared last week on Stephen Colbert's late-night comedy show, The Colbert Report. When Turkle said she had been at funerals where people checked their iPhones, Colbert quipped: "We all say goodbye in our own way." Turkle's thesis is simple: technology is threatening to dominate our lives and make us less human. Under the illusion of allowing us to communicate better, it is actually isolating us from real human interactions in a cyber-reality that is a poor imitation of the real world. But Turkle's book is far from the only work of its kind. An intellectual backlash in America is calling for a rejection of some of the values and methods of modern communications. "It is a huge backlash. The different kinds of communication that people are using have become something that scares people," said Professor William Kist, an education expert at Kent State University. The list of attacks on social media is a long one and comes from all corners of academia and popular culture. A recent bestseller in the US, The Shallows by Nicholas Carr, suggested that use of the internet was altering the way we think to make us less capable of digesting large and complex amounts of information, such as books and magazine articles. The book was based on an essay that Carr wrote in the Atlantic magazine. It was just as emphatic and was headlined: Is Google Making Us Stupid? Another strand of thought in the field of cyber-scepticism is found in The Net Delusion, by Evgeny Morozov. He argues that social media has bred a generation of "slacktivists". It has made people lazy and enshrined the illusion that clicking a mouse is a form of activism equal to real world donations of money and time. Other books include The Dumbest Generation by Emory University professor Mark Bauerlein ? in which he claims "the intellectual future of the US looks dim"? and We Have Met The Enemy by Daniel Akst, which describes the problems of self-control in the modern world, of which the proliferation of communication tools is a key component. The backlash has crossed the Atlantic. In Cyburbia, published in Britain last year, James Harkin surveyed the modern technological world and found some dangerous possibilities. While Harkin was no pure cyber-sceptic, he found many reasons to be worried as well as pleased about the new technological era. Elsewhere, hit film The Social Network has been seen as a thinly veiled attack on the social media generation, suggesting that Facebook was created by people who failed to fit in with the real world. Turkle's book, however, has sparked the most debate so far. It is a cri de coeur for putting down the BlackBerry, ignoring Facebook and shunning Twitter. "We have invented inspiring and enhancing technologies, yet we have allowed them to diminish us," she writes. Fellow critics point to numerous incidents to back up their argument. Recently, media coverage of the death in Brighton of Simone Back focused on a suicide note she had posted on Facebook that was seen by many of her 1,048 "friends" on the site. Yet none called for help ? instead they traded insults with each other on her Facebook wall. Turkle's book has also hit home because her previous works, The Second Self and Life on the Screen, seemed more open to the technological world. "Alone Together reads as if it were written by Turkle's evil Luddite twin," joked Kist. But even the backlash now has a backlash, with many leaping to the defence of social media. They point out that emails, Twitter and Facebook have led to more communication, not less ? especially for people who may have trouble meeting in the real world because of great distance or social difference. Defenders say theirs is just a different form of communication that people might have trouble getting used to. "When you go into a coffee shop and everyone is silent on their laptop, I understand what she is saying about not talking to each other," Kist said. "But it is still communicating. I disagree with her. I don't see it as so black and white." Some experts believe the debate is so fierce because social networking is a new field that has yet to develop rules and etiquette that everyone can respect and that is why incidents such as Simone Back's death appear so shocking. "Let's face it, I see no sign of anyone unplugging," said Kist. "But, perhaps, we need to involve a 'netiquette' to deal with it all." He also pointed out that the "real world" that many social media critics hark back to never really existed. Before everyone travelled on the bus or train with their heads buried in an iPad or a smart phone, they usually just travelled in silence. "We did not see people spontaneously talking to strangers. They were just keeping to themselves," Kist said. From rforno at infowarrior.org Sat Jan 22 22:24:30 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 22 Jan 2011 23:24:30 -0500 Subject: [Infowarrior] - Federal Research Center Will Help Develop Medicines Message-ID: <8A5A1E81-35DC-40B3-9744-FDB263E67BAB@infowarrior.org> January 22, 2011 Federal Research Center Will Help Develop Medicines By GARDINER HARRIS http://www.nytimes.com/2011/01/23/health/policy/23drug.html The Obama administration has become so concerned about the slowing pace of new drugs coming out of the pharmaceutical industry that officials have decided to start a billion-dollar government drug development center to help create medicines. The new effort comes as many large drug makers, unable to find enough new drugs, are paring back research. Promising discoveries in illnesses like depression and Parkinson?s that once would have led to clinical trials are instead going unexplored because companies have neither the will nor the resources to undertake the effort. The initial financing of the government?s new drug center is relatively small compared with the $45.8 billion that the industry estimates it invested in research in 2009. The cost of bringing a single drug to market can exceed $1 billion, according to some estimates, and drug companies have typically spent twice as much on marketing as on research, a business model that is increasingly suspect. The National Institutes of Health has traditionally focused on basic research, such as describing the structure of proteins, leaving industry to create drugs using those compounds. But the drug industry?s research productivity has been declining for 15 years, ?and it certainly doesn?t show any signs of turning upward,? said Dr. Francis S. Collins, director of the institutes. The job of the new center, to be called the National Center for Advancing Translational Sciences, is akin to that of a home seller who spruces up properties to attract buyers in a down market. In this case the center will do as much research as it needs to do so that it can attract drug company investment. That means that in some cases, the center will use one of the institutes? four new robotic screeners to find chemicals that affect enzymes and might lead to the development of a drug or a cure. In other cases, the center may need to not only discover the right chemicals but also perform animal tests to ensure that they are safe and even start human trials to see if they work. All of that has traditionally been done by drug companies, not the government. ?None of this is intended to be competitive with the private sector,? Dr. Collins said. ?The hope would be that any project that reaches the point of commercial appeal would be moved out of the academic support line and into the private sector.? Whether the government can succeed where private industry has failed is uncertain, officials acknowledge, but they say doing nothing is not an option. The health and human services secretary, Kathleen Sebelius, sent a letter to Congress on Jan. 14 outlining the plan to open the new drug center by October ? an unusually rapid turnaround for an idea first released with little fanfare in December. Creating the center is a signature effort of Dr. Collins, who once directed the agency?s Human Genome Project. Dr. Collins has been predicting for years that gene sequencing will lead to a vast array of new treatments, but years of effort and tens of billions of dollars in financing by drug makers in gene-related research has largely been a bust. As a result, industry has become far less willing to follow the latest genetic advances with expensive clinical trials. Rather than wait longer, Dr. Collins has decided that the government can start the work itself. ?I am a little frustrated to see how many of the discoveries that do look as though they have therapeutic implications are waiting for the pharmaceutical industry to follow through with them,? he said. Dr. Collins?s ability to conceive and create such a center in a few short months would have been impossible for most of his predecessors, who had nice offices but little power. But Congress in recent years has invested real budgetary and administrative authority in the director?s office, and Dr. Collins is the first to fully use these new powers. Under the plan, more than $700 million in research projects already under way at various institutes and centers would be brought together at the new center. But officials hope that the prospect of finding new drugs will lure Congress into increasing the center?s financing well beyond $1 billion. Hopes of new money may be optimistic. Republicans in the House have promised to cut the kind of discretionary domestic spending that supports the health institutes, and officials are already bracing for significant cuts this year. But Dr. Collins has hinted that he is willing to cannibalize other parts of the health institutes to bring more resources to the new center. ?There are some people that would say this is not the time to do something bold and ambitious because the budget is so tight,? he said. ?But we would be irresponsible not to take advantage of scientific opportunity, even if it means tightening in other places.? For the plan to go into effect by October, the administration must by law get rid of one of the 27 centers and institutes already in existence at the N.I.H. ? something that has never been done before. So the administration plans to downgrade the National Center for Research Resources, in part by giving some of its functions to the new drug center. Researchers and staff members connected to the research resources center have inundated a complaint blog about the coming change. Mark O. Lively, a professor of biochemistry at Wake Forest University and a member of an advisory council to the research resources center, said that he could not understand why the administration was moving so quickly with its plans. ?And the N.I.H. is not likely to be very good at drug discovery, so why are they doing this?? Dr. Lively asked. But Dr. Garret A. FitzGerald, a professor of medicine and pharmacology at the University of Pennsylvania, said the new center could inspire universities to train a new generation of investigators who could straddle the divide between academia and industry. ?It could be a really good idea,? he said. Both the need for and the risks of this strategy are clear in mental health. There have been only two major drug discoveries in the field in the past century; lithium for the treatment of bipolar disorder in 1949 and Thorazine for the treatment of psychosis in 1950. Both discoveries were utter strokes of luck, and almost every major psychiatric drug introduced since has resulted from small changes to Thorazine. Scientists still do not know why any of these drugs actually work, and hundreds of genes have been shown to play roles in mental illness ? far too many for focused efforts. So many drug makers have dropped out of the field. For Dr. Thomas R. Insel, director of the National Institute of Mental Health, the drug industry?s departure from this vital research area shows that the government must do something, although he acknowledges the risk. ?Would we be foolish ? we being an agency that has never developed drugs and actually doesn?t know how to do therapeutics that well ? to get into this space?? Dr. Insel asked. But Dr. William Potter, who was once a top researcher at the mental health institute and retired last year as the vice president of translational neuroscience at the giant drug maker Merck, said that far more basic research needed to be done on the causes of mental illness before anyone ? industry or government ? could successfully create breakthrough drugs. ?We still don?t even understand how lithium works,? Dr. Potter said. ?So how do people think we can find drugs systematically for mental illness?? From rforno at infowarrior.org Sat Jan 22 22:33:09 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 22 Jan 2011 23:33:09 -0500 Subject: [Infowarrior] - Is retaliation the answer to cyber attacks? Message-ID: <69C53FB4-D53B-4D21-B4DE-159AB58EB2E2@infowarrior.org> This story appeared on Network World at http://www.networkworld.com/news/2011/012011-retaliation-answer-cyber-attacks.html Is retaliation the answer to cyber attacks? The law frowns on cyber attacks but Black Hat speakers advocate exploiting vulnerabilities in attack tools and botnets against attackers By Ellen Messmer, Network World January 21, 2011 06:05 AM ET WASHINGTON, DC -- Should revenge assaults be just another security tool large IT shops use to counter cyber attacks? It's a controversial idea, and the law generally frowns on cyber attacks in general, but at the Black Hat DC conference last week, some speakers took up the issue of whether and how organizations should counterattack against adversaries clearly using attack tools to break into and subvert corporate data security. One idea that got plenty of attention here was the notion of exploiting vulnerabilities in attack tools and botnets to try to determine what the attacker was going after or feed fake data, or even dive into the attacker's network lair. If it turns out an attacker has taken control of a corporate machine, it's logical that you'd want to "counter-strike" to find out what the attacker is up to, perhaps by finding a hole in the attack tool being used and planting a backdoor of your own to watch the attacker, said Laurent Oudot, founder and CEO of TEHTRI-Security, a French-based ethical-hacking and vulnerability research firm, who spoke at Black Hat. "We want to strike back. We want to exploit his network," said Oudot. You want statistics and logs related to the attacker, and it might be the idea of attacking ZeuS or SpyEye or even a state-sponsored attacker. It's not so complex to find zero-day vulnerabilities that would allow subversion of attack tools, noted Oudot, whose firm has experience in identifying vulnerabilities, including several related to mobile devices. He suggested it would be fairly simple to strike back against exploit packs such as Eleonore, or feed fake information into attacker's hands. "You can strike back," Oudot said. "Your enemies are not ethical hackers." Matthew Weeks, a security researcher who recently joined the Air Force, also spoke on the question of counterattacks against hackers clearly using attack tools to break into networks, acknowledges the law would probably regard most counterstrike ideas as illegal. But as a contributor to the open-source version of Metasploit, a tool that can be used for either good or evil to test and explore network vulnerabilities, Weeks says tools such as this have their own vulnerabilities much like any type of software will, and attackers may not pay attention to patching their own attack tools. At the conference he went into depth on some vulnerabilities in open-source Metasploit. And he says other tools, such as Nessus or the Wireshark protocol analyzer, which can also be used for attack purposes, have also had vulnerabilities. While the idea of counterattacks remains contentious, especially since there could be "unintended consequences," Weeks noted, his inclination as a security researcher is to explore how countermeasures such as "tarpits" could be put to use, which would put attackers in an endless spin cycle when they connect. It's possible to "tie up resources in an attack," said Weeks, and it would make sense to monitor what hackers are up to. There's scant evidence that companies or civilian government agencies are trying to turn the tables on attackers in these ways, but the military arms of several governments around the world, including the U.S., are building up cyber-forces with an eye toward supporting a retaliatory strike capability. And no one denies espionage takes place in cyberspace. Long battle ahead While counterinsurgency could slow down the threat of cyber attacks, Black Hat speakers said data thieves are still getting into corporate networks too easily -- in some cases simply by tricking one targeted victim to open a phishing e-mail. Data thieves sneak in by this route to collect the most valued information and they tend to go about it at a methodical pace over months if not years, and patience is the key to catching them at it, according to security firm Mandiant. Mandiant shared some of the findings its incident-response teams have seen in investigations, noting that far from being one time grab and run events, data cyber-theft is often a long methodical process. The attacker, who usually gets in through a phishing e-mail targeted at a particular employee to gain control of a Windows-based computer, then begins to move around the network to look for the most valued data, then starts collecting it in a "staging area" on a compromised machine, in order to try to eventually transfer it out in data containers such as a RAR file. In speaking on the topic of how attackers exfiltrate data out of the network, Mandiant security consultant Sean Coyne said in many cases, "the attackers were there for several months, if not years." A defense contractor that was hit, he notes, found that over 120 GB of data, mostly Word documents, were stealthily collected over a period of months, with the attacker picking a staging area to bundle up what was stolen and send it in a digital container, such as a RAR, ZIP or CAB file. "It's easier to move one large file than several smaller ones," he noted, adding, "Most corporate IT users are completely oblivious" though they may wonder why their computers, used as a staging point, suddenly seem slow. Often backdoor trojans and data-collection tools such as one called Poison Ivy are often used. But data thieves are artful dodgers who do a lot manually, not automated, to evade attempts at security controls such as intrusion-prevention systems or data-loss prevention (DLP), according to Mandiant. Mandiant consultant Ryan Kazanciyan says he saw one case where the victimized organization was using McAfee host intrusion-protection system to look for RAR files but the attacker figured that out that an alert had been set off and simply changed to something that wasn't being monitored. "Some guys will take everything but the kitchen sink," and get it out to sort through it later, while others are "pickers and choosers," though evidence shows data thieves today exhibit a tendency to use habitual methods suited to their own style, Coyne noted. When asked if DLP tools that seek to monitor or block attempts at unauthorized transmissions of data outside the organization are effective in instances connected with data exfiltration, both Kazanciyan and Coyne expressed skepticism. DLP is mainly useful for "keeping users from accidentally sending files out," Coyne said. "It's not built to stand up to a targeted attack." Kazanciyan expressed a similar opinion. If an organization suspects a data thief is in their midst, the first thing is "don't panic," said Coyne, by making slap-dash changes to the network that will simply make any attackers suspicious and change their tactics. It's a risk-based decision, but for a while the decision might need to be made to watch data being stolen, however painful that is, while a quiet hunt to flush out the attacker's operations set up inside the network can proceed. From rforno at infowarrior.org Sun Jan 23 10:33:23 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 23 Jan 2011 11:33:23 -0500 Subject: [Infowarrior] - Fwd: On The Media looks at NSLs References: <901A7C98-A506-46C7-B968-DCE29A7F57D5@gizmopartners.com> Message-ID: Begin forwarded message: > From: Chris > > > Subpoenas and Online Service Providers > January 21, 2011 > There are two kinds of subpoenas that federal law enforcement can serve on internet service providers and online communications companies if they want to spy on a users' email or Twitter account. Both kinds frequently have gag-orders attached - which means, users are none the wiser that their account has been breached. And both types of subpoenas are being served to ISPs at an unprecedented rate. The ACLU's Jameel Jaffer explains why what you don't know can hurt you. > > > http://www.onthemedia.org/transcripts/2011/01/21/03 > > > National Security Letters and Gag Orders > January 21, 2011 > The most serious kind of subpoena - called a 'National Security Letter' - used to have a lifetime gag-order automatically attached. That is until Nicholas Merrill appealed his and won the right to talk about it. Despite 50,000 national security letters a year there are only three organizations who have ever won the right to say they got one. Nick Merrill explains why he's the exception and the rule. > > http://www.onthemedia.org/transcripts/2011/01/21/04 > From rforno at infowarrior.org Sun Jan 23 18:27:59 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 23 Jan 2011 19:27:59 -0500 Subject: [Infowarrior] - The role of the Internet as a platform for collective action grows Message-ID: <3FA66081-7919-460D-8A98-4030FE9F81CA@infowarrior.org> The role of the Internet as a platform for collective action grows A new Pew survey emphasizes the Internet's importance in civil society. by Alex Howard | @digiphile | Comments: 3 | 21 January 2011 http://radar.oreilly.com/2011/01/pew-internet-platform.html?utm_medium=twitter&utm_source=twitterfeed A survey released this week by the Pew Research Center's Internet and Life Project shed light on the social side of the Internet. The results offered insight into the differences between the connected and the disconnected, revealing that Internet users are more likely to be active participants, with some 80 percent of Internet users participating in groups, compared with 56 percent of non-Internet users. These findings confirm the impact of the the Internet on collective action, observed Beth Noveck, NYU law professor and former deputy CTO for open government at the White House. "Internet users are more active participants in groups and are more likely to feel pride and a sense of accomplishment." Perhaps we are all not, as Robert D. Putnam suggested, relegated to "bowling alone." "Technology may not be the corrosive force that Putnam imagined in American life," wrote Jared Keller in The Atlantic. "Instead, it may provide new lifeblood for civic organizations by making participation cheap and easy, if in a different form. Americans may not want to bowl alone: they just prefer to do it online, from the comfort of their homes." On Tuesday, I participated in a panel at the State of the Net Conference in Washington, D.C. to discuss the Pew study's findings as they relate to civic participation, technology policy, and new media. I was joined by Jerry Berman, founder and chairman of the Center for Democracy and Technology, Andrew Keen (@ajkeen), author and host at TechCrunch.tv, Lee Rainie (@lrainie), director of the Pew Internet & American Life Project, and Clay Shirky (@cshirky), technology consultant and author. Video of the panel, courtesy of the Congressional Internet Caucus, is embedded below: "We have historically overestimated the value of access to information and underestimated the value of access to one another," said Shirky. He found two elements of the survey surprising, in terms of what they mean for the "death" of two common themes that have surrounded much of the contemporary discussion of Internet and society: ? The idea of online vs. off-line, and that there's a "place" called cyberspace. Shirky cited the statistic that "75 percent of people who report using the Internet did not find those groups using the Internet" for evidence, with respect to the crossover or integration between our virtual and material lives. ? Given that society is now extending real world groups to online tools in a widespread way, it dismantles idea of geek culture online. Keen agreed with Shirky on that count, although not on others, as viewers of the video will discover. Keen highlighted the statistic that 68 percent of Americans say they use the Internet to communicate with members of a group. "No longer is this divide between online and offline," he said. "The Internet itself is reality ? and even that term is slippery." The Internet itself is the digital revolution, in his words, with the next revolutions to come perhaps predicated upon this digital platform. Berman, along with other members of the panel, repeatedly cited Alexis de Tocqueville's "Democracy in America". De Tocqueville, writing in 1836, was concerned about the rampant individualism he saw in American society. Keen voiced his concern that we're seeing the disappearance of "Tocquevillian democracy" today as a result of two trends feeding off one another: the cult of the social and the cult of the individual. In that context, he said, we're seeing the fragmentation of the 20th century individual into this "intradividual" who is continually moving between spheres. Berman observed that what countered that force in the 19th century were the bonds formed by associational life in America, where citizens came together, communicated, formed alliances and solved problems together. De Tocqueville put newspapers at the core of that connection, said Berman, along with churches and community centers. As those older print institutions are replaced by digital platforms, new connection technologies will be given an increasingly important role in supporting the fabric of democracy in 2011. The challenge of how these connection technologies can be turned to governance, versus campaigning, will become increasingly critical. Many of the social platforms that are in current use give their users substantial ability to personalize what information or conversations they receive. Shirky says that government and technologists have systematically undersigned social spaces where hard choices are addressed. "We have, thanks to James Madison, lots of well designed systems to do that [offline]" he said. "We don't have as many online. The tendency to rant or opt out prevents the kind of bargaining or horsetrading that's important." Berman, a staunch defender of privacy and electronic freedom, put the findings in the context of how we view the role of the Internet itself in society. People pursue liberty, equality and the openness of Internet not because they are ends of themselves, but because of their potential to sustain and improve democracy, he said. Berman emphasized the use of computers, cellphones, tablets and smartphones as creative communication devices that allow citizens to organize and connect with one another. "If we want to defend an open Internet, we have to establish that it's promoting democracy," he said, not simply a vehicle for content consumption or commerce. From rforno at infowarrior.org Sun Jan 23 18:39:13 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 23 Jan 2011 19:39:13 -0500 Subject: [Infowarrior] - Seattle Activist Wins Case Against TSA Message-ID: <0AC65AD9-8018-42B4-B0C4-CE59A2CE4747@infowarrior.org> Seattle Activist Wins Case Against TSA http://www.infowars.com/seattle-activist-wins-case-against-tsa/ Kurt Nimmo Infowars.com January 23, 2011 Phil Mocek of Seattle was told by TSA goons and police at the Albuquerque Airport on November 15, 2009, that he did not have the right to use a video camera in a public space outside a TSA Gestapo zone. He was also told that when goons ask him for ID, he must comply or the police will be called. Mocek was arrested for disorderly conduct and concealing his identity. Mocek is a software developer and civil liberties advocate. He was in New Mexico in November of 2009 to attend the International Drug Policy Reform Conference on behalf of the Cannabis Defense Coalition. Visible and audible the video are Mocek, Albuquerque Airport Police Department officers Robert F. ?Bobby? Dilley (116), Landrow ?Wiggy? Wiggins (137), and Julio A. De La Pe?a (135), and TSA staff LTSO Jonathon Breedon, TSM Gerald Romero, STSO Anthony M. Schreiner, Greg Martinez, and BDO Laura Moots. According to Edward Hasbrouck, founder of the Identity Project, a nonprofit organization that ?builds public awareness about the effects of ID requirements on fundamental rights,? Mocek?s case marks the first time anyone has ever challenged the TSA?s authority to question and detain travelers, Seattle Weekly reported on January 19. ?[TSA] wants people to show ID and submit to a search and groping, but there?s no legal basis for most of this,? Hasbrouck said. ?The TSA relies fundamentally on intimidation. The ultimate threat is ?We?ll call the local police.? And when they?re called in, they don?t say ?We don?t see a crime here.? They get that person out of there.? On January 21, a jury cleared Mocek of all misdemeanor charges. ?I feel good that we had police and TSA on record saying that you don?t have to show ID to fly and that you can use a camera at the airport,? Mocek told KOBTV 4 in Albuquerque. Mocek was represented by Nancy Hollander, a New Mexico defense attorney known for representing two Guantanamo Bay detainees. Hollander argued that Mocek did not conceal his identity because his name was on his boarding pass. From rforno at infowarrior.org Mon Jan 24 08:03:47 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 24 Jan 2011 09:03:47 -0500 Subject: [Infowarrior] - Internet 'kill switch' bill will return Message-ID: <04A269E8-F404-4754-96CC-1543D6846E89@infowarrior.org> January 24, 2011 4:00 AM PST Internet 'kill switch' bill will return by Declan McCullagh http://news.cnet.com/8301-31921_3-20029282-281.html?part=rss&subj=news&tag=2547-1_3-0-20 A controversial bill handing President Obama power over privately owned computer systems during a "national cyberemergency," and prohibiting any review by the court system, will return this year. Internet companies should not be alarmed by the legislation, first introduced last summer by Sens. Joseph Lieberman (I-Conn.) and Susan Collins (R-Maine), a Senate aide said last week. Lieberman, an independent who caucuses with Democrats, is chairman of the Senate Homeland Security and Governmental Affairs Committee. "We're not trying to mandate any requirements for the entire Internet, the entire Internet backbone," said Brandon Milhorn, Republican staff director and counsel for the committee. Instead, Milhorn said at a conference in Washington, D.C., the point of the proposal is to assert governmental control only over those "crucial components that form our nation's critical infrastructure." Portions of the Lieberman-Collins bill, which was not uniformly well-received when it became public in June 2010, became even more restrictive when a Senate committee approved a modified version on December 15. The full Senate did not act on the measure. The revised version includes new language saying that the federal government's designation of vital Internet or other computer systems "shall not be subject to judicial review." Another addition expanded the definition of critical infrastructure to include "provider of information technology," and a third authorized the submission of "classified" reports on security vulnerabilities. The idea of creating what some critics have called an Internet "kill switch" that the president could flip in an emergency is not exactly new. A draft Senate proposal that CNET obtained in August 2009 authorized the White House to "declare a cybersecurity emergency," and another from Sens. Jay Rockefeller (D-W.V.) and Olympia Snowe (R-Maine) would have explicitly given the government the power to "order the disconnection" of certain networks or Web sites. House Democrats have taken a similar approach in their own proposals. Lieberman, who recently announced he would not seek re-election in 2012, said last year that enactment of his bill needed to be a top congressional priority. "For all of its 'user-friendly' allure, the Internet can also be a dangerous place with electronic pipelines that run directly into everything from our personal bank accounts to key infrastructure to government and industrial secrets," he said. Civil libertarians and some industry representatives have repeatedly raised concerns about the various proposals to give the executive branch such broad emergency power. On the other hand, as Lieberman and Collins have highlighted before, some companies, including Microsoft, Verizon, and EMC Corporation, have said positive things about the initial version of the bill. But last month's rewrite that bans courts from reviewing executive branch decrees has given companies new reason to worry. "Judicial review is our main concern," said Steve DelBianco, director of the NetChoice coalition, which includes eBay, Oracle, Verisign, and Yahoo as members. "A designation of critical information infrastructure brings with it huge obligations for upgrades and compliance." In some cases, DelBianco said, a company may have a "good-faith disagreement" with the government's ruling and would want to seek court review. "The country we're seeking to protect is a country that respects the right of any individual to have their day in court," he said. "Yet this bill would deny that day in court to the owner of infrastructure." Other industry representatives say it's not clear that lawyers and policy analysts who will inhabit Homeland Security's 4.5 million square-foot headquarters in the southeast corner of the District of Columbia have the expertise to improve the security of servers and networks operated by companies like AT&T, Verizon, Microsoft, and Google. American companies already spend billions of dollars on computer security a year. "Declaration of a national cyber emergency" The revised Lieberman-Collins bill, dubbed the Protecting Cyberspace as a National Asset Act, works this way: Homeland Security will "establish and maintain a list of systems or assets that constitute covered critical infrastructure" and that will be subject to emergency decrees. (The term "kill switch" does not appear in the legislation.) Under the revised legislation, the definition of critical infrastructure has been tightened. DHS is only supposed to place a computer system (including a server, Web site, router, and so on) on the list if it meets three requirements. First, the disruption of the system could cause "severe economic consequences" or worse. Second, that the system "is a component of the national information infrastructure." Third, that the "national information infrastructure is essential to the reliable operation of the system." At last week's event, Milhorn, the Senate aide, used the example of computers at a nuclear power plant or the Hoover Dam but acknowledged that "the legislation does not foreclose additional requirements, or additional additions to the list." A company that objects to being subject to the emergency regulations is permitted to appeal to DHS secretary Janet Napolitano. But her decision is final and courts are explicitly prohibited from reviewing it. President Obama would then have the power to "issue a declaration of a national cyberemergency." What that entails is a little unclear, including whether DHS could pry user information out of Internet companies that it would not normally be entitled to obtain without a court order. One section says they can disclose certain types of noncommunications data if "specifically authorized by law," but a presidential decree may suffice. "No amount of tightening of what constitutes 'critical infrastructure' will prevent abuse without meaningful judicial review," says Berin Szoka, an analyst at the free-market TechFreedom think tank and editor of The Next Digital Decade book. "Blocking judicial review of this key question essentially says that the rule of law goes out the window if and when a major crisis occurs." For their part, Lieberman and Collins say the president already has "nearly unchecked authority" to control Internet companies. A 1934 law (PDF) creating the Federal Communications Commission says that in wartime, or if a "state of public peril or disaster or other national emergency" exists, the president may "authorize the use or control of any...station or device." In congressional testimony (PDF) last year, DHS Deputy Undersecretary Philip Reitinger stopped short of endorsing the Lieberman-Collins bill. The 1934 law already addresses "presidential emergency authorities, and Congress and the administration should work together to identify any needed adjustments to the act," he said, "as opposed to developing overlapping legislation." From rforno at infowarrior.org Mon Jan 24 16:33:24 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 24 Jan 2011 17:33:24 -0500 Subject: [Infowarrior] - US Case Against Hundreds of BitTorrent File-Sharers Dismissed Message-ID: US Case Against Hundreds of BitTorrent File-Sharers Dismissed ? Ernesto ? 24/01/2011 http://torrentfreak.com/us-case-against-hundreds-of-bittorrent-file-sharers-dismissed-110124/ Another blow has been delivered to the mass BitTorrent lawsuits that were introduced in the United States last year. The German-based copyright profiteers DigiProtect sued hundreds of alleged BitTorrent users a month ago, but now more than half of the cases have been orally dismissed. Since the beginning of last year various copyright holders have sued tens of thousands of BitTorrent users who allegedly shared films without permission. The copyright holders file mass lawsuits in order to obtain the identities of the alleged infringers, and then make them an offer to settle for hundreds of dollars. This idea has been copied from German and UK lawyers who?ve made millions with this pay-up-or-else scheme at relatively low cost. In the UK, however, the tide is slowly turning as judges are increasingly taking the side of the accused. In the US we now see a similar pattern emerging. Last month, the US Copyright Group (USCG) dropped thousands of alleged BitTorrent file-sharers from the Far Cry case because of a lack of jurisdiction. Although these cases can be refiled in other jurisdictions, it seriously limits the profitability of the law firm?s business model. And today there is another victory for hundreds of BitTorrent users who were sued by the company DigiProtect, the poster child of the ?pay up or else? scheme. DigiProtect is not a copyright holder in the true sense of the word, but simply licenses films and music for peer-to-peer distribution. A license to sue, basically. Attorney Robert Cashman of Cashman Law Firm just informed us that DigiProtect?s case against 266 alleged file-sharers has pretty much ended. Cashman, who represents one of the defendants accused of sharing ?Anal Fanatic?, told us that the case was ?orally? dismissed by Judge Thomas Griesa. ?I do not know on what grounds it was dismissed, but from what I heard, the judge was upset about the jurisdiction issues and the improper joinder issues with the case,? Cashman told TorrentFreak. The reason for the dismissal is not yet formally known since the paperwork has yet to be filed. Once this happens more information should be available on the grounds of the dismissal, which will then be official. It is beyond doubt, however, that this development represents yet another setback for the mass-settlement lawsuits that have been filed across the US. The second mass lawsuit that was filed by DigiProtect is also in trouble. In this case 240 alleged BitTorrent users were sued. However, there are signs that this one, which is appointed to another judge, will not be dismissed just yet. ?I?ve heard that the other case is also in jeopardy because of the improper joinder and improper jurisdiction issues, but my contact did not seem to think it was going to be dismissed outright like the original one,? Cashman said. He advises anyone who?s involved in the case to not sign any settlement agreements yet. Behind the scenes there are a lot of dirty tricks being played out. Comcast even got involved as the company felt it was being pressured by DigiProtect to hand over subscriber info with deadlines they could not possibly meet. In addition, Cashman told us that DigiProtect continued to pursue settlements after the case was already orally dismissed. ?As a side ethical issue, knowing the case was orally dismissed, DigiProtect?s attorney continued to solicit settlement agreements. It appears based on one of the settlement offers copied to me that he contacted my client directly in violation of the ethics rules.? ?I have already let the court know about Britton Payne?s settlement offers post-dismissal, and have forwarded a redacted copy of the settlement documents to Judge Griesa?s chambers for his review,? Cashman added. All in all it looks like the once so profitable business model is getting quite a bit of resistance in the US as well as the UK. Although we don?t think it?s going to end soon, the ongoing troubles will at least make sensible copyright holders think twice before they enter this PR nightmare. DigiProtect on the other hand has little to lose. The company?s sole purpose seems to be to exploit the copyrights of others by suing users of file-sharing networks. They are copyright parasites in the truest sense of the word, and a prime example of how copyright ? which was invented to protect makers of creative works ? is being abused. From rforno at infowarrior.org Mon Jan 24 21:28:00 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 24 Jan 2011 22:28:00 -0500 Subject: [Infowarrior] - GOP pushing for ISPs to record user data Message-ID: <294F9499-7EC3-43A4-9AE3-C0AB862F8260@infowarrior.org> January 24, 2011 2:24 PM PST GOP pushing for ISPs to record user data by Declan McCullagh http://news.cnet.com/8301-31921_3-20029393-281.html The House Republicans' first major technology initiative is about to be unveiled: a push to force Internet companies to keep track of what their users are doing. A House panel chaired by Rep. F. James Sensenbrenner of Wisconsin is scheduled to hold a hearing tomorrow morning to discuss forcing Internet providers, and perhaps Web companies as well, to store records of their users' activities for later review by police. One focus will be on reviving a dormant proposal for data retention that would require companies to store Internet Protocol (IP) addresses for two years, CNET has learned. Tomorrow's data retention hearing is juxtaposed against the recent trend to protect Internet users' privacy by storing less data. Last month, the Federal Trade Commission called for "limited retention" of user data on privacy grounds, and in the last 24 hours, both Mozilla and Google have announced do-not-track technology. A Judiciary committee aide provided a statement this afternoon saying "the purpose of this hearing is to examine the need for retention of certain data by Internet service providers to facilitate law enforcement investigations of Internet child pornography and other Internet crimes," but declined to elaborate. Thanks to the GOP takeover of the House, the odds of such legislation advancing have markedly increased. The new chairman of the House Judiciary committee is Lamar Smith of Texas, who previously introduced a data retention bill. Sensenbrenner, the new head of the Subcommittee on Crime, Terrorism, and Homeland Security, had similar plans but never introduced legislation. (It's not purely a partisan issue: Rep. Diana DeGette, a Colorado Democrat, was the first to announce such a proposal.) Police and prosecutors are the biggest backers of data retention. FBI director Robert Mueller has said that forcing companies to store those records about users would be "tremendously helpful in giving us a historic basis to make a case" in investigations, especially child porn cases. An FBI attorney said last year that Mueller supports storing Internet users' "origin and destination information," meaning logs of which Web sites are visited. And the International Association of Chiefs of Police, which will be sending a representative to tomorrow's hearing, previously adopted a resolution (PDF) calling for a "uniform data retention mandate" for "customer subscriber information and source and destination information." The group said today in an e-mail exchange that it still supports that resolution. Jim Harper, director of information policy studies at the free-market Cato Institute, says the push for legislation is an example of pro-regulatory Republicans. "Republicans were put in power to limit the size and scope of the federal government," Harper said. "And they're working to grow the federal government, increase its intrusiveness, and I fail to see where the Fourth Amendment permits the government to require dragnet surveillance of Internet users." Representing the Obama administration at tomorrow's hearing will be Jason Weinstein, deputy assistant attorney general for the Justice Department's criminal division, who has previously testified (PDF) on intellectual property infringement and was chief of the violent crime section of the U.S. Attorney's office in Baltimore. For now, the scope of any mandatory data retention law remains hazy. It could mean forcing companies to store data for two years about what Internet addresses are assigned to which customers (Comcast said in 2006 that it would be retaining those records for six months). Or it could be more intrusive, sweeping in online service providers, and involve keeping track of e-mail and instant-messaging correspondence and what Web pages users visit. Some Democratic politicians have previously called for data retention laws to extend to domain name registries and Web hosting companies and even social-networking sites. The police chiefs' proposal talks about storing information about "destinations" that Internet users visit. AOL said today that "we are waiting to see the proposed legislation to understand what data needs to be retained and for what time period." These concepts are not exactly new. In June 2005, CNET was the first to report that the Justice Department was quietly shopping around the idea, reversing the department's previous position that it had "serious reservations about broad mandatory data retention regimes." Despite support from the FBI and the Bush Justice Department, however, the proposals languished amid concerns about privacy, liability, cost, and scope. (Would coffee shops, for instance, be required to ID users and log their activities?) Retention vs. preservation At the moment, ISPs typically discard any log file that's no longer required for business reasons such as network monitoring, fraud prevention, or billing disputes. Companies do, however, alter that general rule when contacted by police performing an investigation--a practice called data preservation. A 1996 federal law called the Electronic Communication Transactional Records Act regulates data preservation. It requires Internet providers to retain any "record" in their possession for 90 days "upon the request of a governmental entity." Because Internet addresses remain a relatively scarce commodity, ISPs tend to allocate them to customers from a pool based on whether a computer is in use at the time. (Two standard techniques used are the Dynamic Host Configuration Protocol and Point-to-Point Protocol over Ethernet.) In addition, Internet providers are required by another federal law to report child pornography sightings to the National Center for Missing and Exploited Children, which is in turn charged with forwarding that report to the appropriate police agency. When adopting its data retention rules, the European Parliament required that communications providers in its 25 member countries--several of which had enacted their own data retention laws already--retain customer data for a minimum of six months and a maximum of two years. The Europe-wide requirement applies to a wide variety of "traffic" and "location" data, including the identities of the customers' correspondents; the date, time, and duration of phone calls, voice over Internet Protocol calls or e-mail messages; and the location of the device used for the communications. The "content" of the communications is not supposed to be retained. But last March, a German court declared the national data retention law to be unconstitutional. From rforno at infowarrior.org Mon Jan 24 21:29:31 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 24 Jan 2011 22:29:31 -0500 Subject: [Infowarrior] - Obama nominates former RIAA lawyer for Solicitor General spot Message-ID: <94FD3146-1405-405C-A603-59F15A08D63E@infowarrior.org> Obama nominates former RIAA lawyer for Solicitor General spot By David Kravets, wired.com | Last updated about an hour ago http://arstechnica.com/tech-policy/news/2011/01/obama-nominates-former-riaa-lawyer-for-solicitor-general-spot.ars President Barack Obama on Monday nominated former Recording Industry Association of America lawyer Donald Verrilli Jr. to serve as the nation?s solicitor general. If confirmed by the Senate, Verilli, now the White House deputy counsel, would assume the powerful position left vacant by Elena Kagan, who was elevated to the Supreme Court. Obama said he was ?confident? that Verrilli, one of five former RIAA attorneys appointed to the administration, would ?serve ably.? The solicitor general is charged with defending the government before the Supreme Court, and files friend-of-the court briefs in cases in which the government believes there is a significant legal issue. The office also determines which cases it would bring to the Supreme Court for review. Verrilli is best known for leading the recording industry?s legal charge against music- and movie-sharing site Grokster. That 2003 case ultimately led to Grokster?s demise when the US Supreme Court sided with the RIAA?s verdict. Until recently, Verrilli also was leading Viacom?s ongoing and flailing $1 billion copyright infringement fight against YouTube. A court dismissed the case last year, a decison Viacom is appealing. Viacom claims YouTube committed copyright infringement because it did not police the video-sharing site for copyrighted works uploaded by its users. And in 2008, Verrilli told a federal judge in Minnesota that merely making copyrighted works available on file sharing networks amounted to copyright infringement?and that no proof of somebody else downloading those files was required. That argument came in the first of three iterations of the infamous Jamie Thomas file sharing case brought by the RIAA. The judge eventual declared a mistrial of the jury?s first $220,000 civil judgment for sharing 24 songs on Kazaa. Two more trials later, a third jury has rendered an almost $2 million verdict against Thomas for sharing the same two dozen tracks. From rforno at infowarrior.org Tue Jan 25 06:55:59 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 25 Jan 2011 07:55:59 -0500 Subject: [Infowarrior] - Smart Grid Cybersecurity Conference 2/15 Message-ID: <997A396D-17D8-4685-AB16-681610597A81@infowarrior.org> A one-day Smart Grid Cyber Security Conference [1] will be held at the University of Maryland, Baltimore County on Tuesday 15 February 2011 hosted by the UMBC Computer Science and Electrical Engineering Department. The conference will be a comprehensive presentation by technical staff from the National Institute of Standards and Technology about a just released inter-agency report (NISTIR 7628) on "Guidelines for Smart Grid Cyber Security" [2]. This report is likely to be a critically important document for guiding government, regulatory organizations, industry and academia on the theoretical and practical problems surrounding cybersecurity for the Smart Grid [3] and similar cyber-physical infrastructure systems. This regional outreach conference will be valuable to any organization that is planning, integrating, executing or developing cyber technology for the Smart Grid. A full copy of the 600 page report is available at [4]. The conference is free, but we ask participants to register [5] as soon as possible to help us prepare for the right number of participants. [1] http://www.bwtechumbc.com/ceti/ [2] http://csrc.nist.gov/publications/nistir/ir7628/introduction-to-nistir-7628.pdf [3] http://en.wikipedia.org/wiki/Smart_grid [4] http://umbc.edu/~finin/nistir-7628.zip [5] http://www.bwtechumbc.com/ceti/register.htm From rforno at infowarrior.org Tue Jan 25 07:03:22 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 25 Jan 2011 08:03:22 -0500 Subject: [Infowarrior] - White House doesn't shine in cybersecurity grading Message-ID: White House doesn't shine in cybersecurity grading National Security Cyberspace Institute releases cybersecurity report card ? By Alyah Khan ? Jan 24, 2011 http://fcw.com/Articles/2011/01/24/White-House-graded-on-cybersecurity.aspx?Page=1 The Obama administration has received less-than-stellar marks in a recent report card on its cybersecurity policies, earning grades in the B to D range. The National Security Cyberspace Institute examined the administration?s record of cybersecurity accomplishments in a white paper published Jan. 18. NSCI awarded grades for progress against 10 near-term recommendations included in the White House?s 60-day Cyberspace Policy Review released in 2009. ?We awarded grades solely on our view of actual progress ? not on good intentions, flowery rhetoric, the number of meetings held, commissions commissioned, or number of times administration officials have mentioned the word ?cyber,? ? NSCI wrote. None of the White House?s near-term action items received an A, for full implementation, or an F, for no progress shown. NSCI gave the administration a B for designating cybersecurity as one of the president?s key management priorities and establishing performance metrics, noting its recently announced update to the Federal Information Security Management Act. The update shifts the focus from paper-based compliance reports to real-time monitoring of federal networks, according to the institute. ?The change in approach provides for faster identification and response to vulnerabilities,? the white paper states. ?The administration believes the new approach builds on best practices from both government and industry, thus making our cybersecurity efforts more effective.? NSCI also gave the administration a B for a lack of substantial progress in conducting interagency legal analyses of priority cybersecurity-related issues and formulating coherent policy guidance that clarifies the roles, responsibilities and application of agency authorities for cybersecurity-related activities across the federal government. The administration received a D for the months of delay in appointing Howard Schmidt to the cybersecurity coordinator position, as well as another D for failing to release an updated national strategy to secure the information and communications infrastructure. NSCI further chose to give the administration a B for continuing the dialogue on international cybersecurity agreements. But the White House earned a C for moving too slowly in preparing a cybersecurity incident response plan and enhancing public-private partnerships. ?In September 2010, the Department of Homeland Security released an interim version of a National Cyber Incident Response Plan, a mere 16 months after President Obama?s declaration of cybersecurity as a top administration priority,? NSCI wrote. ?That?s hardly a fast-track agenda.? The White House also scored a C for not living up to its responsibility to coordinate a national cybersecurity research and development agenda, according to the white paper. From rforno at infowarrior.org Tue Jan 25 07:11:56 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 25 Jan 2011 08:11:56 -0500 Subject: [Infowarrior] - You May Be a Terrorist Message-ID: <1CCD7CC5-8837-4A92-AB17-1A1866A4095D@infowarrior.org> You May Be a Terrorist January 25, 2011 in Featured http://publicintelligence.net/you-may-be-a-terrorist/ A Metropolitan Airports police officer walks past a new sign, part of the program US Secretary of US Homeland Security Janet Napolitano announced during a press conference called, "If You See Something, Say Something" November 15, 2010 at Ronald Reagan National Airport in Washington, DC. AFP Photo/Paul J. Richards Public Intelligence Did you know? You might be a terrorist. You probably didn?t know that. In fact, you probably don?t think about terrorism much. However, there are a large amount of people at the Department of Homeland Security, the Federal Bureau of Investigation, and a variety of law enforcement agencies all around the country that do think about it, a lot. It is, in many respects, their job to think about it. Yet, the ever-expanding search for potential activities and indicators of terrorist activity has become emblematic of the overreaching and obsessive nature of efforts to combat terrorism in the United States. Departing more and more from rational depictions of truly suspicious activity, the criteria listed in law enforcement reports as indicating criminal or terrorist activity have become so expansive as to include many ubiquitous, everyday activities. The following list demonstrates the extent of ?suspicious activity reporting? by listing a number of behaviors and activities which are said to potentially indicate criminal or terrorist activity. Given the breadth of the activities, nearly any reader should be able to identify at least one indicator which they feel personally applies to them. It is important to remember that these indicators are all taken from restricted law enforcement reports that are normally unavailable to the public, but have since been published by this site. Each indicator is followed by a number linking you to the source document where that activity was listed as a ?suspicious activity.? Multiple numbers are meant to demonstrate the presence of that particular indicator in multiple source documents. If you are aware of other indicators in documents we have published or in documents found elsewhere, please consider letting us know or listing the indicator as a response to this post. Over time, we hope to develop a master list of criteria for ?suspicious activity reporting? and we will be updating this post as more indicators come in. Do you: ? Like to pay in cash (1) (2) (3) ? Visit a storage facility at unusual times (1) (2) ? Exhibit nervous behavior (1) ? Have ?suspicious? textbooks regarding chemistry or biology (1) ? Have flight manuals (1) ? Have photographs of well-known locations (1) ? Have a GPS unit (1) ? Have receipts from several hotels (1) ? Like to take photographs (1) ? Wear winter clothing (1) ? Frequently travel to areas ?of concern? (1) ? Appear ?not to belong? (1) ? Stare or quickly look away from people (1) ? Want to buy a commercial truck or van (1) ? Have interest in dams or national landmarks (1) ? Have no current or fixed address (1) ? Have scuba gear (1) ? Have large amounts of baby formula (1) ? Have a blank facial expression (1) ? Have a map to a shopping mall in a shopping mall (1) ? Wear scarves, head bands, hooded sweatshirts, or heavy coats (1) ? Have laboratory equipment (1) ? Often make inaccurate statements (1) ? Have stains on your clothing (1) ? Have burns on your hands (1) ? Have dead vegetation in your yard (1) ? Mumble (1) ? Use a prepaid mobile phone (1) (2) ? Exhibit apprehension (1) ? Have an extra car battery in your car (1) Have you: ? Traveled overseas lately (1) ? Refused maid-service at a hotel (1) ? Requested a specific view at a hotel (1) ? Used a phone in the lobby of a hotel (1) ? Used prepaid calling cards (1) ? Observed a security drill (1) ? Left a briefcase or a bag somewhere (1) ? Worn clothing inconsistent with the weather (1) ? Purchased a respirator or hazardous substances (1) ? Provided a vague explanation for an injury (1) ? Asked security personnel for directions (1) ? Parked a rental vehicle in an unusual location (1) ? Tried to gain employment at a vehicle dealership, a rental agency, a delivery company, or a freight hauling company (1) ? Used excessive postage on a package (1) (2) ? Misspelled words on a package (1) (2) ? Sent mail without a return address (1) (2) ? Changed your name (1) ? Attended public demonstrations (1) ? Bought night-vision goggles (1) ? Requested an unusual work schedule (1) ? Stored batteries in the glove compartment of your vehicle (1) ? Made a check out to ?cash? (1) ? Purchased large diameter PVC pipe (1) ? Refused change from a financial transaction (1) ? Purchased vaccines and preventative medicines (1) ? Driven by a school in a limousine (1) ? Flown a private plane over any kind of infrastructure (1) ? Flown a radio-controlled aircraft near a sports arena (1) ? Taken a photograph of a courthouse (1) Are you: ? Overly concerned about privacy (1) ? A commercial driver?s license student that appears uninterested (1) ? A panhandler or beggar (1) (2) ? A street vendor (1) ? A shoe shiner (1) ? A pregnant woman (1) ? An employee changing shifts or working irregular hours (1) ? Holding a pressure cooker in an unusual location (1) ? Unwilling to explain your financial activity (1) ? Driving to Wal-Mart (1) ? Taking a photograph of any location where there are no tourists (1) (2) From rforno at infowarrior.org Tue Jan 25 08:41:32 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 25 Jan 2011 09:41:32 -0500 Subject: [Infowarrior] - "DO NOT" Field Gorgon Stare, USAF Evaluation Says Message-ID: <41FE95D5-19EA-4D72-AC30-8A452F81AE4B@infowarrior.org> A Defense Technology Blog "DO NOT" Field Gorgon Stare, USAF Evaluation Says http://www.aviationweek.com/aw/blogs/defen Posted by Paul McLeary at 1/24/2011 2:30 PM CST Earlier this month, the Air Force's assistant deputy chief of staff for intelligence, surveillance and reconnaissance Maj. Gen. James Poss boasted to the Washington Post that the service?s new airborne surveillance tool, Gorgon Stare, ?will be looking at a whole city, so there will be no way for the adversary to know what we're looking at, and we can see everything." Mounted to unmanned Reaper UAVs, Gorgon Stare?s nine cameras?five for daylight snooping, four for nighttime operations?have been billed as the next game-changing technology in surveillance and information gathering from the sky. Despite boasts to the contrary, a document leaked by InsideDefense today reveals that Air Force testers drafted a memo dated December 30, 2010, offering a ?DO NOT field recommendation? for the system. In tests that began in October 2010, the Air Force ?evaluated the adequacy and operational effectiveness and suitability of the GS weapon system.? After conducting seven sorties totaling 64 flight hours, the team ?identified a Category I deficiency that rendered imagery unusable (excessive ?stare-point wander?).? Then in November, the Air Force began flying 20 more sorties?totaling 234 flight hours?that wrapped up on December 23rd. The overall assessment? ?The [Gorgon Stare Wide-Area Airborne Surveillance] system is not operationally effective and not operationally suitable. The GS system, as tested, has significant limitations that degrade its operational utility including deficient IR performance, numerous [remote video terminal] interoperability problems, unpredictable system reliability/stability, and lack of system documentation.? The unit doing the testing also found that the ?imagery quality is relatively poor, which yields marginal mission capability at night.? Not a good report, especially since the Air Force has been boasting about the system for some time. Expect lots more about this issue as the Air Force tries to get out in front of the story. From rforno at infowarrior.org Tue Jan 25 09:21:38 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 25 Jan 2011 10:21:38 -0500 Subject: [Infowarrior] - U.S. can't link accused Army private to Assange Message-ID: NBC: U.S. can't link accused Army private to Assange Military also denies allegations that Bradley Manning is being mistreated By Jim Miklaszewski Chief Pentagon correspondent NBC News NBC News updated 1/24/2011 7:55:01 PM ET 2011-01-25T00:55:01 http://www.msnbc.msn.com/id/41241414/ns/us_news-wikileaks_in_security/ U.S. military officials tell NBC News that investigators have been unable to make any direct connection between a jailed army private suspected with leaking secret documents and Julian Assange, founder of the whistleblowing website WikiLeaks. The officials say that while investigators have determined that Manning had allegedly unlawfully downloaded tens of thousands of documents onto his own computer and passed them to an unauthorized person, there is apparently no evidence he passed the files directly to Assange, or had any direct contact with the controversial WikiLeaks figure. Assange, an Australian national, is under house arrest at a British mansion near London, facing a Swedish warrant seeking his extradition for questioning on charges of rape. Assange has denied the allegations. WikiLeaks' release of secret diplomatic cables last year caused a diplomatic stir and laid bare some of the most sensitive U.S. dealings with governments around the world. It also prompted an American effort to stifle WikiLeaks by pressuring financial institutions to cut off the flow of money to the organization. U.S. Attorney General Eric holder has said his department is also considering whether it can prosecute the release of information under the Espionage Act. Assange told msnbc TV last month that WikiLeaks was unsure Army PFC Bradley Manning is the source for the classified documents appearing on his site. "That's not how our technology works, that's not how our organization works," Assange said. "I never heard of the name of Bradley Manning before it appeared in the media." On Monday, U.S. military officials also strongly denied allegations that Manning, being held in connection with the WikiLeaks' release of classified documents, has been "tortured" and held in "solitary confinement" without due process. The officials told NBC News, however, that a U.S. Marine commander did violate procedure when he placed Manning on "suicide watch" last week. Military officials said Brig Commander James Averhart did not have the authority to place Manning on suicide watch for two days last week, and that only medical personnel are allowed to make that call. The official said that after Manning had allegedly failed to follow orders from his Marine guards. Averhart declared Manning a "suicide risk." Manning was then placed on suicide watch, which meant he was confined to his cell, stripped of most of his clothing and deprived of his reading glasses ? anything that Manning could use to harm himself. At the urging of U.S. Army lawyers, Averhart lifted the suicide watch. U.S. Marine and Army officials say Manning is being treated like any other maximum security prisoner at Quantico, Va. He is confined to his single-person cell 23-hours per day, permitted one hour to exercise, permitted reading material and given one hour per day to watch television. Manning spends much of his day reading while sitting cross-legged on the bunk in his cell. His hour of television is spent watching the news, military officials told NBC News. Anti-war groups, a psychologist group as well as filmmaker Michael Moore and Pentagon Papers whistleblower Daniel Ellsberg have called for Bradley to be released from detention. From rforno at infowarrior.org Tue Jan 25 09:33:56 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 25 Jan 2011 10:33:56 -0500 Subject: [Infowarrior] - Jesse Ventura suing TSA Message-ID: <0E1BE8DE-9612-4F57-8CF6-0953242B7BCC@infowarrior.org> Ventura Strikes Back with Lawsuit Against TSA Alex Jones & Aaron Dykes Infowars.com January 25, 2011 http://www.infowars.com/ventura-strikes-back-with-lawsuit-against-tsa/ Former Governor Jesse Ventura has taken steps to sue the TSA and the Department of Homeland Security in a lawsuit that will take on invasive airport pat-downs. [READ LAWSUIT] Former Governor Jesse Ventura has taken steps to sue the TSA and the Department of Homeland Security, naming their chiefs John Pistole and ?Big Sis? Janet Napolitano in a lawsuit that will take on invasive airport pat-downs [READ LAWSUIT]. Ventura first told Alex Jones of his intent to sue the TSA privately back in September while traveling for the making of TruTV?s ?Conspiracy Theory,? expressing grave concern about what he viewed as his country?s transformation into East Germany. Jones recalls Ventura?s outrage at the TSA?s harassing old people in wheelchairs with the invasive new pat-down procedures. The former governor himself is routinely sent to secondary screening due to a hip replacement in 2008, and Jones witnessed him undergo repeated humiliating searches during pat-downs at the hands of TSA. Worse, at airports across the country, even those presenting medical cards describing special needs or equipment from a doctor are routinely ignored as TSA agents demand that medical patients remove urostomy bags, prosthetic breasts or that TSA be allowed to grope a pacemaker patients? breasts. ?That?s why I want to leave the United States,? Ventura had told Jones at the time. ?This is why I go down to Mexico? this is wrong.? Ventura indicated that he was most concerned about the destruction of the 4th Amendment and passing of the America he once knew. Ventura filed his lawsuit Monday, January 24, 2011 in Minnesota and news reports have named David Olsen as his lawyer. The former governor has indicated that his suit will include violations of the Americans with Disabilities Act and the 4th Amendment, arguing that he and others with disabilities have been discriminated against and unduly singled out by TSA despite presenting no threat and warranting no reason for lawful search. Further, Ventura has argued that his ability to travel freely has been infringed, hampering his ability to work. In November 2010, Ventura vowed on the Alex Jones Show that he would never again fly on commercial aircraft so long as current TSA policies remain in place. ?It probably means an end to my career,? Ventura lamented on Jones? program. As The Drudge Report exposed months ago, Ventura has been groped during TSA pat-downs and is uncomfortable with the invasion of privacy, as well as the abuse of government power. Now, KSTP in Minnesota is reporting that: ?Ventura accuses the agencies of violating his ?basic rights to privacy and dignity, and his right to be free from unreasonable searches and seizures?.? [...] ?Ventura.. alleges the pat-down included ?warrantless, non-suspicion-based offensive touching, gripping and rubbing of the genital and other sensitive areas of his body,? which, the lawsuit contends, met ?the definition for an unlawful sexual assault?.? < -- > From rforno at infowarrior.org Tue Jan 25 11:12:21 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 25 Jan 2011 12:12:21 -0500 Subject: [Infowarrior] - Computer Code an Increasingly Precious E.V. Commodity Message-ID: <82542A6D-71CD-460A-A935-0845BB48CB89@infowarrior.org> (c/o Anonymous) January 21, 2011 Computer Code an Increasingly Precious E.V. Commodity http://www.nytimes.com/2011/01/23/automobiles/23SPIES.html?pagewanted=print By LINDSAY BROOKE BATTLES over the ownership of innovations and product designs have raged in the auto industry since the first horseless carriages sputtered out of inventors? garages. In 1911, Henry Ford won a highly publicized eight-year court battle with George Selden, who tried to patent the automobile even though he had never sold one. Subsequent disputes have kept lawyers busy for a century. While the court actions once related mostly to hardware ? a new wrinkle in carburetors or a better method to stamp fenders, perhaps ? the advent of electrified vehicles is changing the game. Valuable trade secrets now lie in the electronic controls that regulate the operation of motors, generators and batteries, in that shifting territory known as intellectual property. That shift in the qualities that define a competitive advantage for hybrid and electric vehicles was underscored last week by the firing of three top Renault executives amid accusations that they had passed information to a ?an organized international network.? While the French carmaker, which has a partnership with Nissan, maker of the Leaf, has said no crucial technology leaked, the stakes in automotive intellectual property are high, experts say. And the valuables are not blueprints or styling sketches, but the huge volume of computer instructions required by these cars: the Chevrolet Volt plug-in hybrid uses about 10 million lines of computer code to shunt power seamlessly among the car?s battery pack, power inverter, drive motor, gas engine, generator and other subsystems. By comparison, Boeing?s new 787 Dreamliner relies on a mere eight million lines of code. Automakers therefore view leadership in control software as strategically vital, said Eric Fedewa, head of powertrain forecasting at IHS Automotive, a consulting firm based in Englewood, Colo. ?The next generation of vehicle propulsion is going to be very tightly integrated into the other electronic capabilities of the vehicle,? he said. Because of this, ?the strategic importance of controllers and code is going to expand exponentially.? Electronic-control I.P. already accounts for a sizable portion of United States patent applications related to E.V.?s and hybrids; Toyota has applied for more than 1,000 patents related to its current-generation Prius. Other automakers and their suppliers are similarly raising their game in creating and protecting their electric-car I.P. ?It?s a little like the wild, wild West right now,? said Jon Lauckner, president of General Motors Ventures, the automaker?s new venture capital group. As an engineer who helped to conceive the Volt?s propulsion system, Mr. Lauckner says he believes the battle for electric-vehicle I.P. will only get more bare-knuckled in the next decade. ?I think the ball is up in the air regarding who has the intellectual property to actually take leadership,? he said. ?When you talk about electrically driven vehicles, the 100 years of I.P. that came before is largely useless. Unless you possess a certain level of expertise in storage devices, power electronics and motors, you won?t control your own destiny. ?Once you decide to buy advanced technology I.P. from somebody else,? Mr. Lauckner added, ?you?re going to buy it forever.? From rforno at infowarrior.org Tue Jan 25 15:43:15 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 25 Jan 2011 16:43:15 -0500 Subject: [Infowarrior] - Why Twitter is mum on alleged Egypt block Message-ID: <8870B412-32BD-4C8F-ADC6-8D0689E82FB2@infowarrior.org> Why Twitter is mum on alleged Egypt block by Caroline McCarthy http://news.cnet.com/8301-13577_3-20029507-36.html?part=rss&subj=news&tag=2547-1_3-0-20 As fierce anti-government protests in the Egyptian capital of Cairo began to escalate, word broke out this morning that government forces had blocked access to Twitter's Web site. Twitter users throughout the country reported that they could not access the Twitter.com Web site, though third-party clients were still functioning. But when CNET contacted Twitter for comment to find out whether they could say if Twitter was blocked in Egypt, no statement was provided--just a link to an evidently new Twitter account, @TwitterGlobalPR, which in turn directed those interested in finding out about an alleged block to consult a site called HerdictWeb. HerdictWeb, run by Harvard University's Berkman Center for Internet and Society under the auspices of digital academic Jonathan Zittrain, keeps a crowd-sourced log of reports about which sites are inaccessible in which countries. According to HerdictWeb around 11 a.m. PT on today, seven reports of Twitter inaccessibility in Egypt had been logged. The @TwitterGlobalPR account, which seems to have been freshly launched on Tuesday, explained more later in the day. "We're not the experts on how Twitter is being used in highly developing situations 1000s of miles from our comfortable HQ in SF," it explained. "The experts are those using Twitter on the ground and those coordinating with them around the world." Mark Belinsky, the co-director of the nonprofit Digital Democracy, told CNET that Twitter's reluctance to say anything more is probably because Twitter indeed does not know for sure what the situation is. "Egypt is going wild and I'm not sure we'll really have a sense of it until the dust clears," Belinsky said via e-mail. "Hard to say whether or not it's just getting overloaded though...(physically severing) Internet was done in Burma after a while but it usually leads to international uproar. What they generally do is slow down the signal to a crawl, as they did in Iran, which they can then say was infrastructure failure or any other made up excuse." Belinsky, who with Digital Democracy works to bring social media and other new tools to underserved populations, said that an outright block is uncharacteristic of Egypt's government, which has been ruled by President Hosni Mubarak for the past three decades. If it's indeed true, that means that the protests against Mubarak's reign are being taken particularly seriously. "It would be an interesting and desperate move for Egypt because their state security apparatus has been very good at infiltrating communication instead of blocking it," Belinsky explained. "They go so far as to ask for the passwords to the e-mail accounts of dissidents and log-ins for their Web sites instead of censoring them. There are some tech-savvy youth there, hence tweeting through proxies as soon as they encounter some difficulties. But after a critical mass, organizing is done more on the streets than online and the authorities already know the details about who the key organizers are in the crowd." In 2008, when Egyptian youth used Facebook to organize a rally of support for striking textile workers, police cracked down on the in-person gathering but access to Facebook in Egypt was not cut off despite rumors that year that the government was looking to encroach upon use of the social network. From rforno at infowarrior.org Tue Jan 25 16:48:22 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 25 Jan 2011 17:48:22 -0500 Subject: [Infowarrior] - USG financial crisis panel confirms the obvious Message-ID: <62E2AA9B-8DD8-4AA3-AEDF-03EF8951B77F@infowarrior.org> January 25, 2011 Financial Meltdown Was ?Avoidable,? Inquiry Concludes By SEWELL CHAN http://www.nytimes.com/2011/01/26/business/economy/26inquiry.html?_r=1&hp=&pagewanted=print WASHINGTON ? The 2008 financial crisis was an ?avoidable? disaster caused by widespread failures in government regulation, corporate mismanagement and heedless risk-taking by Wall Street, according to the conclusions of a Congressional inquiry. The government commission that investigated the financial crisis casts a wide net of blame, faulting two administrations, the Federal Reserve and other regulators for permitting a calamitous concoction: shoddy mortgage lending, the excessive packaging and sale of loans to investors, and risky bets on securities backed by the loans. ?The greatest tragedy would be to accept the refrain that no one could have seen this coming and thus nothing could have been done,? the panel wrote in the report?s conclusions, which were examined by The New York Times. ?If we accept this notion, it will happen again.? While the panel, the Financial Crisis Inquiry Commission, accuses several financial institutions of greed, ineptitude, or both, some of its most grave conclusions concern government failings, with embarrassing implications for both political parties. Many of the findings have been widely described, but its synthesis of interviews, documents and testimony, along with its government imprimatur, give it a sweep and authority that the commission hopes will shape the public consciousness. The full report is expected to be released as a 576-page book on Thursday. When the bipartisan commission was set up in May of 2009, the intent of Congress and the president was to produce a comprehensive examination of the causes of the crisis. The report, aimed at a broad audience, was based on 19 days of hearings as well as interviews with more than 700 witnesses; the commission has pledged to release a trove of transcripts and other raw material online. The document is intended to be the definitive account of the crisis?s causes, but its authors may already have failed in achieving that aim. Of the 10 commission members, only the 6 appointed by Democrats endorsed the final report. Three Republican members have prepared a dissent; a fourth Republican, Peter J. Wallison, a former Treasury official and White House counsel to President Ronald Reagan, has written a dissent, calling government policies to promote homeownership the primary culprit for the crisis. The report itself finds fault with two Fed chairmen: Alan Greenspan, a skeptic of regulation who led the central bank as the housing bubble expanded, and his successor, Ben S. Bernanke, who did not foresee the crisis but then played a crucial role in the response. It criticizes Mr. Greenspan for advocating financial deregulation and cites a ?pivotal failure to stem the flow of toxic mortgages? under his leadership as ?the prime example? of government negligence. It also criticizes the Bush administration?s ?inconsistent response? to the crisis ? allowing Lehman Brothers to go bankrupt in September 2008, for example, after earlier bailing out another bank, Bear Stearns, with help from the Fed ? ?added to the uncertainty and panic in the financial markets.? Like Mr. Bernanke, Mr. Bush?s Treasury secretary, Henry M. Paulson Jr., predicted in 2007 ? wrongly it turned out ? that the subprime meltdown would be contained, as the report notes. Democrats also come under fire. The 2000 decision to shield over-the-counter derivatives from regulation, made during the last year of President Bill Clinton?s term is called ?a key turning point in the march toward the financial crisis.? Timothy F. Geithner, who was president of the Federal Reserve Bank of New York during the crisis and is now President Obama?s Treasury secretary, also comes under criticism; the report finds that the New York Fed ?could have clamped down? on excesses by Citigroup in the lead-up to the crisis and, just a month before Lehman?s collapse, was ?still seeking information? on the vulnerabilities from Lehman?s exposure to more than 900,000 derivatives contracts. Former and current officials named in the report, as well as financial institutions, declined on Tuesday to comment on the report before it was released , or did not respond to requests for comment. The report will probably reignite debate over the outsize influence of Wall Street; it says that regulators ?lacked the political will? to scrutinize and hold accountable the institutions they were supposed to oversee. The financial sector spent $2.7 billion on lobbying from 1999 to 2008, while individuals and committees affiliated with the industry made more than $1 billion in campaign contributions. The report does knock down ? at least partly ? several early theories for the financial crisis. It says the low interest rates brought about by the Fed after the 2001 recession ?created increased risks? but were not chiefly to blame. It says that Fannie Mae and Freddie Mac, the mortgage finance giants, ?contributed to the crisis but were not a primary cause.? And in a finding likely to upset conservatives, it says that ?aggressive homeownership goals? set by the government as part of a ?philosophy of opportunity? were not major culprits. On the other hand, the report is unsparing in its treatment of regulators. It finds that the Securities and Exchange Commission failed to require big banks to hold more capital to cushion losses and halt risky practices, and that the Fed ?neglected its mission? to protect the public. It says that the Office of the Comptroller of the Currency, which regulates national banks, and the Office of Thrift Supervision, which oversees savings-and-loans, blocked state regulators from reining in lending abuses because they were ?caught up in turf wars.? ?The crisis was the result of human action and inaction, not of Mother Nature or computer models gone haywire,? the report states. ?The captains of finance and the public stewards of our financial system ignored warnings and failed to question, understand and manage evolving risks within a system essential to the well-being of the American public. Theirs was a big miss, not a stumble.? Portions of the dissents are also included in the report, which is being published as a paperback book (with a cover price of $14.99) by PublicAffairs, along with an official version by the Government Printing Office. The commission?s chairman, Phil Angelides, a Democrat and former California state treasurer, has tried to keep the book under wraps, even directing the publisher to prevent bookstores from getting it before the eve of the Thursday release. He declined to comment. The report?s immediate implications may be felt more in the political realm than in public policy. The Dodd-Frank law overhauling the regulation of Wall Street, signed in July, takes as its premise the same regulatory deficiencies cited by the commission. But the report is sure to factor in the debate over the future of Fannie Mae and Freddie Mac, which have been government-run since 2008. Though the report documents questionable practices by mortgage lenders and careless betting by banks, one striking finding is its portrayal of bumbling incompetence, among corporate chieftains. It quotes Citigroup executives admitting that they paid little attention to the risks associated with mortgage securities. Executives at the American International Group, another bailout recipient, were found to be blind to its $79 billion exposure to credit default swaps, a kind of insurance that was sold to investors seeking protection against a drop in the value of securities backed by risky home loans. At Merrill Lynch, top managers were caught unaware when seemingly secure mortgage investments suddenly resulted in billions of dollars in losses. By one measure, the nation?s five largest investment banks had only $1 in capital to cover losses for about every $40 in assets, meaning that a 3 percent drop in asset values could wipe out the firm. The banks hid their excessive leverage using derivatives, off-balance-sheet entities and other devices, the report found. The speculative binge was abetted by a giant ?shadow banking system? in which the banks relied heavily on short-term debt. ?When the housing and mortgage markets cratered, the lack of transparency, the extraordinary debt loads, the short-term loans and the risky assets all came home to roost,? the report found. ?What resulted was panic. We had reaped what we had sown.? The report is dotted with literary flourishes. It calls credit-rating agencies ?cogs in the wheel of financial destruction.? Paraphrasing Shakespeare?s Julius Caesar, it states, ?The fault lies not in the stars, but in us.? Of the banks that bought created, packaged and sold trillions of dollars in mortgage-related securities, it says: ?Like Icarus, they never feared flying ever closer to the sun.? From rforno at infowarrior.org Wed Jan 26 09:13:23 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 26 Jan 2011 10:13:23 -0500 Subject: [Infowarrior] - Facebook Friends Used in Ads Message-ID: <03412618-B8C4-4052-829F-756A5923410D@infowarrior.org> Facebook Friends Used in Ads By GEOFFREY A. FOWLER http://online.wsj.com/article/SB10001424052748704013604576104532107484922.html Some of what Facebook Inc. users post to the social network will soon start showing up in ads aimed at their friends. The company, as part of an effort dubbed "sponsored stories," plans to allow advertisers to buy and re-publish Facebook messages that users voluntarily post about brands?such as a check-in at a local coffee shop or a product on a shopping site for which a user clicks the site's "like" button. Facebook, looking to develop revenue streams beyond advertising, will require all game developers to use its in-house Credits payment system. Geoffrey Fowler joins Digits to discuss. Plus: your Facebook 'Likes' as paid ads? The sponsored stories are exact copies of the likes, comments and location check-ins that users already post to their own walls, and already show up in their friends' home page news feeds. The difference is that sponsored posts will get plucked out and posted again on the top right-hand column of the home page next to other ads. Sponsoring a post increases the chance friends will notice it, since new postings in the news feed push others down and off the page. The user's name and photo appears in the ad. Facebook said the sponsored stories are all labeled as such. Users won't get any special notification that their posts have been sponsored and used as ads, and there's no option for users to opt out of the service. Jim Squires, a lead on Facebook's product marketing team, said Facebook would ensure that it obeys all privacy and sharing settings?so a sponsored story would only show up to users that were supposed to see the original post. Since users are in control of what they post to their friends, the fact that some posts are sponsored doesn't change that dynamic, he argued. "Currently, marketers don't have the ability to know or plan word-of-mouth endorsements as part of their campaigns," Mr. Squires said. "This gives a way for marketers to increase the visibility of stories about their organization? "this is word-of-mouth marketing at scale." Facebook has been testing the ad format for three months, and it is launching with brands including Coca-Cola, Levis and Unicef. Mr. Squires said the service is good for both advertisers and users. Facebook's tests found it was a "very positive thing for users," he said. Facebook's tests have found that users get more out of hearing about products their friends are interested in than they do out of generic banner ads. Advertisers won't get the chance to edit users' posts before they show up, though they can be flagged for offensive content. While a check-in or post could ostensibly include a bad review of a company, Facebook says the vast majority of posts are positive. Michael Lazerow, the CEO of Facebook marketing firm Buddy Media said the new ad format is a "very big deal." "When you see your friends in anything, you are going to be drawn there," he said. Several of his clients have already signed up, he said, because they're looking for ways to "turn up the volume" of their word-of-mouth marketing efforts on Facebook. Read more: http://online.wsj.com/article/SB10001424052748704013604576104532107484922.html#ixzz1C9e8ELcw From rforno at infowarrior.org Wed Jan 26 09:16:27 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 26 Jan 2011 10:16:27 -0500 Subject: [Infowarrior] - State of The Web (Winter 2010) Message-ID: <0488ECA6-5233-4F87-BD7C-2A9FA0AF3494@infowarrior.org> .... as described by The Oatmeal. ;) http://theoatmeal.com/comics/state_web_winter From rforno at infowarrior.org Wed Jan 26 16:38:07 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 26 Jan 2011 17:38:07 -0500 Subject: [Infowarrior] - Google Starts Censoring BitTorrent, RapidShare and More Message-ID: Google Starts Censoring BitTorrent, RapidShare and More ? Ernesto ? 26/01/2011 http://torrentfreak.com/google-starts-censoring-bittorrent-rapidshare-and-more-110126 It?s taken a while, but Google has finally caved in to pressure from the entertainment industries including the MPAA and RIAA. The search engine now actively censors terms including BitTorrent, torrent, utorrent, RapidShare and Megaupload from its instant and autocomplete services. The reactions from affected companies and services are not mild, with BitTorrent Inc., RapidShare and Vodo all speaking out against this act of commercial censorship. The entertainment industries? quest to root out piracy on the Internet has yet again resulted in commercial censorship. A few weeks ago Google announced that it would start filtering ?piracy related? terms from its ?Autocomplete? and ?Instant? services and today they quietly rolled out this questionable feature. Without a public notice Google has compiled a seemingly arbitrary list of keywords for which auto-complete is no longer available. Although the impact of this decision does not currently affect full search results, it does send out a strong signal that Google is willing to censor its services proactively, and to an extent that is far greater than many expected. Among the list of forbidden keywords are ?uTorrent?, a hugely popular piece of entirely legal software and ?BitTorrent?, a file transfer protocol and the name of San Fransisco based company BitTorrent Inc. As of today, these keywords will no longer be suggested by Google when you type in the first letter, nor will they show up in Google Instant. All combinations of the word ?torrent? are also completely banned. This means that ?Ubuntu torrent? will not be suggested as a user types in Ubuntu, and the same happens to every other combination ending in the word torrent. This of course includes the titles of popular films and music albums, which is the purpose of Google?s banlist. TorrentFreak contacted BitTorrent Inc. for a reaction, and Simon Morris told TorrentFreak that he believes the scope of this filter is too broad. ?We respect Google?s right to determine algorithms to deliver appropriate search results to user requests. That being said, our company?s trademarked name is fairly unique, and we?re pretty confident that anyone typing the first six or seven letters deserves the same easy access to results as with any other company search,? Morris said. ?A quick search for ?BitTorrent? currently returns a variety of legitimate and useful links, including company information, our software, our open-source protocol, and more. What Google may not realize is that our technology is used for many purposes that provide significant value to the technology industry, companies, artists and consumers at large,? he added. Google?s new ?Piracy? filter What is most surprising about the new filter is that the keywords appear to be picked arbitrarily. It includes BitTorrent clients such as uTorrent and Xunlei, but not BitComet and Vuze. While cyberlockers such as RapidShare and Megaupload are banned, prominent sites such as 4shared, HotFile and MediaFire are not. In addition, all the names of popular torrent sites including The Pirate Bay are not included in Google?s banlist either. BitTorrent?s Simon Morris agrees that this is odd, to say the least. ?There?s no reason for Google to throttle search results for our trademarks, including BitTorrent, ?Torrent and torrent. Indeed, they do still enable autocomplete for many third-party clients that use the BitTorrent protocol, including BitComet, BitLord, and even sites like The Pirate Bay and Isohunt.? Morris further points out that the inclusion of Xunlei is a little hypocritical since Google is one of the investors in the Chinese BitTorrent client. ?We?d also like to point out that while Google doesn?t enable autocomplete for Xunlei (China?s largest software client that uses the BitTorrent protocol) Google did invest $5 million in the company in 2006, according to reports,? Morris says, adding, ?We sincerely hope Google will recognize the value of BitTorrent and reevaluate this decision expeditiously.? RapidShare is not pleased with Google?s new filter either, at least not with its current scope in today?s roll-out. ?We knew about Google?s plans for quite a few weeks now. We embrace that certain search suggestions will not put a wrong complexion on RapidShare anymore, but we are concerned that at the same time the legitimate interests of our users will also be affected. We believe it was the wrong decision to remove the term ?RapidShare? from the search suggestions,? RapidShare told TorrentFreak. ?RapidShare is one of the most popular websites worldwide. Every day hundreds of thousands of users rely on our services to pursue their perfectly legitimate interests. That is why Google has obviously gone too far with censoring the results of its suggest algorithm. A search engine?s results should reflect the users? interests and not Google?s or anybody else?s,? the company added. Indeed, RapidShare has certainly touched a nerve here. It is clear that this filter is the result of pressure from the entertainment industries, which is not at all in the interests of users. Now that Google has begun proactively censoring their services for commercial reasons, more companies will demand the same. At the same time, the entertainment industries will continue to pressure Google to go even further, and censor the actual search results. Apparently Google has decided that its users should not be searching for the keyword BitTorrent, so why list any results then? It?s the beginning of the end. Jamie King, the founder of Vodo ? a platform where artists can share their work with million of people at no cost ? agrees with this assessment. Searching for one of their perfectly legal releases on Google used to suggest the word ?torrent? with a link to the download page, but not anymore. ?Google already showed it will censor for the highest bidder ? China Inc. springs to mind. Now it?s doing it for MPAA & Co.,? King told TorrentFreak. ?I guess it?s simple: our favorite search monopoly cares less about helping the thousands of independent creators who use BitTorrent to distribute legal, free-to-share content than they do about protecting the interests of Big Media in its death throes.? Indeed, Google is going down the wrong path by willingly and broadly censoring its services to please a few big companies. This is not the way to get rid of piracy, it?s the way to a corporate controlled Internet. Google may have been proud to leave China because of its political censorship, but it should be ashamed of promoting commercial censorship worldwide. From rforno at infowarrior.org Wed Jan 26 20:33:10 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 26 Jan 2011 21:33:10 -0500 Subject: [Infowarrior] - Color-coded terror warnings to be gone by April 27 Message-ID: <2F7B3702-F21B-49B1-A2C5-E3C4C95793F1@infowarrior.org> Color-coded terror warnings to be gone by April 27 By EILEEN SULLIVAN The Associated Press Wednesday, January 26, 2011; 5:39 PM http://www.washingtonpost.com/wp-dyn/content/article/2011/01/26/AR2011012604998_pf.html WASHINGTON -- By the end of April, terror threats to the U.S. will no longer be described in shades of green, blue, yellow, orange and red, The Associated Press has learned. The nation's color-coded terror warning system will be phased out beginning this week, according to government officials familiar with the plan. The officials requested anonymity to speak ahead of an announcement scheduled Thursday by Homeland Security Secretary Janet Napolitano. The Homeland Security Department and other government agencies have been reviewing the Homeland Security Advisory System's usefulness for more than a year. One of the most notable changes to come: The public will no longer hear automated recordings at U.S. airports stating that the threat level is orange. The Obama administration will take the next three months to roll out a replacement, which will be called the National Terrorism Advisory System. The new plan calls for notifying specific audiences about specific threats. In some cases, it might be a one-page threat description sent to law enforcement officials describing the threat, what law enforcement needs to do about it and what the federal government is doing, one of the officials said. When agency officials think there is a threat the public should know about, they will issue an announcement and rely on news organizations and social media outlets to get the word out. Rep. Peter King, R-N.Y., the chairman of the House Homeland Security Committee, said the old threat system served a valuable purpose in the aftermath of the terrorist attacks of Sept. 11, 2001, but that a more targeted system was needed. "It sounds to me like the changes they are proposing make sense," King said in a statement. "We will have to wait and see how they implement this new, more targeted system. I expect the biggest challenge for DHS will be balancing the need to provide useful and timely information with the need to protect sensitive information." The five-tiered, color-coded terror warning system, created after the Sept. 11 attacks, was one of the Bush administration's most visible anti-terrorism programs. Criticized as too vague to be useful in communicating the terror threat to the public, it quickly became the butt of late-night talk show jokes. The government hasn't made changes in the colored alert levels since 2006, despite an uptick in attempted attacks against the U.S. However, the government has changed security protocols since then based on threats. For example, new airport security measures were introduced after an effort to bring down a Detroit-bound jetliner on Christmas Day 2009. "The old Bush color-coded system taught Americans to be scared, not prepared," said Rep. Bennie Thompson, D-Miss., the top Democrat on the House Homeland Security Committee. "Each and every time the threat level was raised, very rarely did the public know the reason, how to proceed, or for how long to be on alert." Under that system, green, at the bottom, signals a low danger of attack; blue signals a general risk; yellow, a significant risk; orange, a high risk, and red, at the top, warns of a severe threat. Since the outset, the nation has never been below the third threat level, yellow - an elevated or significant risk of terrorist attack. The use of colors emerged from a desire to clarify the nonspecific threat information that intelligence officials were receiving after the 2001 attacks. ? 2011 The Associated Press From rforno at infowarrior.org Thu Jan 27 08:04:37 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 27 Jan 2011 09:04:37 -0500 Subject: [Infowarrior] - US cyberwar firing range to demo by July Message-ID: <54A64524-2FE4-46EA-9A80-741E4F0B7ACA@infowarrior.org> US cyberwar firing range to demo by July http://www.theregister.co.uk/2011/01/26/cyber_range_demo_date_set/ Weapons-grade warez to hammer 'replicant' sim-people By Lewis Page ? Get more from this author Posted in Science, 26th January 2011 12:21 GMT DARPA has announced that its planned "National Cyber Range" ? an artificial, sealed-off internet inhabited by simulated nodes, computers, sysadmins, users etc in which the USA can test-fire cyber weapons and practice cyber combat ? is to reach demonstration status by July this year. Lockheed Martin, working on the Range on behalf of the military warboffins, yesterday received an additional $7,360,467 modification to a $30.8m Phase II contract announced last January. According to the contract modification notice: At the completion of the revised Phase II program, the contractor will demonstrate the capabilities of the flexible automated Cyber Test Range NCR ... The work is expected to be completed July 7, 2011. DARPA has previously specified that the Cyber Range is to be able to simulate a network on the same scale as the internet or the US military's Global Information Grid. In addition to the various kinds of machinery, the Range will also be populated by software "replicants" playing the part of human users, admins and other people whose actions would register on the network. The replicants' behaviour is to be affected realistically as the frightful code bombs and cyber missiles of tomorrow devastate their peaceful world, so modelling the war-warez' effects accurately. The Range, like many meatspace military firing ranges, will be more than just a weapons test facility: it will also be used to train combatants as though in live-fire exercises. America's combat geeks, packing the bleeding-edge products of "technology thrusts [and] classified cyber programs" will tangle with the shadowy OpFor (Opposing Forces), who will be tooled up with weapons-grade, "nation-state quality" network weaponry of their own. Presumably the experience of being a hapless replicant bystander ground between the millstones of the US cyber war machine and the OpFor would be an unpleasant one, if software people were capable of actually feeling fear or stress ? rather than merely simulating their effects accurately. Similar pocket-universe cybergeddon sims are set to be unleashed in Blighty: the UK has a cyber range project too, being set up near Portsmouth by BT and the British tentacle of US defence mammoth Northrop Grumman. ? From rforno at infowarrior.org Thu Jan 27 08:26:29 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 27 Jan 2011 09:26:29 -0500 Subject: [Infowarrior] - Assange to Appear on "60 Minutes" Sunday Message-ID: <57DA6DA2-B42A-40F4-B968-E8E482B81CF3@infowarrior.org> Julian Assange to Appear on "60 Minutes" Sunday Steve Kroft Interviews the Controversial Founder of WikiLeaks http://www.cbsnews.com/stories/2011/01/26/60minutes/main7286686.shtml (CBS) Julian Assange, the controversial founder of WikiLeaks, has given a lengthy interview to Steve Kroft for a segment to be broadcast on "60 Minutes" this Sunday, Jan. 30, at 7 p.m. ET/PT. Kroft spent two days with Assange on the grounds of the private residence in England where he is under house arrest as he fights attempts to extradite him to Sweden to answer allegations of sexual assault. Assange raised a huge furor by publicizing confidential and secret information on his WikiLeaks Web site allegedly given to him by a U.S. soldier. In the interview, he discusses the United States' attempts to indict him on criminal charges and the torrent of criticism directed at him. He also talks about his itinerant childhood in Australia and his introduction to the world of computers at the age of 13. From rforno at infowarrior.org Thu Jan 27 18:15:58 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 27 Jan 2011 19:15:58 -0500 Subject: [Infowarrior] - Egypt internet disrupted, SMS down Message-ID: Egypt internet disrupted, SMS down January 28, 2011 - 11:05AM http://news.theage.com.au/breaking-news-technology/egypt-internet-disrupted-sms-down-20110128-1a7j4.html Internet service was disrupted in Egypt early Friday as cell phone text messaging appeared to be down, hours before activists who used both to organise large anti-government protests planned further actions. The interior ministry had said in a statement late Thursday it would take "decisive measures" against dissidents who planned protests after Friday noon prayers, saying the activists "sent messages to citizens to gather in a number of mosques in the provinces during Friday prayers." Tens of thousands protested around the country on Tuesday in the largest anti-government demonstrations in decades. Advertisement: Story continues below The protests continued on Wednesday and Thursday, killing five demonstrators and two policemen in clashes. Mobile phone services went down on Tuesday in a downtown Cairo area where most of the protesters were gathered, and the social networking site Twitter said its services were also blocked that day. In Cairo, internet users said they could not access the web, with some saying access was slow and intermittent, starting late Thursday. Text messaging was also unavailable. ? 2011 AFP From rforno at infowarrior.org Thu Jan 27 18:43:39 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 27 Jan 2011 19:43:39 -0500 Subject: [Infowarrior] - Cybersecurity: A Priority or Passing Fad? Message-ID: Cybersecurity: A Priority or Passing Fad? By Jessica Herrera-Flanigan 01/27/11 12:30 pm ET http://cybersecurityreport.nextgov.com/2011/01/cybersecurity_a_priority_or_passing_fad.php The 112th Congress, by all accounts, will be a busy one on the cybersecurity front. Both the House and the Senate have taken actions to suggest that Congress intends to be active legislatively, though likely in very different ways. This week, several Democrats introduced S. 21, "Cyber Security and American Cyber Competitiveness Act of 2011." The bill is a series of findings, coupled with a sense of Congress, that places a marker for a future comprehensive bill. The senators called for bipartisan legislation that address the following issues: 1) U.S. government communications and IT network security 2) Incentives for the private sector 3) Investment in the IT sector 4) Development of risk analysis and response capabilities 5) Data breach protections 6) International response to cybersecurity issues 7) Critical infrastructure protection, in particular the electric grid, military assets, financial sector, and telecommunications network 8) Cybercrime investigation and prosecution 9) Privacy protections Many of these issues were addressed in bills introduced or supported by the various committee chairs during the last Congress. It is expected that many of these bills will be merged into one, continuing the efforts begun last year to merge the Rockefeller-Snowe and Lieberman-Collins cybersecurity bills. Interestingly, even though Sens. Feinstein and Levin, chairs of the Intelligence and Armed Services Committees, respectively, co-sponsored S. 21, the findings and Sense of Congress do not appear to address the military and intelligence aspects of cybersecurity. This exclusion begs the question on whether efforts by the Defense Department and the intelligence agencies to lead on cybersecurity will prevail in the long term. In the House, Speaker Boehner appointed Rep. Mac Thornberry in late December to lead a House initiative on cybersecurity. Thornberry, who is also Vice-Chairman of the Armed Services Committee, is one of the most knowledgeable members on the issue. In 2003-2004, he served as the chairman of the House Homeland Security Committee Subcommittee on Cybersecurity, Science, and Research and Development, where he, with his Ranking Member Zoe Lofgren, spent a significant amount of time collaborating with the private sector and examining how to strengthen cybersecurity efforts. His experience on the Intelligence, Armed Services, and Homeland Security Committees should mean that he brings a balanced perspective to addressing the cybersecurity challenges. While Thornberry has not announced how the House will proceed on cybersecurity, it is largely expected that it will tackle the issue in smaller pieces of legislation. The maze of committees with jurisdiction over the issue, as well as the potential conflict between those committees, may make it more difficult to resolve jurisdictional issues in the way that the Senate has. It is not impossible, just a significant lift, if anything is to get done this Congress. I would expect the various likely committees with interests -- Homeland Security, Armed Services, Intelligence, Science & Technology, Energy & Commerce, and Government Reform -- may likely move smaller bills that address issues within their jurisdiction. However, the House is still in the early stages of its cyber efforts so this prediction may change. What is clear is that Congress is intent on doing something on cybersecurity during the 112th. In the past, we have seen congressional interest ebb and flow, but this time it feels different. Maybe it is because businesses are more focused on the subject, with more entities offering services and products to address the issue. Maybe it is because the press has focused on it more, as threats against the electric grid and WikiLeaks has put the topic front and center. Or perhaps, momentum is building behind the proliferation of smartphones, networked devices, and Internet services that has made security online so prominent. From rforno at infowarrior.org Fri Jan 28 06:34:33 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 28 Jan 2011 07:34:33 -0500 Subject: [Infowarrior] - Vodafone: Egypt orders cell phone service stopped Message-ID: http://www.jpost.com/Headlines/Article.aspx?id=205636 Fri, Jan 28, 2011 23 Shevat, 5771 Vodafone: Egypt orders cell phone service stopped By ASSOCIATED PRESS 01/28/2011 14:26 LONDON ? Telecoms company Vodafone on Friday said the Egyptian government ordered all mobile telephone operators to suspend services "in selected areas" of the country. In a statement, the company said that "under Egyptian legislation the authorities have the right to issue such an order and we are obliged to comply with it." Britain-based Vodafone Group PLC company said Egyptian authorities "will be clarifying the situation in due course." Internet communications in Egypt also have been disrupted Friday as demonstrators stage a day of protests against the government of President Hosni Mubarak. From rforno at infowarrior.org Fri Jan 28 06:34:47 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 28 Jan 2011 07:34:47 -0500 Subject: [Infowarrior] - Egypt Leaves the Internet too Message-ID: <0A63CBBD-C2C3-4E2F-B790-E3FEC091A29A@infowarrior.org> Egypt Leaves the Internet By James Cowie on January 27, 2011 7:56 PM | 74 Comments | 9 TrackBacks http://www.renesys.com/blog/2011/01/egypt-leaves-the-internet.shtml Confirming what a few have reported this evening: in an action unprecedented in Internet history, the Egyptian government appears to have ordered service providers to shut down all international connections to the Internet. Critical European-Asian fiber-optic routes through Egypt appear to be unaffected for now. But every Egyptian provider, every business, bank, Internet cafe, website, school, embassy, and government office that relied on the big four Egyptian ISPs for their Internet connectivity is now cut off from the rest of the world. Link Egypt, Vodafone/Raya, Telecom Egypt, Etisalat Misr, and all their customers and partners are, for the moment, off the air. < cnart > At 22:34 UTC (00:34am local time), Renesys observed the virtually simultaneous withdrawal of all routes to Egyptian networks in the Internet's global routing table. Approximately 3,500 individual BGP routes were withdrawn, leaving no valid paths by which the rest of the world could continue to exchange Internet traffic with Egypt's service providers. Virtually all of Egypt's Internet addresses are now unreachable, worldwide. This is a completely different situation from the modest Internet manipulation that took place in Tunisia, where specific routes were blocked, or Iran, where the Internet stayed up in a rate-limited form designed to make Internet connectivity painfully slow. The Egyptian government's actions tonight have essentially wiped their country from the global map. What happens when you disconnect a modern economy and 80,000,000 people from the Internet? What will happen tomorrow, on the streets and in the credit markets? This has never happened before, and the unknowns are piling up. We will continue to dig into the event, and will update this story as we learn more. As Friday dawns in Cairo under this unprecedented communications blackout, keep the Egyptian people in your thoughts. Update (3:06 UTC) One of the very few exceptions to this block has been Noor Group (AS20928), which still has 83 out of 83 live routes to its Egyptian customers, with inbound transit from Telecom Italia as usual. Why was Noor Group apparently unaffected by the countrywide takedown order? Unknown at this point, but we observe that the Egyptian Stock Exchange (www.egyptse.com) is still alive at a Noor address. Its DNS A records indicate that it's normally reachable at 4 different IP addresses, only one of which belongs to Noor. Internet transit path diversity is a sign of good planning by the Stock Exchange IT staff, and it appears to have paid off in this case. Did the Egyptian government leave Noor standing so that the markets could open next week? From rforno at infowarrior.org Fri Jan 28 16:52:40 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 28 Jan 2011 17:52:40 -0500 Subject: [Infowarrior] - =?windows-1252?q?ISOC_Statement_on_Egypt=92s_Inte?= =?windows-1252?q?rnet_shutdown?= Message-ID: The Internet Society on Egypt?s Internet shutdown We are following the current events in Egypt with concern as it appears that all incoming and outgoing Internet traffic has been disrupted. The Internet Society believes that the Internet is a global medium that fundamentally supports opportunity, empowerment, knowledge, growth, and freedom and that these values should never be taken away from individuals. The Internet Society considers this recent action by the Egyptian government to block Internet traffic to be an inappropriate response to a political crisis. It is a very serious decision for a government to block all Internet access in its country, and a serious intrusion into its citizens? basic rights to communicate. If the blockage continues, it will have a very detrimental impact on Egypt?s economy and society. Ultimately, the Egyptian people and nation are the ones that will suffer, while the rest of the world will be worse off with the loss of Egyptian voices on the net. However we are most concerned about the safety and security of the Egyptian people. Alongside the rest of the world, we share the hope for a positive and lasting solution to the problems that have risen to the surface there. In the longer term, we are sure that the world will learn a lesson from this very unfortunate example, and come to understand that cutting off a nation?s access to the Internet only serves to fuel dissent and does not address the underlying causes of dissatisfaction. http://isoc.org/wp/newsletter/?p=3091 From rforno at infowarrior.org Fri Jan 28 17:01:11 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 28 Jan 2011 18:01:11 -0500 Subject: [Infowarrior] - Nasdaq index quote outage leaves traders scrambling Message-ID: <9FE5C092-30A6-4DB5-AF33-3D78089B9101@infowarrior.org> Nasdaq index quote outage leaves traders scrambling http://uk.finance.yahoo.com/news/Nasdaq-index-quote-outage-reuters_molt-3925888678.html?x=0 NEW YORK (Xetra: A0DKRK - news) (Reuters) - Nasdaq (NASDAQ: news) is investigating a problem that caused quotations for its main indexes to be unavailable for about an hour, leaving investors scrambling for key decision-making data at the opening on Friday. Nasdaq OMX Group shares slid 3 percent to $24.46 (?15.44). The exchange operator has not yet said what caused the problem, which affected index quotes from 9:30 a.m. until about 10:20 a.m.. Traders were frustrated by the problems with Nasdaq, one of the U.S. stock market's two major exchanges. During the outage, traders could not see quotes for the Nasdaq composite (NASDAQ: news) and the Nasdaq 100 index . The Nasdaq said it would cancel all options trades in contracts related to the Nasdaq 100 and CBOE mini index between 9:30 a.m. and 10:25 a.m. "From an investor confidence standpoint, it's not a positive," said Michael James, senior trader at regional investment bank Wedbush Morgan in Los Angeles. "It just makes it difficult to have a true gauge on where the market is when you can't see where one of the main indices is actually pricing," he said. "It impacts people's decision-making involving ETF (exchange-traded funds) trading, certainly." About a half hour after the main indexes resumed, several sector indexes finally displayed quotes, including the much-followed semiconductor index . "It could have thrown some monkey wrenches to the arbitrage guys ... if you're relying on the indexes" for that, said Joe Saluzzi, co-manager of trading at Themis Trading in Chatham (CHTM.PK - news) , New Jersey. "This is an interconnected market. everything links together, now more than ever, with all of the super computers out there. So if you take one chain off the link, it could cause problems," he said. At Nasdaq's Times Square location in New York, the towering electronic screens gave no indication of the exchange's indexes some 45 minutes after the opening bell. Many of the screens instead showed quotes for the Dow Jones (news) industrial average . Jamie Selway, market structure expert and managing director of Investment Technology Group's New York office, said occurrences such as the Nasdaq outage are rare. "You hear about lags in calculations, including a few problems in the past decade with the Dow (NYSE: DPD - news) . In times of stress you hear about it, but I suspect this is instead due to some operational error." Individual share price quotes were not affected, and trading volume in the first half-hour was the highest this week. Nasdaq OMX (NASDAQ: NDAQ - news) said the data on World Currency Options, ETFs, the KBW (NYSE: KBW - news) bank index , the Russell 2000 , and other indexes were not impacted by the outage. (Additional reporting by Jonathan Spicer; Editing by Padraic Cassidy) From rforno at infowarrior.org Fri Jan 28 18:39:23 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 28 Jan 2011 19:39:23 -0500 Subject: [Infowarrior] - Amazon.com Security Flaw Accepts Passwords That Are Close, But Not Exact Message-ID: <7C593EA1-AA77-4236-8706-CB23AF4E9DF6@infowarrior.org> Amazon.com Security Flaw Accepts Passwords That Are Close, But Not Exact ? By Dylan Tweney ? January 28, 2011 | ? 3:56 pm | http://www.wired.com/threatlevel/2011/01/amazon-password-problem/ An Amazon.com security flaw allows some customers to log in with variations of their actual password that are close to, but not exactly, their real password. The flaw lets Amazon accept as valid some passwords that have extra characters added on after the 8th character, and also makes the password case-insensitive. For example, if your password is ?Password,? Amazon.com will also let you log in with ?PASSWORD,? ?password,? ?passwordpassword,? and ?password12345.? Wired has been able to confirm the flaw, which was first reported on Reddit. It appears to affect only older Amazon.com accounts, which have not had their passwords changed in the past several years. Amazon did not respond to a request for comment. Observers on Reddit speculate that Amazon was using the unix crypt() function to encrypt older passwords, in addition to converting them to uppercase, before storing them in its servers. While encrypting stored passwords is a wise idea, crypt() truncates longer passwords, discarding anything after the 8th character. (It?s also relatively easy to crack, as Gawker Media recently found out when its crypt()-encrypted database of user passwords was published by hackers.)1 Since newer passwords are not affected by the flaw, Amazon appears to have corrected the problem for new passwords ? but without updating the older, stored passwords. The fix is straightforward for those with older passwords: Simply log on to Amazon.com, and change your password. You can even then change your new password back to your old password, and you?ll magically be safer than you were before. 1This story originally misstated Gawker?s password security scheme. In fact, its passwords were stored using the same crypt() function mentioned in this story, and were only published after being decrypted by hackers. From rforno at infowarrior.org Sat Jan 29 14:09:33 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 29 Jan 2011 15:09:33 -0500 Subject: [Infowarrior] - TSA shuts door on private airport screening program Message-ID: TSA shuts door on private airport screening program By Mike M. Ahlers and Jeanne Meserve, CNN January 29, 2011 2:07 a.m. EST http://www.cnn.com/2011/TRAVEL/01/29/tsa.private/index.html?hpt=T2 Washington (CNN) -- A program that allows airports to replace government screeners with private screeners is being brought to a standstill, just a month after the Transportation Security Administration said it was "neutral" on the program. TSA chief John Pistole said Friday he has decided not to expand the program beyond the current 16 airports, saying he does not see any advantage to it. Though little known, the Screening Partnership Program allowed airports to replace government screeners with private contractors who wear TSA-like uniforms, meet TSA standards and work under TSA oversight. Among the airports that have "opted out" of government screening are San Francisco and Kansas City. The push to "opt out" gained attention in December amid the fury over the TSA's enhanced pat downs, which some travelers called intrusive. Rep. John Mica, a Republican from Florida, wrote a letter encouraging airports to privatize their airport screeners, saying they would be more responsive to the public. At that time, the TSA said it neither endorsed nor opposed private screening. "If airports chose this route, we are going to work with them to do it," a TSA spokesman said in late December. But on Friday, the TSA denied an application by Springfield-Branson Airport in Missouri to privatize its checkpoint workforce, and in a statement, Pistole indicated other applications likewise will be denied. "I examined the contractor screening program and decided not to expand the program beyond the current 16 airports as I do not see any clear or substantial advantage to do so at this time," Pistole said. He said airports that currently use contractor screening will continue to be allowed to. Pistole said he has been reviewing TSA policies with the goal of helping the agency "evolve into a more agile, high-performance organization." Told of the change Friday night, Mica said he intends to launch an investigation and review the matter. "It's unimaginable that TSA would suspend the most successfully performing passenger screening program we've had over the last decade," Mica said Friday night. "The agency should concentrate on cutting some of the more than 3,700 administrative personnel in Washington who concocted this decision, and reduce the army of TSA employees that has ballooned to more than 62,000." "Nearly every positive security innovation since the beginning of TSA has come from the contractor screening program," Mica said. A union for Transportation Security Administration employees said it supported the decision to halt the program. "The nation is secure in the sense that the safety of our skies will not be left in the hands of the lowest-bidder contractor, as it was before 9/11," said John Gage, president of the American Federation of Government Employees. "We applaud Administrator Pistole for recognizing the value in a cohesive federalized screening system and work force." Advocates of private screeners say it is easier to discipline and replace under-performing private screeners than government ones. But Congress members have differed over the effectiveness of private screeners. Mica said tests show that private screeners perform "statistically significantly better" than government screeners in tests of airport checkpoints. But the Government Accountability Office says it "did not notice any difference" during covert checkpoint testing in 2007. Both groups failed to find concealed bomb components, the GAO said. Test results are not publicly disclosed. On Friday, Rep. Bennie Thompson of Mississippi, the ranking member on the House Homeland Security Committee, lauded Pistole's decision. "Ending the acceptance of new applications for the program makes sense from a budgetary and counter-terrorism perspective," he said in a statement. From rforno at infowarrior.org Sat Jan 29 18:36:20 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 29 Jan 2011 19:36:20 -0500 Subject: [Infowarrior] - Is the Fourth Amendment Relevant in a Technological Age? Message-ID: <9EA29FD3-7B6F-4756-9DA4-8B509F5CD77F@infowarrior.org> Is the Fourth Amendment Relevant in a Technological Age? http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1734755 Christopher Slobogin Vanderbilt Law School January 4, 2011 Abstract: This work will be a chapter in a forthcoming book in The Future of the Constitution series, edited by Jeffrey Rosen and Benjamin Wittes and published by the Brookings Institute. Over the past 200 years, the Fourth Amendment?s guarantees have been construed largely in the context of what might be called "physical searches" - entry into a house or car; a stop and frisk of a person on the street; or rifling through a person?s private papers. But today, with the introduction of devices that can see through walls and clothes, monitor public thoroughfares twenty-four hours a day, and access millions of records in seconds, police are relying much more heavily on what might be called "virtual searches," investigative techniques that do not require physical access to premises, people, papers or effects and that can often be carried out covertly from far away. The Supreme Court?s current Fourth Amendment jurisprudence - specifically, its "knowing exposure," "general public use," "contraband-specific," "assumption of risk" and "special needs" doctrines - has both failed to anticipate this development and continued to ignore it. This article describes this jurisprudence and how it can foster law enforcement abuse, mission creep, mistaken seizures and physical searches, and an oppressive atmosphere even for the innocent. It then outlines a more technologically-sensitive Fourth Amendment framework. Keywords: Fourth Amendment, technology, surveillance, data mining, search and seizure, special needs Working Paper Series From rforno at infowarrior.org Sun Jan 30 15:30:14 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 30 Jan 2011 16:30:14 -0500 Subject: [Infowarrior] - DOC goes 'off the rails' in ICANN position paper Message-ID: The US Commerce Dept position paper for the ICANN Board negotiations by Milton Mueller on Sat 29 Jan 2011 01:11 AM EST IGP has obtained a copy of the US Commerce Department's position paper for its February 28 negotiations with the ICANN Board over the new top level domain program. The "USG Submission to the GAC Scorecard" shows that the U.S. Commerce Department's ICANN crew has gone off the rails. It supports direct governmental veto power over domains and demands that ICANN completely rewrite most of the consensus policies developed over 4 years. The specific policies recommended by the U.S. will astonish anyone who believes that the U.S. supports Internet freedom and democratic governance. For beginners, the U.S. is demanding that ICANN give any government in the world the authority to veto a top level domain. The U.S. wants to make all top level domains go through an initial "review by governments, via the GAC." In this initial evaluation process, "Any GAC member may raise an objection to a proposed string for any reason. If it is the consensus position of the GAC not to oppose an objection raised by a GAC member or members, ICANN shall reject the application." (In a footnote, the US defines "consensus position" as "a position voiced by one or more GAC member(s) not objected to by other GAC member(s).") This is truly astounding. The ICANN process has spent years trying to ensure that only applications that involve words contrary to general principles of international law will be vetoed. The Commerce Department, in contrast, is openly saying that governments should be able to veto a top level domain "for any reason." So much for the rule of law. < - > http://blog.internetgovernance.org/blog/_archives/2011/1/29/4737705.html From rforno at infowarrior.org Sun Jan 30 22:11:53 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 30 Jan 2011 23:11:53 -0500 Subject: [Infowarrior] - EFF Uncovers Widespread FBI Intelligence Violations Message-ID: January 30th, 2011 EFF Uncovers Widespread FBI Intelligence Violations https://www.eff.org/deeplinks/2011/01/eff-releases-report-detailing-fbi-intelligence News Update by Mark Rumold EFF has uncovered widespread violations stemming from FBI intelligence investigations from 2001 - 2008. In a report released today, EFF documents alarming trends in the Bureau?s intelligence investigation practices, suggesting that FBI intelligence investigations have compromised the civil liberties of American citizens far more frequently, and to a greater extent, than was previously assumed. Using documents obtained through EFF's Freedom of Information Act (FOIA) litigation, the report finds: ? Evidence of delays of 2.5 years, on average, between the occurrence of a violation and its eventual reporting to the Intelligence Oversight Board ? Reports of serious misconduct by FBI agents including lying in declarations to courts, using improper evidence to obtain grand jury subpoenas, and accessing password-protected files without a warrant ? Indications that the FBI may have committed upwards of 40,000 possible intelligence violations in the 9 years since 9/11 EFF's report stems from analysis of nearly 2,500 pages of FBI documents, consisting of reports of FBI intelligence violations made to the Intelligence Oversight Board ? an independent, civilian intelligence-monitoring board that reports to the President on the legality of foreign and domestic intelligence operations. The documents constitute the most complete picture of post-9/11 FBI intelligence abuses available to the public. Our earlier analysis of the documents showed the FBI's arbitrary disclosure practices. EFF's report underscores the need for greater transparency and oversight in the intelligence community. As part of our ongoing effort to inform the public and elected officials about abusive intelligence investigations, we are distributing copies of the report to members of Congress. A pdf copy of the report can be downloaded here. From rforno at infowarrior.org Mon Jan 31 08:05:54 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 31 Jan 2011 09:05:54 -0500 Subject: [Infowarrior] - Dear US media ..... Message-ID: <2D426FBE-C538-4F28-B7F7-364379973FC6@infowarrior.org> Regarding the Egypt and the Middle East situation: People were organising and protesting in large numbers around the world long before the Internet and social media came to fruition. The Internet certainly is helpful in these situations for a variety of reasons, but it is not responsible or necessarily *essential* for such events to take place, even in the modern day. Therefore, please stop fawning over the Internet and the social media "angle" of this story. (And you wonder why I consider you 'entertainment' as opposed to 'news' nowdays?) kthanxbai. -- rick From rforno at infowarrior.org Mon Jan 31 12:31:50 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 31 Jan 2011 13:31:50 -0500 Subject: [Infowarrior] - Inte'ls new Sandy Bridge chips are buggy Message-ID: <356921B0-8E3B-4A7E-AA77-A3C22644B491@infowarrior.org> Intel finds flaw in 6-series chipsets, halts shipments by Cyril Kowaliski and Scott Wasson ? 10:07 AM on January 31, 2011 http://techreport.com/discussions.x/20326 As phenomenal as Intel's new Sandy Bridge processors turned out to be, nothing in this world is truly perfect. Intel announced earlier this morning that it has discovered a flaw in the 6-series chipsets that accompany the new processor family. While it reassures users that they can "continue to use their systems with confidence," the chipmaker has nonetheless halted chipset shipments until a new, bug-free version of the silicon starts to ship out late next month. What's the problem? Intel explains, "In some cases, the Serial-ATA (SATA) ports within the chipsets may degrade over time, potentially impacting the performance or functionality of SATA-linked devices such as hard disk drives and DVD-drives." For folks who have already crossed the Sandy Bridge, Intel adds that it will "work with its OEM partners to accept the return of the affected chipsets," and it plans to "support modifications or replacements needed on motherboards or systems." Yes, that likely means the replacement of all Sandy-Bridge-based motherboards, laptops, and pre-built PCs currently on store shelves or already in the hands of consumers. That sounds like a fair amount of hassle for all involved, but it probably beats the alternative?degraded storage performance on a state-of-the-art quad-core PC. Beside the obvious inconvenience and bad PR, this little slip-up will cost Intel quite a bit of money, too. The firm expects to see a $300-million dent in first-quarter revenue (since full volume production of 6-series chipsets won't resume until April), not to mention $700 million in total repair and replacement costs. Intel stockholders might not need to cut and run just yet, though. Intel claims it can make up for the lost revenue by year's end, and in the same press release, the chipmaker goes on to say it now expects first-quarter revenue to be in the $11.3-12.1 billion range, an increase from the previous forecast of $11.1-11.9 billion. Gross margin will, however, be understandably lower than initially expected (59-63% instead of 62-66%). We are currently checking with Intel and motherboard makers to see how they plan to assist affected customers. Stay tuned for more info as we get it. Update - 11:43 AM: Intel just held a conference call to talk about the Sandy Bridge chipset problems, and we now have a few more details to share with you. The problem that's caused Intel to initiate a billion-dollar chipset recall affects the SATA ports on all 6-series chipsets, including the H67 and P67 chipsets most prominently used in consumer products. All of these chipsets are collectively referred to as "Cougar Point" inside of Intel. Because there are no third-party chipsets compatible with Sandy Bridge processors, all Sandy Bridge-based systems are potentially affected, including desktops, laptops, and BYOPC motherboards. The issue is a circuit design problem resulting in a gradual degradation over time of SATA connectivity on the affected ports, manifesting itself as high bit-error rates on those ports and eventually as total device disconnects. That's a serious issue, but it's limited in scope. Intel says storage devices connected to those ports should not be damaged, and data on the devices should be intact and readable on another system. The ports potentially affected, interestingly enough, are the four 3Gbps SATA ports on the chipset. The two 6Gbps SATA ports aren't at risk. Because this is a chip design-level problem, it will require the replacement of the Cougar Point chips embedded in the motherboards of affected systems. Intel expects to be producing an updated, fixed version of Cougar Point silicon in late February, with "full volume recovery" coming later, in April or possibly even late March. Implementing the fix will involve the replacement of a photomask for one of the layers of metal on the chip. The layer in question is apparently a "later" layer in the production process, so we expect there's some potential for partially completed chips currently in production to have the revised layer applied to them. Note that the 6-series chipset is produced on Intel's very mature 65-nm fabrication process, not the cutting-edge 32-nm process on which Sandy Bridge CPUs are produced, so this isn't likely to be an especially thorny issue to untangle. Intel says the change should be "very straightforward" and it has "very high confidence" that the fix will be effective. As you may know, Intel pours millions of dollars into validation testing for product like these, and its partners at major PC makers do the same. This problem apparently wasn't detected early on because of its nature, involving a slow degradation of SATA connectivity over time. Intel estimates that something like 5% of systems could develop problems over a three-year life span, assuming typical laptop usage patterns. Beyond that time window, the failure rate might rise further. For systems with heavier usage patterns, the failure rate during that initial three-year window could be as high as roughly 15%. That's obviously high enough to warrant the drastic action Intel is taking. The first evidence of the problem cropped up during extended testing by PC makers, after the chipsets had passed the initial validation stages within Intel and within the OEMs. Intel says it learned of the problem last week; understanding and characterizing the problem then took a few days. That analysis concluded last night, and the company put shipments of its chipsets on hold this morning. From what we can gather, Intel partners were only very recently notified of the problem, too. In addition to affecting systems already on the market, the chipset hiccup will delay the release of a host of laptops and other systems based on the dual-core variants of Sandy Bridge. Those systems were originally scheduled to begin hitting store shelves in the first couple of weeks of February, but Intel now estimates another "few weeks" will be added to those release schedules, depending on how long it takes PC manufacturers to incorporate the revised chipset silicon into their production pipelines. Intel's estimate sounds a little too optimistic to us, though. Given that the 6-series chipsets won't likely return to full production volumes until at least late March, we suspect the delays may add up to at least a couple of months in total. This is obviously still a developing story, and we are working to understand how motherboard makers will address the problem for consumers. From rforno at infowarrior.org Mon Jan 31 18:02:19 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 31 Jan 2011 19:02:19 -0500 Subject: [Infowarrior] - Al Jazeera Offers Its News for Free to Other Networks Message-ID: As Egypt Erupts, Al Jazeera Offers Its News for Free to Other Networks ? By Sam Gustin ? January 28, 2011 | ? 7:47 pm | ? Categories: Media http://www.wired.com/epicenter/2011/01/al-jazeera-egypt/ (Update 10:30 p.m. EST 1/30: Al Jazeera Says its Cairo Bureau Has Been Shuttered By Egyptian Authorities) Qatar-based cable news network Al Jazeera is not available on United States cable systems ? except in local markets in Vermont, Ohio and Washington, D.C. But that hasn?t stopped the major American news outlets from relying on the international news network for critical reportage on the growing unrest in Egypt. Al Jazeera has more journalists on the ground, in-country, than any American news organization. ?Al Jazeera Arabic and English have seven teams in Cairo plus multiple reporters in Alexandria, Suez and Ismailia,? a company spokesperson said. ?The revolution is not being televised, it?s being streamed,? the rep added. In order to make the news available worldwide, Al Jazeera has decided to make its content available for ?other news sources to use through their Creative Commons website,? the company said. That means news outlets are free to use the organization?s reports and live footage, without getting permission, so long as the borrowers give credit. Al Jazeera is popular in Egypt, as it is throughout the Arab world. But the 30-year strongman President Hosni Mubarak?s regime is no fan of the network?s coverage, and Al Jazeera says the regime has tried to disrupt the organization?s reporting. On Thursday, Mubarak?s regime pulled the plug on Egypt?s internet service, making Al Jazeera?s multiple streams of coverage inaccessible to Egyptians. Al Jazeera?s management says it is committed to global journalism and free speech. ?Braving the same violent attacks by policemen against demonstrators, including physical assaults, rubber bullets, and tear gas, Al Jazeera journalists were on location, doing their jobs, and capturing the scene faced by the Egyptians to help carry their voices to our audience around the world,? Al Jazeera management said in an internal email to staffers today. Al Jazeera?s website saw a 2500% increase in traffic Friday, with over 50% of that spike coming from the US alone, a company spokesperson said. The company?s servers crashed earlier today, but it has taken steps to beef them up. Al Jazeera is streaming live reporting out of Egypt on its website.