From rforno at infowarrior.org Sat Oct 1 08:25:43 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 1 Oct 2011 09:25:43 -0400 Subject: [Infowarrior] - Info Security Cartoon Message-ID: <96600B34-FB29-4599-8EF7-1C78A5B63DF7@infowarrior.org> Perfect way to begin National Cybersecurity Awareness Month. http://onefte.com/2011/10/01/we-are-not-bad-people-2/ -- rick --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Oct 1 09:25:40 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 1 Oct 2011 10:25:40 -0400 Subject: [Infowarrior] - =?windows-1252?q?Paper=3A_The_SSL_Landscape_=96_A?= =?windows-1252?q?_Thorough_Analysis_of_the_X=2E509_PKI_Using_Active_and_P?= =?windows-1252?q?assive_Measurements?= Message-ID: <997A5645-B66B-4293-8DD5-7696BAC71B73@infowarrior.org> http://www.net.in.tum.de/fileadmin/bibtex/publications/papers/imc-pkicrawl-2.pdf The SSL Landscape ? A Thorough Analysis of the X.509 PKI Using Active and Passive Measurements Ralph Holz, Lothar Braun, Nils Kammenhuber, Georg Carle Technische Universit?t M?nchen Faculty of Informatics Chair for Network Architectures and Services {holz,braun,kammenhuber,carle}@net.in.tum.de ABSTRACT The SSL and TLS infrastructure used in important protocols like HTTPs and IMAPs is built on an X.509 public key infrastructure (PKI). X.509 certificates are thus used to authenticate services like online banking, shopping, e-mail, etc. However, it always has been felt that the certification processes of this PKI may not be con- ducted with enough rigor, resulting in a deployment where many certificates do not meet the requirements of a secure PKI. This paper presents a comprehensive analysis of X.509 certifi- cates in the wild. To shed more light on the state of the deployed and actually used X.509 PKI, we obtained and evaluated data from many different sources. We conducted HTTPs scans of a large number of popular HTTPs servers over a 1.5-year time span, in- cluding scans from nine locations distributed over the globe. To compare certification properties of highly ranked hosts with the global picture, we included a third-party scan of the entire IPv4 space in our analyses. Furthermore, we monitored live SSL/TLS traffic on a 10 Gbps uplink of a large research network. This allows us to compare the properties of the deployed PKI with the part of the PKI that is being actively accessed by users. Our analyses reveal that the quality of certification lacks in strin- gency, due to a number of reasons among which invalid certifica- tion chains and certificate subjects give the most cause for concern. Similar concerns can be raised for other properties of certification chains and also for many self-signed certificates used in the de- ployed X.509 PKI. Our findings confirm what has long been be- lieved ? namely that the X.509 PKI that we use so often in our everyday?s lives is in a sorry state http://www.net.in.tum.de/fileadmin/bibtex/publications/papers/imc-pkicrawl-2.pdf --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Oct 1 09:40:44 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 1 Oct 2011 10:40:44 -0400 Subject: [Infowarrior] - OT: Your moment of utter geekery Message-ID: The Imperial March as performed by a duo of floppy drives. http://www.youtube.com/watch?v=yHJOz_y9rZE --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Oct 1 09:42:59 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 1 Oct 2011 10:42:59 -0400 Subject: [Infowarrior] - WH uses signing statement for ACTA Message-ID: Obama Administration To Use ACTA Signing Statement To Defend Why It Can Ignore The Constitution In Signing ACTA from the trampling-on-the-constitution dept http://www.techdirt.com/articles/20110929/13395816138/obama-administration-to-use-acta-signing-statement-to-defend-why-it-can-ignore-constitution-signing-acta.shtml While the EU, Mexico and Switzerland are apparently not yet ready to sign ACTA, a lot of others are apparently planning to sign the document this weekend, despite questions about its legality. Because of that Sean Flynn has written up an analysis suggesting that, even if the document is signed it's not clear that the treaty can actually go into effect anywhere. Whether or not that's accurate, what I wanted to focus on was a separate tidbit of info suggesting that, while the Obama administration is very much aware of the very serious Constitutional questions raised by the signing, it's going to issue a "signing statement" that defends its right to ignore the Constitution here. < - > In the US, there is no plan to constitutionally ratify the agreement. Indeed, this will likely be the main focus of the US signing statement. The document will be an argument to Congress that the executive can pass this agreement alone ? legally binding the US to a trade agreement without no congressional authorization ? because, according to the Executive, ACTA is fully consistent with current US law. < - > Thus, the administration argues that there doesn't need to be a Senate review because no laws will be changed. This is, of course, wrong, since ACTA (1) does not align itself fully with US laws and (2) massively constrains Congress's ability to change certain intellectual property laws in the future. Furthermore, this basic argument is ridiculous. The President is only allowed to sign executive agreements that cover items solely under the President's mandate. Intellectual property is not. It's clearly given to Congress under the Constitution. Of course, I'm quite curious as to how the Administration, with Joe Biden as VP, can defend this action. After all, as well chronicled, when Joe Biden was still Senator Biden in 2002, he went ballistic against then-President George W. Bush for trying to sign an arms control agreement with Russia as an executive agreement, rather than a treaty with Senate ratification. He actually sent a letter to the President demanding that the agreement be submitted as a treaty for ratification in the Senate. The letter apparently "defend[ed] the institutional prerogatives of the Senate." Of course, if we had any real reporters out there who actually asked the administration real questions, they might question this obvious hypocrisy within the administration. But, instead, expect almost no one to cover this story. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Oct 2 07:28:47 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 2 Oct 2011 08:28:47 -0400 Subject: [Infowarrior] - A Day in the Life of a Reluctant TD Ameritrade Customer Message-ID: <6B071E9E-549E-48A2-ABDA-65368D57D7DB@infowarrior.org> (I agree completely with Sean. I was livid on Friday, and have serious concerns about the decline of the ThinkorSwim experience post TD Ameritrade merger. Sean says what MANY of us are feeing right now, because this kind of problem and lack of support/information has been a recurring problem in recent months. -- rick) When Great Brands Go Bad: A Day in the Life of a Reluctant TD Ameritrade Customer ? Posted by chicagosean ? on October 1st, 2011 http://www.chicagosean.com/2011/10/01/when-great-brands-go-bad-a-day-in-the-life-of-a-reluctant-td-ameritrade-customer/ At 8:31 local time in Chicago yesterday morning (Friday, Sept 30), for all intents and purposes, the lights when out at thinkorswim. The trading platform went dark, there was no way to contact customer service, they were nowhere to be found on Twitter or StockTwits, and for the next one hour and fifteen minutes during some of the most volatile market conditions many of us can remember, thousands of thinkorswim customers were left to wonder where their positions were and whether or not their open orders were being executed. You can imagine the panic coursing through the veins of big options traders holding short options to cover on expiration day for quarterly and weekly options. I consider myself one of the lucky ones. My positions were safe as the market cooperated with me. Lucky. But I?m certain others weren?t as lucky. What makes this a hard piece for me to write is that I love thinkorswim. Seriously. Love. I?ve been a staunch supporter of their platform since the very first day I became a customer and would recommend them to every person that inquired of me who to select as their options trading platform. Never a doubt ? ?choose thinkorswim? would be my pat answer. ??They are the Gold Standard.? I love that they are local to me. Love their customer service. Love their educational offerings. Love their platform. Love their mobile and iPad apps. Love their features. Love their stability. Love their reasonable commission rates. And love their commitment to being cutting edge, customer-loving, and constantly improving. But perhaps I should have said LOVED, in the past tense. Because the thinkorswim that I loved and had been instrumental in my early options trading education was recently sold to TD Ameritrade. And since the handoff took place, thinkorswim has become a shadow of its former self. Up until about six or seven months ago, I couldn?t remember many serious data disruptions on the platform that lasted more than a couple minutes. Even during the ?Flash Crash? they performed admirably. Not perfect, but in that situation they certainly earned the benefit of the doubt. These days, it seems almost inevitable that data will stream slowly during the frequently busy open and closing trading periods and also whenever any major market moving news is breaking. Alerts that I?ve set are constantly late in triggering, and often orders go unrecognized for far too many agonizing seconds when speed of execution is of paramount importance. And when I need them most, the customer service that used to be the front window to their amazing support is now too often slow to respond to my inquiries. Yesterday was a tough day in a series of exceedingly bad days for the platform. They made people upset, no question. But one way they could?ve alleviated some of the bad will that was created yesterday would?ve been to take to StockTwits and Twitter to announce to their thousands of actively trading customers what was happening, what the next steps were, and when we could expect to be back up. Customers needed this yesterday? badly. Instead, we were met with unanswered phone calls and silence everywhere else. Part of me wants to just place all the blame on TD Ameritrade and keep my trusty thinkorswim free of guilt. But I know it?s not this simple. Customers and employees are always on edge when companies merge. It may make sense when evaluating balance sheets and statements of cash flows. But it doesn?t always work in the real world with humans. Many longtime customers (myself included) were unhappy when we heard the news of the impending merger. We hoped for the best but feared the worst. Sadly, our fears are beginning to be realized in real time. And it hurts. It may be a stretch comparison, but there was a time when thinkorswim customers were as loyal to its brand as many longtime Apple customers are to Apple. Could you imagine if Apple was bought out by a competitor and began tinkering with its OS and famous products? And could you imagine what would happen if the user experience that Apple is famous for began to seriously deteriorate due to products malfunctioning? The outrage would be epic. Well this is what thinkorswim users, in our admittedly smaller world, are going through right now. It?s sad and it sucks. I?m far from thinkorswim?s most important customer. In fact, I probably rank among the least important. And I?m fine with that. I know my place in the trading ecosystem. But my old thinkorswim used to make me feel important when I needed them to. I don?t get this same feeling from TD Ameritrade. I know I speak for hundreds perhaps thousands of longtime customers when I plead: ?please give me my old thinkorswim back. I miss you, buddy.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Oct 2 08:09:22 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 2 Oct 2011 09:09:22 -0400 Subject: [Infowarrior] - Our unprepared graduates Message-ID: <3A74AA27-44B8-4507-BCBB-E5B6C0FE968A@infowarrior.org> Our unprepared graduates http://www.washingtonpost.com/opinions/our-unprepared-graduates/2011/09/30/gIQAJGYBBL_print.html By Kathleen Parker, Published: September 30 Jobs, jobs, jobs, we keep hearing. But for whom, whom, whom? Certainly not for the many young Americans being graduated from colleges that have prepared them inadequately for the competitive marketplace. The failure of colleges and universities to teach basic skills, while coddling them with plush dorms and self-directed ?study,? is a dot-connecting exercise for Uncle Shoulda, who someday will say ? in Chinese ? ?How could we have let this happen?? We often hear lamentations about declining educational quality, but the focus is usually misplaced on SAT scores and graduation rates. Missing from the conversation is the quality of what?s being taught. Meanwhile, we are mistakenly wed to the notion that more people going to college means more people will find jobs. Obviously the weak economy is a factor in the highest unemployment rate for those ages 16 to 29 since World War II. But there?s more to the story. Fundamentally, students aren?t learning what they need to compete for the jobs that do exist. These facts have been well documented by a variety of sources, not to mention the common experience of employers who can?t find applicants who can express themselves grammatically. A 2010 study published by the Association of American Colleges and Universities found that 87 percent of employers believe that higher-education institutions have to raise student achievement if the United States is to be competitive in the global market. Sixty-three percent say that recent college grads don?t have the skills they need to succeed. And, according to a separate survey, more than a quarter of employers say entry-level writing skills are deficient. One of the most damning indictments of higher education came this year with a book, ?Academically Adrift: Limited Learning on College Campuses,? by Richard Arum of New York University and Josipa Roksa of the University of Virginia. It?s a dense tome that could put Ambien out of business, but the authors? findings are compelling. Just two examples: ?Gains in critical thinking, complex reasoning and writing skills are either ?exceedingly small or nonexistent for a larger proportion of students.? ?Thirty-six percent of students experience no significant improvement in learning (as measured by the Collegiate Learning Assessment) over four years of higher education. Undoubtedly, critics of Arum and Roksa will find reason to diminish their findings. But Americans know that something is wrong with higher education, and the consensus is growing that young adults aren?t being taught the basic skills that lead to critical thinking. Most universities don?t require the courses considered core educational subjects ? math, science, foreign languages at the intermediate level, U.S government or history, composition, literature, and economics. The nonprofit American Council of Trustees and Alumni (ACTA) has rated schools according to how many of the core subjects are required. A review of more than 1,000 colleges and universities found that 29 percent of schools require two or fewer subjects. Only 5 percent require economics. Less than 20 percent require U.S. government or history. Critics of ACTA?s findings insist that the core curriculum is outdated and accuse the organization of being ?conservative.? (Founders included Lynne Cheney and Sen. Joseph I. Lieberman.) Some also insist that such ?old-fashioned? curricula merely encourage memorization and rote learning rather than critical thinking. Ridiculous, says ACTA President Anne Neal: ?How can one think critically about anything if one does not have a foundation of skills and knowledge? It?s like suggesting that our future leaders only need to go to Wikipedia to determine the direction of our country.? College students may be undereducated, but they?re not dumb and many feel short-changed. A recent Roper Organization study found that nearly half of recent graduates don?t think they got their money?s worth. The problem with education isn?t money ? we spend plenty ? but quality. Yet, instead of figuring out how to make education pay future dividends, higher-educational institutions are building better dorms with flat-screen TVs, movie theaters and tanning salons, according to a recent CNN report. If parents aren?t furious, they?re not paying attention. In the lost spirit of in loco parentis, Neal and Arum have teamed up to take these findings to those upon whom ultimate responsibility falls: the nation?s 10,000 college and university trustees. In a letter sent a few weeks ago, Arum wrote that institutions not demanding a rigorous curriculum ?are actively contributing to the degradation of teaching and learning. They are putting these students and our country?s future at risk.? That?s a provocative charge and a call to arms. Let?s hope trustees hear it and heed. kathleenparker at washpost.com ? The Washington Post Company --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Oct 2 09:09:41 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 2 Oct 2011 10:09:41 -0400 Subject: [Infowarrior] - TSA Pats Down Breast Cancer Survivor Even After Getting Scanned Message-ID: <5D0555F9-9B6E-4812-9D02-57EDEA837FD9@infowarrior.org> By Kwame Opam Oct 1, 2011 4:40 PM TSA Pats Down Breast Cancer Survivor Even After Getting Scanned http://gizmodo.com/5845772/tsa-pats-down-breast-cancer-survivor-even-after-getting-scanned Lori Dorn, the wife of Laughing Squid's Scott Beale, recently submitted to a backscatter scan at JFK airport. The TSA pulled her aside for a breast patdown, even though she stated she had breast implants in place after her bilateral mastectomy. Of course, that didn't stop them. They didn't even let her take out the Device Identification Card that would could have explained where the implants came from and their medical purpose. No. Instead they humiliated her in public: < - > Instead, she called over a female supervisor who told me the exam had to take place. I was again told that I could not retrieve the card and needed to submit to a physical exam in order to be cleared. She then said, "And if we don't clear you, you don't fly" loud enough for other passengers to hear. And they did. And they stared at the bald woman being yelled at by a TSA Supervisor. < - > Was there really no other way of going about this? Does this qualify as doing your job? Stop doing this to people. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Oct 2 11:42:49 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 2 Oct 2011 12:42:49 -0400 Subject: [Infowarrior] - BlackBerry Media Card Encryption a Security Risk? Message-ID: BlackBerry Media Card Encryption a Security Risk? A Russian software vendor has released a product that it says can crack BlackBerry smartphone passwords, if the BlackBerry owner has enabled a media-card encryption security setting. Posted September 29, 2011 to BlackBerry | http://blogs.cio.com/blackberry/16530/blackberry-media-card-encryption-security-risk UPDATE 2: Elcomsoft just reached out to me, and the company claims that the latest version of its Phone Password Breaker software, v1.80, can indeed recover BlackBerry device passwords and not just passwords to RIM's BlackBerry Wallet and Password Keeper apps, via BlackBerry backups and assuming the necessary BlackBerry media card encryption setting is enabled. Elcomsoft's Chief Security Researcher, Andrey Belenko, has detailed the associated process on the company's website. UPDATE 1: I just heard from RIM, and though the company was quite cryptic in its response to my inquiry about Elcomsoft's claims, the BlackBerry-maker did not say that the Elcomsoft Phone Password Breaker cannot crack BlackBerry passwords. However, RIM suggested that Elcomsoft's claims apply not to the BlackBerry device password, but to passwords for RIM's BlackBerry Password Keeper and BlackBerry Wallet apps and data, which Elcomsoft claims its software can retrieve from encrypted BlackBerry data backups stored on PCs. (BlackBerry Password Keeper and BlackBerry Wallet apps are native BlackBerry apps that users employ to store various passwords and payment/loyalty card information.) So while BlackBerry media card encryption may not pose as much of a security risk as I first thought, because Elcomsoft's product cannot determine BlackBerry device passwords, according to RIM, it should still be considering a risk, since it could potentially be exploited to access Password Keeper and BlackBerry Wallet data via PC-based BlackBerry backups. The BlackBerry OS is known for the many security safeguards it affords individual users and organizations, the most basic--and most important--of which is probably the device password. In fact, I've written countless mobile device security tips and tricks posts, and "Enable a password" is almost always atop my list of suggestions. However, Russian software vendor Elcomsoft has just released an updated version of its Phone Password Breaker product, and the company claims the software can crack any BlackBerry handheld's password, as long as the BlackBerry owner has enabled a media card encryption option within the smartphone's security settings. I'm not sure what to make of this claim, and I'm definitely not about to shell out the $200 Elcomsoft is charging for the "Professional Edition" of the software, which the company says is required to crack a BlackBerry's password using the encrypted media card. But if it proves to be true, people and organizations that want or need the highest levels of security may wish to ensure that this media-card encryption setting is disabled for the time being--though that would also make data stored on the media card less secure. This purported method of cracking a BlackBerry password is a bit worrisome, since a Bad Guy could presumably quickly remove a BlackBerry user's microSD card, and then go to work cracking the device password without the owner even knowing it's gone. Said Bad Guy could then grab the device, unlock it using the cracked password and steal data, etc., before the user could report it missing and have the device wiped via BlackBerry Enterprise Server (BES) or otherwise. I've reached out to RIM for a comment, but haven't received a response. I'll update this post accordingly as soon as I do. By default, BlackBerry media card encryption is disabled, so you or your IT administrator would have had to have purposefully turned the setting on. But if you want to make sure the media card encryption setting is disabled on your BlackBerry 7 device, click the Options icon on your home screen--it looks like a wrench--scroll down to and click the Security listing, then Encryption and, on the following screen, make sure the Encrypt box beneath the Media Card heading is unchecked. Save your changes, and you're good to go. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Oct 2 11:44:16 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 2 Oct 2011 12:44:16 -0400 Subject: [Infowarrior] - Is Amazon Silk closing the net? Message-ID: <771572ED-41F9-480B-A285-9202AFBEDC88@infowarrior.org> Closing the Net New Amazon tablet raises concerns on open data By Brian Proffitt http://www.itworld.com/security/208851/closing-net September 30, 2011, 11:52 AM ? When I read the news reports coming over the wire about the Kindle Fire this week, it became even more clear that we need to pay attention to keeping our access to the Internet really free. In case you haven't heard, Silk will enable faster mobile web browsing by using Amazon's Elastic Cloud Computing (EC2) resources to pull together requested content on behalf of the Kindle Fire user, and then sending that content down in one shot to the Fire tablet. It will also be learning how to predict where you will go next, and actually pre-cache site content before you even click a link to go there. As a technical solution, it's quite elegant and shiny. From a privacy standpoint, it's a bit of a nightmare. (Before I get accused panicking, let me emphasize that I am fully aware that Silk will let you opt out of this feature, and use the browser without EC2 participation. I also know that this problem can just as easily be avoided by not using the Kindle Fire device itself.) As my colleagues Joe Brockmeier and Steven J. Vaughan-Nichols have illustrated, the privacy concerns are great. Using EC2 as a web proxy will greatly speed things up, sure, but it will also allow Amazon to monitor your individual browsing habits. They say the data will be in aggregate form, but I have to wonder how that will work, since location-based services like Yelp and Latitude will need some sort of unique ID to figure out where you are. Vaughan-Nichols raises the most chilling scenario: with your history on EC2 servers, any law enforcement agency with a warrant can see your browsing history without actually accessing your machine. The privacy questions of Silk are certainly worth discussion, but as I alluded at the start of this article, I have an even broader concern. Looking around at the state of the Internet, I can't help but think of a net that's silently closing in on Internet users, as Software as a Service (SaaS) platforms increasingly try to get in-between users and the open Internet. Set the Wayback Machine back to the very early days of the commercial Internet, when services like Prodigy, CompuServe, and AOL initially kept access to the Internet under virtual lock and key. Messaging and content was handled strictly by these services, with only slivers of out-of-network content available. This was easy at first, because in those days--when we actually still called it the World Wide Web and protocols like Archie and Gopher will still in active use--there wasn't any real content on the WWW to see. But then things, as they always do, changed, and suddenly the content on Web 1.0 exploded and AOL and the rest could not keep their users contained. Joined by Yahoo! and MSN, the best these companies could do was act as a nominal doorman for Internet users, trying to deliver content in a packaged manner that they hoped would be compelling enough to keep those users around long enough to serve them some ads. Then, 13 years ago this week, Google did something to invert the model. First they created a search engine that was good enough to eventually become a verb in the English language. Along the way, they started selling ads, first on their search results and then in an affiliate manner on other web sites. Besides making Google truckloads of money, it had the effect of further weakening those old gatekeeper providers. Why make MSN your home page, after all, when Google search (and all the rest of its new services that would come along) would get you out to the Internet in a much more efficient and personal manner? Other SaaS providers jumped in. Amazon, in particular, shifted from being an online merchant to a SaaS company. Apple made the move as well, morphing from hardware and software vendor to SaaS organization that happens to sell devices. Now we are seeing the beginnings of a new phenomenon, one that would have been unimaginable in the early days of the Web: private commercial interests are slowly containing the Internet itself. Given the stunning amount of data transferred around the Internet in just a single month--anywhere from eight to 494 exabytes, depending on who you ask--that seems flatly impossible. How can you contain the Internet? Honestly, you can't. But if something's too big to hold, you can do the next best thing: control access to the something. You can't throw a net across the Internet, but you can throw a net across Internet users. We have seen this already, with Apple's services. iOS devices are pretty slick, but they all share the common feature of Apple deciding what kinds of apps will run on them. In effect, Apple is controlling the way iOS users view the Internet. This is the classic "walled garden" effect. They can get away with this because they also make the only hardware on which this operating system runs, and when I use these devices, I am fully aware that I am making a social contract with Apple that I am willing to play by their rules. For now, that will work, because my goals and Apple's seem to be in sync. Google's Android, the open source answer to iOS, is touted as being the opposite of a walled garden approach. And with the more open Marketplace model for app developers, it certainly seems to the case. But let's not kid ourselves too much: at the end of the day, Android is a delivery platform for Google services, which are themselves delivery platforms for Google's ads. ChromeOS is the same thing for "traditional" desktop platforms. It's not just hardware providers: Facebook has long wanted to "contain" users within its friendly confines, to drive up sales of its own network of ads and third-party applications. It works because there are still a lot of people out there who would rather hang out where it's "safe" and fun than venture out on the big, scary Internet. And now, this week, we have the Kindle Fire. As I wrote in another blog this week, the Fire represents a disruptive force against retailers, because I cannot imagine that--like Android hooks into Google services--Silk and the rest of the Kindle Fire's toolset won't have hooks of their own that will drive consumer traffic to Amazon's own business. Yes, you can shop on the whole Internet with Silk, but you may find it easier to just buy things on Amazon.com. And even if you don't, Amazon will surely take note of what you do buy, to better offer you something similar the next time you roll your eyeballs into their site. Rather than try to contain the Internet, SaaS providers are trying to get between us and the Internet. And they're doing it with slick and catchy ways that slowly ensnare us before we even know what's going on. Privacy, security, and unlimited access to data are all at risk here. This is why efforts the Open Knowledge Foundation and Open Cloud Initiative are so important. These and other similar organizations represent different ways to keep access to our data limited to just who we want to have it, and no one else. It comes down to this: will these SaaS vendors be our partners in using the Internet, or our captors? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Oct 3 07:27:58 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 3 Oct 2011 08:27:58 -0400 Subject: [Infowarrior] - Data Mine & Analyze all College Students' Online Activities Message-ID: Privacy Nightmare: Data Mine & Analyze all College Students' Online Activities 1984 surveillance tactics continue in schools by suggestions of sharing collected student data with fusion centers. There is another particularly invasive security idea being pitched to universities as a "crystal ball" to stop future violence ? to data mine and analyze all college students' online activities. By Ms. Smith on Sun, 10/02/11 - 6:57pm. http://www.networkworld.com/community/blog/privacy-nightmare-data-mine-analyze-all-colle --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Oct 3 09:38:43 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 3 Oct 2011 10:38:43 -0400 Subject: [Infowarrior] - Private Anti-Piracy Investigator Spills The Beans Message-ID: Private Anti-Piracy Investigator Spills The Beans ? Ernesto ? October 3, 2011 http://torrentfreak.com/private-anti-piracy-investigator-spills-the-beans-111003/ All around the world Hollywood is influencing politics and law enforcement, mainly through local anti-piracy groups. Aside from lobbying, they also employ private investigators to track down and bust copyright infringers. Today, one of them spills the beans. Gavin ?Tex? Warren reveals how he was instructed to boost statistics, link piracy to drug trafficking, and manipulate the police in order to secure more interest for the war on piracy. Hollywood goes to extremes to protect its interests worldwide. By now it?s public knowledge that MPAA-funded groups are lobbying at the highest political levels, but when it comes to law enforcement they have their ways of being heard too. In the U.S. the MPAA was the outfit that tipped the authorities off on many of the ?rogue? sites that had their domain names seized in the last year. Similarly, in the U.K. the MPAA-funded group FACT carried out most of the investigative work in cases against the operators of the BitTorrent community FileSoup and the streaming site TV-Links. Today we talk to Gavin ?Tex? Warren, a private investigator who worked for the Hollywood backed group AFACT in Australia. While he mostly worked on offline piracy, his inside view allows us to learn more about how the anti-piracy agenda is sold to the outside world. Warren became a private investigator in 2000, and prior to that he served as a detective in the Australian Federal Police for twelve years. From 2003 until 2008 he worked as an investigator, undercover operative handler and then lead investigator for AFACT. When AFACT moved their priorities from offline piracy to ISPs, they eventually let Warren go. The Big Score ?Initially AFACT was called the Australasian Film and Video Security Office and was run out of Sydney by Mr Steve Howes,? Warren says, explaining how it all started for him in 2003. ?The lead investigator here in Melbourne was another former AFP officer, Greg Hooper.? ?I had an undercover operative who worked for me (name withheld) that I shall refer to as ?Short Round?. We were contracted to make purchases of DVDs and back then, VHS tapes of copyright infringing movies. In our first operation which lasted about six months, we had infiltrated a manufacturing ?laboratory? and the dodgy sales team at the local trash and treasure market.? Warren?s team then made so-called ?trap purchases? and all the evidence they gathered was then presented to the Victoria Police. The operation resulted in the execution of three simultaneous search warrants, netting about fifteen thousand exhibits, $30,000 cash and a dozen computer towers. It was a great success that was quickly communicated to the media. ?The press were informed and all was tied up in a neat bundle. Column inches were filled, sound bites were created and everyone was happy, except the pirates,? Warren recalls. ?This success ensured that Short Round and I had ongoing work. The AFVSO was subsumed by AFACT soon thereafter. Steve Howes was replaced by Neil Gane, a former British Hong Kong Police Inspector who had been working in Malaysia with the MPAA against piracy.? Boosting Statistics ?At this time, Short Round and I were trotted out to meet Neil and to show him our equipment and discuss tactics. Mr Gane gave the impression of being very committed to stopping the evil scourge of piracy and was far more media savvy that his predecessor.? ?He was adamant that we needed to boost our statistics to make the media sit up and take notice and that the large numbers would make it easier to get the local Police interested. This was especially difficult to do as local police had no jurisdiction over copyright infringing product and the AFP were desperately short on manpower. We were encouraged to find links to drugs and stolen goods wherever possible.? ?We discussed the formula for extrapolating the potential street value earnings of ?laboratories? and we were instructed to count all blank discs in our seizure figures as they were potential product. Mr Gane also explained that the increased loss approximation figures were derived from all forms of impacts on decreasing cinema patronage right through to the farmer who grows the corn for popping.? Gane understood that the media was an essential tool towards AFACT?s goal of getting tougher copyright legislation in place. And for this purpose, it was a good idea to bend the truth a bit. The results of this recalculation are quite amazing. ?2002 impact estimates were $100 million to today?s figure of $1.36 billion in nine years?. That?s a lot of extrapolating,? Warren says. Courting the Police Aside from influencing lawmakers with creative statistics, Warren and his colleagues also had to court the police on a regular basis. AFACT worked with both local law enforcement and the attorney general?s office where they delivered evidence and information to, based on their own investigations. ?Funded solely by MPAA, AFACT lobbies hard for changes to Australian law and enhance the sexiness of their case by making vague references to links to terrorism. Sometimes not so vague. I was instructed to tell police officers that the profit margins were greater than dealing heroin. It was bizarre. A twisted logic that AFACT spewed out with monotonous regularity,? Warren says. One of the examples Warren gives is that they assumed that all burners and DVD replicators would run 24/7, making these operations appear very lucrative. ?Each burner cranking out ten discs an hour, multiplied by ten dollars per disc is potentially a hundred dollars an hour, multiplied by number of burners by hours in a year gives a yearly potential?. Very pumped up statistics.? When the local police were convinced about the to need to follow-up on the case, Warren delivered them all the evidence they would need on a silver platter. ?In my time at AFACT we developed relationships with various police officers (detectives) and would work our cases up to a stage where we could present them with enough information, intelligence and evidence that most of the work was done. This is called a ?walk up start?.? ?Police on the other hand would sometimes find large quantities of copyright infringing material whilst executing warrants, eg: drug warrant executions would invariably turn up some dodgy DVDs and I would get a call to come and identify the product and prepare a brief of evidence for prosecution.? ?It was a matter of educating the police officers what to look for. In this vein, I would regularly deliver half day seminars to police on their training days. It was a good system and had the effect of increasing their prosecutions and my investigations statistics. Collaboration had such a dark overtone. Cooperation is my preferred term,? Warren says. Like many other private investigators Warren is a former police detective. And although the statistics may have been pumped a little, Warren was always careful to act within the boundaries of the law when it comes to his investigative work. ?The PI license is relatively difficult to obtain and easy to lose, therefore we tend to shy away from any activity that would jeopardize our livelihood. The key to efficient and effective investigations is to know all aspects of the various legislations that cover things such as Surveillance Devices, hidden cameras etc. At no time did I authorize or condone the breaking of any laws or rules.? ?Undercover operations, to be used in evidence, need to be squeaky clean. The last thing any investigator needs is to have evidence thrown out of court because of the breach of legislation, or compromise by way of entrapment,? Warren told TorrentFreak. Bye Bye PI At the end of 2007 Warren had a meeting with Neil Gane, who just returned to AFACT after serving as the Australasian Operations Manager for the MPAA for a brief while. Gane told Warren that AFACT would be focusing more on ISPs and online piracy instead of the street work Warren did. Warren was still welcome to submit a tender for piecemeal work at an hourly rate, instead of daily. However, he later learned that his partner and former friend, Short Round, had undercut him, and was working on an as-needed basis for AFACT. This ended Warren?s ?career? in the anti-piracy business. In the years that followed he continued to monitor what AFACT was up to, and he still can?t help but crack a smile when he reads about the disastrous piracy statistics AFACT tells the media about. And so do we --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Oct 5 09:01:43 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 5 Oct 2011 10:01:43 -0400 Subject: [Infowarrior] - A Closed-Mouth Policy Even on Open Secrets Message-ID: <01CA9728-46F6-4D83-9F9D-E9C025B9AE3B@infowarrior.org> October 4, 2011 A Closed-Mouth Policy Even on Open Secrets By SCOTT SHANE http://www.nytimes.com/2011/10/05/us/politics/awlaki-killing-is-awash-in-open-secrets.html?_r=1&pagewanted=print WASHINGTON ? Speaking hours after the world learned that a C.I.A. drone strike had killed Anwar al-Awlaki in Yemen, President Obama could still not say the words ?drone? or ?C.I.A.? That?s classified. Instead, in an appearance at a Virginia military base just before midday Friday, the president said that Mr. Awlaki, the American cleric who had joined Al Qaeda?s branch in Yemen, ?was killed? and that this ?significant milestone? was ?a tribute to our intelligence community.? The president?s careful language was the latest reflection of a growing phenomenon: information that is public but classified. The older and larger drone program in Pakistan, for instance, is a centerpiece of American foreign policy, discussed daily in the news media ? but it cannot be mentioned at a public Congressional hearing. The State Department cables published by WikiLeaks can be found on the Web with a few mouse clicks and have affected relations with dozens of countries ? but American officials cannot publicly discuss them. Underlying these paradoxes is a problem that government officials, notably including Mr. Obama, have acknowledged and complained of for years: the gross overclassification of information. The security agencies have become a mammoth secrets factory, staffed today by 4.2 million people who hold security clearances ? a total disclosed for the first time last month, and far higher than even the biggest previous estimates. Their incentives are so lopsided in favor of secrecy that a new report proposes a surprising remedy: cash prizes for government workers who challenge improper classification. The secrecy compulsion often merely makes the government look silly, as when obvious facts were excised from recent memoirs by former intelligence officers. But it can also hinder public debate of some of government?s most hotly contested actions. Long before Friday?s drone strike, officials say, lawyers at the Central Intelligence Agency, the Justice Department and the White House painstakingly considered the legal justification for what amounted to the execution of an American citizen without trial. But even since the strike, officials have been willing to give only a brief summary of the government?s reasoning, refusing to make public the classified written opinion of the Justice Department?s Office of Legal Counsel, the authoritative arbiter of the law. Steven Aftergood of the Federation of American Scientists, who has tracked government classification policies for two decades, said such secrecy about a disputed policy is ?a kind of self-inflicted autism that cuts decision makers off from the input they need, both from inside the government and outside.? After last week?s strike, he added, ?any justification for withholding the O.L.C. memo went away.? The same closed-mouth approach has long applied to the drone campaign in Pakistan, which is old news but remains a top-secret covert action program. In June, at David H. Petraeus?s Senate confirmation hearing to become C.I.A. director, Senator Roy D. Blunt, Republican of Missouri, told Mr. Petraeus, the retiring Army general: ?I want to talk a little bit about drones for a minute and the use of drones.? There was a murmur of concern; C.I.A drones, though common knowledge, are unmentionable by government officials in public. Mr. Petraeus deftly dodged the issue by speaking of the military?s drones in Afghanistan, whose existence is not classified. Administration officials said the drones are an especially delicate subject today because they are entangled with the United States? complex relations with the governments of Pakistan and Yemen. But the same cannot be said of the Justice Department?s decade-old legal opinion justifying the National Security Agency?s program of wiretapping without warrants. Matthew M. Aid, an intelligence historian, asked for that opinion two years ago under the Freedom of Information Act. In August, he finally got a few sentences of the 21-page opinion, written by John C. Yoo of the Bush Justice Department. The rest was blanked out and remains secret. Nor is the secrecy limited to counterterrorism. Jeffrey Richelson, an author of books on intelligence, asked the C.I.A. last year for any reports by its Center on Climate Change and National Security, which had drawn criticism from Republicans in Congress. The agency said last month that all such material ?is currently and properly classified and must be denied in its entirety.? In a report on overclassification to be released on Wednesday, the Brennan Center for Justice at New York University?s law school concludes that unnecessary classification has jeopardized national security by hindering information sharing inside the government, and corroded democratic government by stifling debate. The report finds that the thousands of officials who classify information err on the side of secrecy, to play it safe or to avoid public scrutiny of policies. Among the remedies the report proposes, in addition to $50 or $100 prizes for successfully challenging a secrecy ruling, is requiring officials to explain in writing why they are classifying a document and asking agency inspectors general to perform spot audits and punish improper classification. The Obama administration?s record on transparency is mixed; it has set a record for prosecuting leaks of classified information to the news media but has also moved to reverse the tide of secrets. In December 2009, Mr. Obama ordered agencies to update their rules to avoid overclassification, and Mr. Aftergood said there were glimmers of progress. For instance, he said, the Defense Department has canceled some 82 outdated ?classification guides,? written instructions on what should be secret. That turns out to be only 4 percent of the department?s classification guides, he said, but the review is not over. ?It?s movement,? Mr. Aftergood said. ?Instead of the perennial growth of the classification system, it?s shrinkage. It?s a start.? From rforno at infowarrior.org Wed Oct 5 13:31:31 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 5 Oct 2011 14:31:31 -0400 Subject: [Infowarrior] - New USPS Ad Campaign: Email Sucks, So Mail Stuff Instead Message-ID: <5F689C19-0BFC-41C0-9F9F-6A85F477EAEB@infowarrior.org> New US Postal Service Ad Campaign: Email Sucks, So Mail Stuff Instead from the from-luddites-r-us dept It seems the US Postal Service (USPS) is starting to get pretty desperate. Losing a ton of money, it's apparently decided that the time is now to attack the competition. The competition, of course, is email. It's put out two TV commercials that focus on bashing email for not being either secure or reliable: < video link > Of course, I'm pretty sure I've had a lot more physical mail "lost" by human carriers than emails just disappear. And you could easily argue that regular mail isn't particularly secure at times either. All in all, though, it seems like a bizarre commercial. Why even bother making silly assertions about email? Do they really think people are going to start saying... "gee, I can't trust this email stuff to communicate with my friends; now I'm going to start sending real letters through the USPS!" http://www.techdirt.com/articles/20111003/04161216180/new-us-postal-service-ad-campaign-email-sucks-so-mail-stuff-instead.shtml From rforno at infowarrior.org Wed Oct 5 13:44:11 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 5 Oct 2011 14:44:11 -0400 Subject: [Infowarrior] - Indefinite miitary detentions snuck into DOD funding bill Message-ID: <23CEA59A-A181-4BD8-986B-DB557DC64482@infowarrior.org> Detention without end, amen By: Daphne Eviatar October 4, 2011 09:48 PM EDT http://dyn.politico.com/printstory.cfm?uuid=4214DC33-D7EE-450A-B530-B75F378C3484 < - > In addition, this defense authorization bill marks the first time since the McCarthy era that Congress has sought to create a system of military detention without charge or trial ? including U.S. citizens arrested on U.S. soil. The bill would do that by authorizing such military detention of anyone, captured anywhere, believed to be ?part of or [who] substantially supported? Al Qaeda, the Taliban or undefined ?associated forces.? Not since 1950, when Congress passed the Internal Security Act, which allowed the government to indefinitely detain suspected Communists who the administration determined ?would probably commit espionage or sabotage,? has Congress authorized such broadbased indefinite detention based on only suspicion. Back in the 1950s, however, the threat of indefinite imprisonment without trial remained just that. No president ever actually invoked that draconian power. But with some 2,800 ?war on terror? detainees now imprisoned indefinitely by the U.S. military at Guantanamo Bay and at the U.S.-run Bagram Air Base in Afghanistan, the use of that power here at home is hardly far-fetched. Congress has been careful not to call too much attention to this provision in its 666-page spending bill ? likely aware that many Americans might well be outraged. < - > John Brennan, the president?s chief counterterrorism adviser, has spoken out against this proposed new military policy. He called mandatory military custody for terrorism suspects a ?departure from our values and the body of laws and principles that have always made this country a force for positive change in the world.? It also undermines our national security. The law would ?undermine the international cooperation that has been critical to the national security gains we have made,? as Brennan noted in a recent Harvard Law School speech. He emphasized it would place ?unprecedented restrictions on the ability of experienced professionals to combat terrorism, injecting legal and operational uncertainty into what is already enormously complicated work.? The FBI has some of the world?s best investigators of international terrorism. Yet this bill could shut FBI investigators out of critical counterterrorism investigations. What?s more, suspects held in military custody may never be able to be prosecuted ? and turned as witnesses against their terrorist associates ? because the military won?t be required to follow the FBI?s rules. These are carefully crafted to support bringing suspected terrorists to justice. A group of former senior military interrogators, FBI agents and other law enforcement professionals explained in a recent statement to Congress that the CIA and FBI, together with local law enforcement, have successfully apprehended, interrogated, prosecuted and incapacitated hundreds of suspected terrorists who threatened the U.S. This has yielded, they stated, critical information about ?Al Qaeda communications methods and security protocols, Al Qaeda recruiting methods, the location of Al Qaeda training camps and safe houses and information about future plots to attack U.S. interest.? If the proposed provisions in the pending bill become law, these experts write, ?this process will be seriously disrupted in the vast majority of international terrorism cases.? A group of former military generals and admirals also strongly oppose this provision. They warned it ?would transform our armed forces into judge, jury and jailor for foreign terrorism suspects.? That goes well beyond the military?s expertise, they cautioned: ?The military?s mission is to prosecute wars, not terrorists.? Defense Department General Counsel Jeh Johnson has similarly opposed the mandatory military custody requirement. ?There is danger,? Johnson said in a speech to the American Constitution Society, ?in over-militarizing our approach to the current terrorist threat.? Yet the defense spending bill now pending in Congress would endanger the United States by doing just that. Daphne Eviatar is a senior associate in the law and security program of Human Rights First. From rforno at infowarrior.org Wed Oct 5 17:20:47 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 5 Oct 2011 18:20:47 -0400 Subject: [Infowarrior] - U.S. stocks' massive "melt-up" fans investor fears Message-ID: <339FAFFA-D4E5-4FD8-A1B7-27A9B7EA9772@infowarrior.org> U.S. stocks' massive "melt-up" fans investor fears By Edward Krudy | Reuters ? 2 hours 5 minutes ago http://ca.news.yahoo.com/u-stocks-massive-melt-fans-investor-fears-201253607.html Traders work on the floor of the New York Stock Exchange, August 8, 2011. REUTERS/Brendan ? NEW YORK (Reuters) - In less than one hour on Tuesday, the U.S. stock market surged by 4 percent -- for no apparent reason. The last hour of trading was the most volatile final hour in two months -- and it occurred at a speed that frightens many, from experienced hedge-fund managers to mom-and-pop investors. The late-day "melt-up" that pushed the S&P 500 index <.SPX> out of bear-market territory might be construed as good news. But it brings back echoes of the "flash crash" that saw markets dive by several hundred points in a matter of minutes, and it's a big reason many are staying away from the market. "Everyone is scared in both ways -- the shorts are scared, the longs are scared, everyone is scared. The high-net-worth investor is very, very scared," said Stephen Solaka, managing partner at Belmont Capital Group in Los Angeles, which manages money for independent wealth advisers and family offices. Tuesday's move was the latest example of an erratic, high-octane stock market increasingly driven by levered exchange traded funds and complicated hedging and options strategies that unwind with dizzying speed. It's a far cry from when the U.S. stock market was viewed as a place for capital-raising by businesses seeking to expand and a place for investors looking to put their savings to work. "It tends to result in some market participants feeling like the market is uninvestable. It's not good for mutual funds or hedge funds," said Michael Marrale, head of sales trading at RBC Capital Markets in New York. The ostensible reason for Tuesday's move was an article published late in the day on the Financial Times website quoting the EU's commissioner for economic affairs, Olli Rehn, saying a plan was being worked out to recapitalize the region's troubled banking sector. But Reuters reported similar comments earlier in the day, and Rehn's comments struck some people as covering old ground. Ken Polcari, a veteran of the NYSE floor at ICAP Equities, found the reasoning insufficient. "There is no clarity -- 'no formal decision' -- just more speculation, more rumors, and more innuendo," he said of the FT article. WHAT WENT DOWN Traders, analysts and investors interviewed by Reuters cited a number of factors, many of them technical, and linked to big positions around the 1100 level on the S&P 500. That level was key for investors who had been betting heavily against stocks, which were pummeled in recent days on worries about the worsening European debt crisis. With the index down more than 10 percent from its intraday high reached September 27 to its low on Tuesday, many investors riding that wave were caught leaning the wrong direction when stocks bounced sharply on the Europe reports. The swift gains only really came after the market bounced back above 1100. That was in part due to investors covering heavy short bets against the S&P in key exchange-traded funds such as the SPDRS S&P 500 Index fund and in leveraged ETFs that are mainstays for traders in today's market. Polcari says there was a rush by investors who were betting the market would fall to buy back stocks they had borrowed and sold. The buying fed on itself as more of the short-sellers rushed to cover bets, propelling the market higher. "It was the perfectly executed short squeeze - launched in the final 30 minutes of trading, revealing why being short in a bear market can suddenly cause you to bleed," he said. Over the past two months, short interest on the SPDR S&P 500 exchange traded fund, a massive vehicle that tracks the S&P 500 and has over $78 billion in assets, increased to record levels, according to equity derivative analysts at JP Morgan. For the SPY, there are 536.08 million shares shorted out of 724.13 million outstanding as of mid-September, or about 74 percent, according to Thomson Reuters data. Short interest in this ETF is always going to be high as investors use it to hedge underlying long positions in stocks, but this still represents a sharp increase from the end of July when it was just 47 percent. BLAST-OFF AT 1,100 The S&P climbed steadily between 3 p.m. and 3:30 p.m., but once it broke through 1,100, the gains accelerated, as the average rose 1 percent in the span between 3:39 p.m. and 3:45 p.m. For Joe Donohue, money manager at Dimension Trading in Red Bank, New Jersey, the speed of the reversal was a classic sign of automated algorithmic trading. "I didn't know the move was for real until about 3:40 to 3:45, when my machine just lit up green like a Christmas tree," he said. "That's when you know there's algo buying dictating the market. It certainly wasn't individual buyers." Donohue's response was to close out short positions and buy a triple-leveraged long exchange traded fund that magnifies the performance of the Russell 2000 <.RUT> three times. The Direxion Daily Small Cap Bull 3X Shares , which had its busiest day of trading in history on Tuesday, rocketed nearly 20 percent into the close. That ETF, along with the Proshares Ultrashort S&P 500 ETF , another leveraged ETF, are now often among the top 25 traded issues on U.S. exchanges. "Program trading and algorithmic trading was the cause," said Donohue. "We're seeing moves in a half hour that used to take weeks. Obviously we were very oversold technically before, and essentially we had a 'melt-up' that was helped by the algo trading that just went off buying." Adding to the fire was likely the activity of market makers and options dealers, who try to remain 'market neutral' by offsetting positions by hedging through the options market. When the market moves violently, they have to buy stocks to maintain a neutral exposure, as they aren't trying to bet on the direction of the market. In a note to clients emailed Monday, JPMorgan derivatives strategist Marko Kolanovic noted the range between 1,075 and 1,125 could be subject to more volatility because those hedging the market would buy or sell heavily on violent moves in order to maintain neutral positions. According to Trade Alert, December S&P 500 put options at the 1,100 strike was the third-largest in terms of existing positions, with more than 197,000 contracts outstanding. For investors who bought those puts as insurance for going long stocks, the late-day rally doesn't matter -- puts are insurance against their long position, which was doing well. But market-makers who sold those puts find their hedges out of balance if the market rallies sharply, said Michael McCarty, managing director at Differential Research in Austin, Texas. "When you go through (1,100) that quickly it creates an incentive to balance your hedge when you're faced with so little time left in the day," he said. "It can be akin to yelling 'fire' in a theater." The extreme gyrations are unlikely to abate soon. Volatility futures suggest more wild swings in coming months, and the violent nature of Tuesday's rally is a characteristic associated with bear markets more than bull markets. It hasn't been lost on retail investors, who have pulled money from U.S. equity funds in six of the last seven months, according to the Investment Company Institute. "There's never been a more difficult time to navigate financial markets than where we are today," said Frank Porcelli, head of U.S. retail for BlackRock, one of the world's largest fund managers with $3.6 trillion in assets under management. (Reporting by Ed Krudy and Doris Frankel; additional reporting by Jennifer Merritt, Jonathan Spicer, David Gaffen, Ryan Vlastelica, Chuck Mikolajczak and Mike Tarsala; Editing by Kenneth Barry) From rforno at infowarrior.org Wed Oct 5 19:03:01 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 5 Oct 2011 20:03:01 -0400 Subject: [Infowarrior] - RIP Steve Jobs Message-ID: <9194C6BF-05C2-46AF-AB1E-7750BDB62CF2@infowarrior.org> Apple co-founder Steve Jobs dead at 56 12:56am BST http://uk.reuters.com/article/2011/10/05/us-apple-jobs-idUKTRE79472K20111005 (Reuters) Apple Inc co-founder and former CEO Steve Jobs, counted among the greatest American CEOs of his generation, died on Wednesday at the age of 56, after a years-long and highly public battle with cancer and other health issues. Jobs' death was announced by Apple in a statement late on Wednesday. The Silicon Valley icon who gave the world the iPod and the iPhone resigned as CEO of the world's largest technology corporation in August, handing the reins to current chief executive Tim Cook. Jobs, who fought a rare form of pancreatic cancer, was deemed the heart and soul of a company that rivals Exxon Mobil as the most valuable in America. From rforno at infowarrior.org Wed Oct 5 19:10:43 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 5 Oct 2011 20:10:43 -0400 Subject: [Infowarrior] - BofA site outages called 'unprecedented' Message-ID: <2F2FDB2E-4AF9-42BD-8670-95A0BD681696@infowarrior.org> Update: BofA site outages called 'unprecedented' The bank has replaced its standard online Web page with an alternate Lucas Mearian October 5, 2011 (Computerworld) http://www.computerworld.com/s/article/9220562/Update_BofA_site_outages_called_unprecedented_ The six days of online brownouts and slowdowns that have plagued Bank of America's website are "unprecedented," a leading Internet and mobile cloud monitoring service said today. "I don't think we've seen as significant and as long an outage with any bank. And I've been with Keynote for 16 years now," said Shawn White, vice president of operations for web monitoring service Keynote Systems. "It's particularly shocking precisely because these banks know how critical it is for their online customers to be able to access their bank account. It's so personal and dear to them." Bank of America (BofA) said its Web and mobile services have not been hit by hacking or denial-of-service attacks. But the nation's largest bank would not disclose what's causing its online problems. The bank also said it has substituted its standard homepage with an alternate one to help in user navigation. "I just want to be really clear. Every indication [is that] recent performance issues have not been the result of hacking, malware or denial of service," said BofA spokeswoman Tara Burke. "We've had some intermittent or sporadic slowness. We don't break out the root cause." According to Keynote, BofA's online banking website has been experiencing a pattern of service disruption that has repeated itself every day since last Friday. Each morning, between 8:00 a.m. and 9:30 a.m. ET, the bank's homepage becomes slow -- so slow that transaction testing algorithms have timed out after 60 seconds of not being able to access a page. "This is a huge problem," said Dan Berkowitz, director of corporate communications with Keynote. "I can't get into my account. This has been going on for six days. This is the most unprecedented banking outage we've ever seen at Keynote. We've never seen anything this extensive, ever." Keynote has 4,000 servers in 50 cities around the world that test thousands of websites every five to 15 minutes, collecting 550 million performance measurements daily. In the U.S., Keynote continually tests sites from 10 cities around the country. In the case of BofA, Keynote's testing algorithm accesses the bank's homepage, goes to the online banking page and enters log-in information. It then drills down into account history and logs out. It is a five-webpage test, "very typical of what you or I would do," White said. "Early in the morning between 8 a.m. and 9 a.m. -- this morning it was at 8:13 a.m. -- the site becomes very slow, ranging from 15 to 20 seconds all the way down to 60 seconds to complete this five-page transaction. It was to the point where our measurement agents just gave up," White said. "Imagine you or I would give up after five or 10 seconds or hit the refresh button." White said that at 9:12 a.m. ET today, BofA updated its homepage with a "friendly" message saying it was experiencing performance slowdowns, and offering links for the most popular web pages, such as ATM locations or loan information. "That's a pretty surprising response in that Bank of America is a very big brand and their homepage is normally very colorful, very inviting, and it has a lot of interaction. Now they've replaced it with a very fast loading, sparse message," White said. "For the largest bank in the U.S. to do this, it's like being in a big shopping mall during the holiday season and they took down all the Christmas decorations and put armed guards outside the stores. I'd find that surprising." According to Alexa Web monitoring services, Bank of America's website woes are number six in a list of hot Internet topics, right behind Apple's new iPhone 4S and Amanda Knox, the American student just released from an Italian prison after her murder conviction was overturned by an appeals court. Speculation ran high that hackers might be causing service disruptions after problems with BofA's website began last Friday and continued over the weekend into this week. In published interviews earlier this week, Burke said BofA had simply taken some "proactive measures to manage customer traffic during peak hours during the day," and that had resulted in slowness. Today, she was less forthcoming about what was causing the problems. "We began seeing some sporadic issues on Friday. We're not going to get into the technical details. We're not going to comment on the technicalities of what we do," she said. "Given the last few days, what you're seeing today is we're rigorously monitoring the online banking space, and we chose to deploy an alternate homepage. The reason for this is to ensure customers get to their right destination quickly. "We continue to assess the situation," she added. From rforno at infowarrior.org Wed Oct 5 19:14:56 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 5 Oct 2011 20:14:56 -0400 Subject: [Infowarrior] - BBC Obituary: Steve Jobs Message-ID: <94196912-6D95-4B98-B255-5CA86E8EBC9A@infowarrior.org> 5 October 2011 Last updated at 19:58 ET Obituary: Steve Jobs http://www.bbc.co.uk/news/world-us-canada-12215485?print=true Despite his wealth and corporate success, Steve Jobs always managed to retain the air of a Silicon Valley buccaneer His abrasive style meant he was often difficult to work with but his eye for a desirable product made Apple one of the planet's most recognised brands. Steven Paul Jobs was born in San Francisco on 24 Feb 1955, the son of two unmarried university students, Joanne Schieble and Syrian born Abdulfattah Jandali. His parents gave him up for adoption and he was taken in by a working class Californian couple Paul & Clara Jobs. Months after his adoption, his biological parents married and had a daughter, Mona, who did not learn of her brother's existence until she was an adult. He was brought up in his adoptive parent's home in Silicon Valley, the hub of the US electronics industry. LSD While attending a local high school the young Jobs was offered a summer job at the Hewlett Packard plant in Palo Alto where he found himself working alongside a fellow student named Steve Wozniak. He dropped out of college after one term and went to work for the video game manufacturer Atari with the idea of raising enough money to travel to India. Jobs returned from his trek around the sub continent with a shaven head, wearing Indian robes and having experienced the effects of LSD; he was to remain a Buddhist and vegetarian throughout his life. He went back to work at Atari and joined a local computer club with his friend Steve Wozniak who was designing and building his own computer. In 1976 Jobs pre-sold 50 of Wozniak's machines to a local computer store and, armed with a copy of the order, successfully persuaded an electronics distributor to let him have the components on credit. He managed to launch the machine, called the Apple 1, without having borrowed any money or given up a share of the business to anyone else. Ousted from Apple He named the company after his favourite fruit which, either by chance or design ensured it appeared in phone book listings ahead of rival Atari. The profit from the first Apple was ploughed back into an improved version, the Apple II, which appeared at a Californian computer fair in 1977. Development of the new machine was expensive and Jobs persuaded Mike Markkula, a local investor, to guarantee a $250,000 loan and, together with Wozniak, the three formed the company Apple Computer. The Apple II, unlike many other computers of the time, came complete and worked straight out of the box rather than the purchaser having to assemble the various parts. The new model became an instant success, kick starting the personal computer boom, achieving sales in excess of six million before production ended in 1993. But there were concerns at Apple about Jobs' lack of management experience and professional executives were hired to run the company. One Apple board member claimed Jobs was "uncontrollable." "He got ideas in his head, and being a founder of the company, he went off and did them regardless of whether it ended up being good for the company." Jobs introduced the Mackintosh in 1984 to wild acclaim, but behind the hyped up launch there were financial problems at Apple. A downturn in sales, and a growing resentment at what many employees saw as Jobs' autocratic style, resulted in an internal power struggle and he was ousted from the company. Toy Story By this time he had other irons in the fire. He founded NeXT Computer in 1985 and a year later bought Graphics Group from the Star Wars director, George Lucas. The company, which Jobs renamed Pixar, produced extremely expensive computer animation hardware which was used by a number of film makers, including Disney. Jobs switched the emphasis away from computer manufacturing and began producing computer animated feature films. The breakthrough came in 1995 with the film Toy Story, which went on to gross more than $350 million worldwide, and was followed by other successes including A Bug's Life, Finding Nemo and Monsters Inc. A year later, Apple paid more than $400 million for NeXT computer and Jobs was back with the company he founded, wasting no time in removing Apple's then, Chief Executive Officer. Jobs tackled Apple's poor profitability by dropping some fringe projects and moving the company into the burgeoning consumer electronics market. The iPod, launched in 2001 satisfied the demand for music on the move and immediately became a style icon with its sleek design and distinctive white ear phones. To drive his new machine Jobs also launched iTunes, allowing customers to download music from the internet and create their own play lists. iphone In 2003 Jobs was diagnosed with pancreatic cancer and, rejecting the idea of surgery, set about finding alternative therapy, including a special diet. He finally underwent surgery in 2004 having kept his illness secret from all but a small handful of Apple insiders. In 2005 Disney paid $7 billion worth of stock to buy Pixar from Jobs who, as a result, became the Walt Disney Company's biggest shareholder. Two years later, at yet another much hyped launch, Jobs introduced the iPhone to a legion of customers, many of whom had queued for hours at their local Apple store. In 2008 the ultra thin Macbook Air was launched with Jobs doing his usual stage presentation dressed in his habitual black turtle neck jumper and faded jeans. His thin and somewhat gaunt appearance fuelled speculation that his illness had returned and it was announced, in early 2009, that he was taking a six month break to cope with what was described as a "hormonal imbalance." In April of that year he underwent a liver transplant, with his doctors announcing that the prognosis was "excellent." However, in Jan 2011, Apple announced that Jobs would taking a leave of absence for health reasons. Unlike his contemporary, Microsoft's Bill Gates, Steve Jobs showed little inclination to use his personal wealth for philanthropic purposes. And, strangely for a self-professed Buddhist, he did not embrace environmental concerns, with Apple coming under fire from Greenpeace for its reluctance to produce easily recyclable products. Steve Jobs was a one off; a man who had total belief in his own abilities and a shortage of patience for anyone who failed to agree with him. His great gifts were an ability to second guess the market and an eye for well designed and innovative products that everyone would buy. "You can't just ask customers what they want and then try to give that to them," he once said. "By the time you get it built, they'll want something new." From rforno at infowarrior.org Wed Oct 5 21:09:35 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 5 Oct 2011 22:09:35 -0400 Subject: [Infowarrior] - Hayden: What's at stake in the cloud? Message-ID: <887946F3-45B2-4A0C-98D7-D83402F1A164@infowarrior.org> http://thehill.com/opinion/op-ed/185565-whats-at-stake-in-the-cloud What's at stake in the cloud? By Gen. Michael Hayden - 10/04/11 07:39 PM ET The new federal strategy for implementing cloud-computing solutions is called "Cloud First"- and with good reason. We now systematically prefer cloud-computing solutions to those based on local servers and laptops. The allure of efficiencies, economies of scale, high-end services and - most importantly - reduced costs are almost irresistible. But, as American governments at the federal, state and local levels rush headlong toward cloud computing, wouldn't it be wise to pause and ask, "What's at stake?" From a security perspective, as a former director of the National Security Agency charged with stealing other nation's secrets while protecting our own, I believe these stakes are high and the costs of a mistake particularly grave. The current structure of the Internet is fundamentally open - open in terms of access and open in terms of use. But this openness has consequences. As deputy secretary of Defense William Lynn said in a speech announcing our military's Strategy for Operating in Cyberspace: "The Internet was designed to be open, transparent, and interoperable. Security and identity management were secondary objectives in system design. This lower emphasis on security in the Internet's initial design ... gives attackers a built-in advantage." The transition to the cloud gives us a chance to change that flawed security paradigm. We can, if we choose to, build in more powerful security principles from the beginning as integral components of cloud architecture. Where more sophisticated and costly security solutions are too expensive for an individual user (or small network), they are more affordable when the costs are distributed among a larger group of users. Likewise, sophisticated solutions that could be too cumbersome to run on a stand-alone personal computer or laptop (or today's tablet or phone) can run effortlessly on the larger server systems maintained by cloud service providers. Thus, if we invest our capital wisely (like creating an efficient data management and authentication structure), the transition to cloud computing can hold the promise of high-end security even for routine data transactions. But, just as these economies of scale offer the promise of greater security, they also create greater vulnerabilities and threats that must be addressed before we can say that cloud computing is secure. The accumulation of vast stores of data and computing power in cloud-based systems will provide online thieves and hackers and nation states bent on espionage with an exceedingly attractive target. In a survey of attendees at the 2010 DEFCON conference, one of the largest hacker conferences in the world, 96 percent of hackers believed the cloud would open up more hacking opportunities for them, while 89 percent believed cloud vendors were not doing enough to address security issues. Given the potential nature of cloud services, in the event of data theft or loss due to illegal or intrusive actions, cloud clients could be subject to legal and/or financial liability for breaches over which they have little knowledge and even less practical control. Users might also need to create independent Continuity of Operations Plans (COOP) to ensure functionality and survivability if cloud service is disrupted. One essential part of any COOP will have to be the ability to change cloud or other network service providers should the need arise. Will there be sufficiently common standards that govern "cloud" service to make any such transition possible and not overly complex or costly? Any system is subject to insider threats. The more concentrated the data, the more catastrophic the failure if the threat materializes. In the cloud, an insider with access can replicate, download, steal, delete or modify multiple clients' data unless effective internal security measures are implemented. Personnel screening, internal security and the like will be the responsibility of the cloud manager. How transparent will this be to clients since users will be dependent on the cloud manager's effectiveness? To date, most cyberattacks have in reality been examples of theft - personal data, intellectual property, state secrets - conducted for malice, profit or espionage. And unlike parallel activity in the physical domain, which usually only directly affects large commercial and governmental interests, cyberattacks can directly affect individual citizens. In the cloud, it is their data that is stolen and their services that are disrupted. Breaches in the cloud could be more catastrophic than breaches in discreet networks or systems. Overstating the threat only slightly, the difference is between breaking into an individual home and breaking into a large, theoretically secure building filled with unlocked condominiums. There are fundamental challenges and opportunities for cloud providers. Will they develop a business model that emphasizes merely price and efficiency, or will they strive to make security services a key discriminator between their offerings and those of their competitors - even if that means reinvesting some portion of the cloud's "savings" back into a more secure architecture. Let's hope for the latter. Hayden is the former director of the National Security Agency (1999 to 2005) and Central Intelligence Agency (2006 to 2009). He is now a principal at The Chertoff Group, a global security advisory firm, which advises clients on cybersecurity including cloud computing. From rforno at infowarrior.org Thu Oct 6 06:42:24 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 6 Oct 2011 07:42:24 -0400 Subject: [Infowarrior] - Secret panel can put Americans on "kill list' Message-ID: <26007A23-FD6D-44AB-92DE-86884E12ABEB@infowarrior.org> Secret panel can put Americans on "kill list' Wed, Oct 5 2011 By Mark Hosenball http://www.reuters.com/article/2011/10/05/us-cia-killlist-idUSTRE79475C20111005 WASHINGTON (Reuters) - American militants like Anwar al-Awlaki are placed on a kill or capture list by a secretive panel of senior government officials, which then informs the president of its decisions, according to officials. There is no public record of the operations or decisions of the panel, which is a subset of the White House's National Security Council, several current and former officials said. Neither is there any law establishing its existence or setting out the rules by which it is supposed to operate. The panel was behind the decision to add Awlaki, a U.S.-born militant preacher with alleged al Qaeda connections, to the target list. He was killed by a CIA drone strike in Yemen late last month. The role of the president in ordering or ratifying a decision to target a citizen is fuzzy. White House spokesman Tommy Vietor declined to discuss anything about the process. Current and former officials said that to the best of their knowledge, Awlaki, who the White House said was a key figure in al Qaeda in the Arabian Peninsula, al Qaeda's Yemen-based affiliate, had been the only American put on a government list targeting people for capture or death due to their alleged involvement with militants. The White House is portraying the killing of Awlaki as a demonstration of President Barack Obama's toughness toward militants who threaten the United States. But the process that led to Awlaki's killing has drawn fierce criticism from both the political left and right. In an ironic turn, Obama, who ran for president denouncing predecessor George W. Bush's expansive use of executive power in his "war on terrorism," is being attacked in some quarters for using similar tactics. They include secret legal justifications and undisclosed intelligence assessments. Liberals criticized the drone attack on an American citizen as extra-judicial murder. Conservatives criticized Obama for refusing to release a Justice Department legal opinion that reportedly justified killing Awlaki. They accuse Obama of hypocrisy, noting his administration insisted on publishing Bush-era administration legal memos justifying the use of interrogation techniques many equate with torture, but refused to make public its rationale for killing a citizen without due process. Some details about how the administration went about targeting Awlaki emerged on Tuesday when the top Democrat on the House Intelligence Committee, Representative Dutch Ruppersberger, was asked by reporters about the killing. The process involves "going through the National Security Council, then it eventually goes to the president, but the National Security Council does the investigation, they have lawyers, they review, they look at the situation, you have input from the military, and also, we make sure that we follow international law," Ruppersberger said. LAWYERS CONSULTED Other officials said the role of the president in the process was murkier than what Ruppersberger described. They said targeting recommendations are drawn up by a committee of mid-level National Security Council and agency officials. Their recommendations are then sent to the panel of NSC "principals," meaning Cabinet secretaries and intelligence unit chiefs, for approval. The panel of principals could have different memberships when considering different operational issues, they said. The officials insisted on anonymity to discuss sensitive information. They confirmed that lawyers, including those in the Justice Department, were consulted before Awlaki's name was added to the target list. Two principal legal theories were advanced, an official said: first, that the actions were permitted by Congress when it authorized the use of military forces against militants in the wake of the attacks of September 11, 2001; and they are permitted under international law if a country is defending itself. Several officials said that when Awlaki became the first American put on the target list, Obama was not required personally to approve the targeting of a person. But one official said Obama would be notified of the principals' decision. If he objected, the decision would be nullified, the official said. A former official said one of the reasons for making senior officials principally responsible for nominating Americans for the target list was to "protect" the president. Officials confirmed that a second American, Samir Khan, was killed in the drone attack that killed Awlaki. Khan had served as editor of Inspire, a glossy English-language magazine used by AQAP as a propaganda and recruitment vehicle. But rather than being specifically targeted by drone operators, Khan was in the wrong place at the wrong time, officials said. Ruppersberger appeared to confirm that, saying Khan's death was "collateral," meaning he was not an intentional target of the drone strike. When the name of a foreign, rather than American, militant is added to targeting lists, the decision is made within the intelligence community and normally does not require approval by high-level NSC officials. 'FROM INSPIRATIONAL TO OPERATIONAL' Officials said Awlaki, whose fierce sermons were widely circulated on English-language militant websites, was targeted because Washington accumulated information his role in AQAP had gone "from inspirational to operational." That meant that instead of just propagandizing in favor of al Qaeda objectives, Awlaki allegedly began to participate directly in plots against American targets. "Let me underscore, Awlaki is no mere messenger but someone integrally involved in lethal terrorist activities," Daniel Benjamin, top counterterrorism official at the State Department, warned last spring. The Obama administration has not made public an accounting of the classified evidence that Awlaki was operationally involved in planning terrorist attacks. But officials acknowledged that some of the intelligence purporting to show Awlaki's hands-on role in plotting attacks was patchy. For instance, one plot in which authorities have said Awlaki was involved Nigerian-born Umar Farouk Abdulmutallab, accused of trying to blow up a Detroit-bound U.S. airliner on Christmas Day 2009 with a bomb hidden in his underpants. There is no doubt Abdulmutallab was an admirer or follower of Awlaki, since he admitted that to U.S. investigators. When he appeared in a Detroit courtroom earlier this week for the start of his trial on bomb-plot charges, he proclaimed, "Anwar is alive." But at the time the White House was considering putting Awlaki on the U.S. target list, intelligence connecting Awlaki specifically to Abdulmutallab and his alleged bomb plot was partial. Officials said at the time the United States had voice intercepts involving a phone known to have been used by Awlaki and someone who they believed, but were not positive, was Abdulmutallab. Awlaki was also implicated in a case in which a British Airways employee was imprisoned for plotting to blow up a U.S.-bound plane. E-mails retrieved by authorities from the employee's computer showed what an investigator described as " operational contact" between Britain and Yemen. Authorities believe the contacts were mainly between the U.K.-based suspect and his brother. But there was a strong suspicion Awlaki was at the brother's side when the messages were dispatched. British media reported that in one message, the person on the Yemeni end supposedly said, "Our highest priority is the US ... With the people you have, is it possible to get a package or a person with a package on board a flight heading to the US?" U.S. officials contrast intelligence suggesting Awlaki's involvement in specific plots with the activities of Adam Gadahn, an American citizen who became a principal English-language propagandist for the core al Qaeda network formerly led by Osama bin Laden. While Gadahn appeared in angry videos calling for attacks on the United States, officials said he had not been specifically targeted for capture or killing by U.S. forces because he was regarded as a loudmouth not directly involved in plotting attacks. From rforno at infowarrior.org Thu Oct 6 19:55:55 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 6 Oct 2011 20:55:55 -0400 Subject: [Infowarrior] - California: Appeals Court Approves Cell Phone Search During Traffic Stop Message-ID: <374CB82D-EDCC-4587-A367-AB7F2E4CACEA@infowarrior.org> http://www.thenewspaper.com/news/36/3603.asp California: Appeals Court Approves Cell Phone Search During Traffic Stop "In sum, it is our conclusion that, after Reid [Nottoli] was arrested for being under the influence, it was reasonable to believe that evidence relevant to that offense might be found in his vehicle," Justice Franklin D. Elia wrote for the three-judge panel. "Consequently, the deputies had unqualified authority under Gant to search the passenger compartment of the vehicle and any container found therein, including Reid's cell phone. It is up to the US Supreme Court to impose any greater limits on officers' authority to search incident to arrest." The court reversed the lower court's order suppressing the evidence, but the decision was made solely to set legal precedent. Reid Nottoli died on September 4. From rforno at infowarrior.org Thu Oct 6 19:58:44 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 6 Oct 2011 20:58:44 -0400 Subject: [Infowarrior] - Time-zone database down Message-ID: (c/o CG) Time-zone database down http://blog.joda.org/2011/10/today-time-zone-database-was-closed.html?m=1 Today, the time-zone database was closed down. It is perhaps easy to read that line, think it doesn't affect you, and then move on. But thats just not the case. The time-zone database (sometimes referred to as the Olson database) is the computing world's principle source of time-zone data. It is embedded in every Unix and Java for starters, and will be used by many websites and probably by your iPhone. You may know it via the IDs, such as "Europe/London" or "America/New_York". But, perhaps you're thinking that time-zones don't change? Well that may be true for America and the EU right now, but certainly isn't for the rest of the world. Governments change their time-zones all the time, and the decisions are frequently very political. I'd estimate there are between 20 and 100 separate changes made around the globe each year. And these can be at very short notice, triggered by earthquakes for example. The time-zone database tracks all this information and creates a standard format file that describes it. I would show you an example of the file, but then perhaps I'd be sued.... The database itself was run as an open source project, led by Arthur David Olson, supported by many others. The data was published as a set of files about 15 times a year, and then picked up by users everywhere. The complaint itself comes from Astrolabe, Inc, whose website looks like a company I would avoid doing business with. The complaint is that Astrolabe produce a work, the "ACS Atlas", which is referenced by the time-zone database (some sources suggest that Astrolabe may have recently purchased the work). Astrolabe claim copyright over their work and thus believe that the time-zone databse should not have released their information to the public domain. The case is targetted at two private individuals - Arthur David Olson and Paul Eggert, who have hosted the website for many years. The key passage in the time-zone databse files is this: # From Paul Eggert (2006-03-22): # A good source for time zone historical data in the US is # Thomas G. Shanks, The American Atlas (5th edition), # San Diego: ACS Publications, Inc. (1991). # Make sure you have the errata sheet; the book is somewhat useless without it. # It is the source for most of the pre-1991 US entries below. For obvious reasons, I'll refrain on commenting on the rights and wrongs of the case, although I will note that facts like the phonebook cannot be copyrighted. A detailed response from one site taken down is now available. Instead I'll focus on the impact. The impact of this is severe for anyone that uses it - whether via Java, Unix or some other means. This really is the key tool used by everyone to tell the right time globally. We all owe a debt of gratitude to the database maintainers who have worked on this for many, many years at zero cost to the industry and for zero financial gain. So, right now the global situation is that there is no longer a single central location for time-zone information for computing. I'm sure that each major user project (like the Unix distros) will patch their own versions as best they can, but the stricter ones might argue that the current data is tainted and want to remove even that. This could get very messy very quickly. Both Joda-Time and ThreeTen/JSR-310 use the data to build timezone information. ThreeTen/JSR-310 in particular provides this information in huge detail to applications. The worst case scenario is that multiple groups start up to provide this data in the future, and applications are then responsible for handling multiple competing data sources. This data is so key to the world at this point that it needs to be formalised and run by a group with more legal and financial backing. Efforts had been ongoing to achieve this, but they may now be in jeopardy - who would want to take on a project being legally attacked?. I hereby call on the industry leaders to help sort this out - IBM, Oracle, Apple, Google, RedHat I'm looking at you. Update: I didn't include Microsoft here because Windows has its own time-zone data files. In the meantime, could I please ask that anyone thinking of patching the data on a temporary basis, or trying to recreate it from scratch, re-uses the existing file format. There is no reason to believe that the C code or file format is tainted by the lawsuit, just the data. So, lets all please try to minimise the mess that could happen if everyone starts to go their own way. From rforno at infowarrior.org Fri Oct 7 06:50:48 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 7 Oct 2011 07:50:48 -0400 Subject: [Infowarrior] - WH Orders New Computer Security Rules Message-ID: <84AC90AE-D09B-4642-AFEB-2CFF580C4B3E@infowarrior.org> October 6, 2011 White House Orders New Computer Security Rules By ERIC SCHMITT http://www.nytimes.com/2011/10/07/us/politics/white-house-orders-new-computer-security-rules.html WASHINGTON ? The White House plans to issue an executive order on Friday to replace a flawed patchwork of computer security safeguards exposed by the disclosure of hundreds of thousands of classified government documents to WikiLeaks last year. The order by President Obama culminates a seven-month governmentwide review of policies and procedures involving the handling of classified information, and recommendations on how to reduce the risk of breaches. The directive enshrines many stopgap fixes that the Pentagon, the State Department and the Central Intelligence Agency made immediately after the initial WikiLeaks disclosures last November. Since then, for instance, the military has disabled 87 percent of its computers to prevent people from downloading classified data onto memory sticks, CDs or DVDs. The Pentagon has also developed procedures to monitor and detect suspicious behavior on classified computer systems. And the State Department stopped distributing its diplomatic cables over a classified e-mail system used by many in the military, including Pfc. Bradley E. Manning, who is accused of leaking the classified documents to WikiLeaks. Computer security analysts say these safeguards, as well as others in the executive order aimed at bringing greater consistency and accountability to information sharing and protection policies, are long overdue, and lag behind what is routine in the private sector. ?The real surprise continues to be that relatively elementary procedures should have been in place and were not,? said Ravi Sandhu, executive director of the Institute for Cyber Security at the University of Texas at San Antonio. In addition to these immediate measures, Mr. Obama?s order creates a task force led by the attorney general and the director of national intelligence to combat leaks from government workers, or what the White House calls an ?insider threat.? The directive also establishes a special government committee that must submit a report to the president within 90 days, and then at least once a year after that, assessing federal successes and failures in protecting classified information on government computer networks. According to government prosecutors, the three big WikiLeaks document dumps were disguised as a Lady Gaga CD and smuggled out of a military intelligence office in Iraq by Private Manning. Computer security analysts say the case revealed major lapses in securing classified data in war zones. Now, virtually every Defense Department computer is blocked from downloading classified information onto memory sticks or CDs, except for explicitly authorized ?mission essential? exceptions. The Pentagon has issued a cyber identity credential to anyone using unclassified networks and has started a similar program for personnel using classified networks. These credentials allow supervisors to track what users are working on. And the military is accelerating the analysis of logs from computers on the classified networks to detect large transfers of data or the use of data that is unrelated to an individual?s job duties. ?It?s an additional tool to provide indicators that flag anomalous behavior, much as credit card companies monitor credit card use and a user?s profile,? said Teri Takai, the Defense Department?s chief information officer. The WikiLeaks disclosure also revealed disparities in the use of security safeguards by various federal agencies and even within agencies. Under the new order, each federal agency will designate a senior official to oversee procedures for safeguarding classified data that also protect user privacy and civil liberties. ?As technology changes, we hope to be ahead of the curve, seeing where technology is going and being able to respond before it?s necessary,? said Patrick F. Kennedy, the under secretary for management at the State Department. Despite the changes and continuing review, administration officials say the new policies and procedures are relatively untested. ?I don?t think we?ll ever be able to guarantee this won?t happen again, but this greatly enhances our chances of preventing it or catching it in the process,? said Monte Hawkins, the director for identity management and biometrics policy at the National Security Council. From rforno at infowarrior.org Fri Oct 7 07:53:15 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 7 Oct 2011 08:53:15 -0400 Subject: [Infowarrior] - DHS moves forward with 'pre-crime' detection Message-ID: <8E2A049A-0A2B-4FF8-AA2B-85AD8173C698@infowarrior.org> Homeland Security moves forward with 'pre-crime' detection http://news.cnet.com/8301-31921_3-20117058-281/homeland-security-moves-forward-with-pre-crime-detection/ By: Declan McCullagh October 7, 2011 4:00 AM PDT An internal U.S. Department of Homeland Security document indicates that a controversial program designed to predict whether a person will commit a crime is already being tested on some members of the public, CNET has learned. If this sounds a bit like the Tom Cruise movie called "Minority Report," or the CBS drama "Person of Interest," it is. But where "Minority Report" author Philip K. Dick enlisted psychics to predict crimes, DHS is betting on algorithms: it's building a "prototype screening facility" that it hopes will use factors such as ethnicity, gender, breathing, and heart rate to "detect cues indicative of mal-intent." The latest developments, which reveal efforts to "collect, process, or retain information on" members of "the public," came to light through an internal DHS document obtained under open-government laws by the Electronic Privacy Information Center. DHS calls its "pre-crime" system Future Attribute Screening Technology, or FAST. "If it were deployed against the public, it would be very problematic," says Ginger McCall, open government counsel at EPIC, a nonprofit group in Washington, D.C. It's unclear why the June 2010 DHS document (PDF) specified that information is currently collected or retained on members of "the public" as part of FAST, and a department representative declined to answer questions that CNET posed two days ago. Elsewhere in the document, FAST program manager Robert Middleton Jr. refers to a "limited" initial trial using DHS employees as test subjects. Middleton says that FAST "sensors will non-intrusively collect video images, audio recordings, and psychophysiological measurements from the employees," with a subgroup of employees singled out, with their permission, for more rigorous evaluation. Peter Boogaard, the deputy press secretary for the Department of Homeland Security, provided a statement to CNET that said: The department's Science and Technology Directorate has conducted preliminary research in operational settings to determine the feasibility of using non-invasive physiological and behavioral sensor technology and observational techniques to detect signs of stress, which are often associated with intent to do harm. The FAST program is only in the preliminary stages of research and there are no plans for acquiring or deploying this type of technology at this time. FAST is designed to track and monitor, among other inputs, body movements, voice pitch changes, prosody changes (alterations in the rhythm and intonation of speech), eye movements, body heat changes, and breathing patterns. Occupation and age are also considered. A government source told CNET that blink rate and pupil variation are measured too. A field test of FAST has been conducted in at least one undisclosed location in the northeast. "It is not an airport, but it is a large venue that is a suitable substitute for an operational setting," DHS spokesman John Verrico told Nature.com in May. Although DHS has publicly suggested that FAST could be used at airport checkpoints--the Transportation Security Agency is part of the department, after all--the government appears to have grander ambitions. One internal DHS document (PDF) also obtained by EPIC through the Freedom of Information Act says a mobile version of FAST "could be used at security checkpoints such as border crossings or at large public events such as sporting events or conventions." It also says that the next field trial of FAST will involve members of the public who "have food service experience" and are paid "to work at a one day VIP event." Most of the document is redacted, but each person is apparently told to act normally or to do something demonstrating "mal-intent," such as being told to smuggle a recording device into the VIP event. The trick, then, is to see if FAST can detect which is which. It's not clear whether these people were informed that they're participating in a FAST study. McCall, the EPIC attorney who has been pressing the department to obtain these internal documents, said it's time for the DHS Privacy Office to review the current state of the FAST project. What appears to be the most recent privacy analysis (PDF) was completed in December 2008 and contemplates using "volunteer participants" who have given their "informed consent." "They should do a privacy impact assessment," McCall said. DHS is being unusually secretive about FAST. A February 2010 contract (PDF) with Cambridge, Mass.-based Draper Laboratory to build elements of the "pre-crime" system has every dollar figure blacked out (a fleeting reference to an "infrared camera" remained). Relying on ambiguous biological factors to predict mal-intent is worrisome, says McCall. "Especially if they're going to be rolling this out at the airport. I don't know about you, but going to an airport gives me a minor panic attack, wondering if I'm going to get groped by a TSA officer." From rforno at infowarrior.org Fri Oct 7 13:23:24 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 7 Oct 2011 14:23:24 -0400 Subject: [Infowarrior] - Computer Virus Hits U.S. Drone Fleet Message-ID: <0C1B94F3-DEA2-4358-BB0C-32D1C4C21EA7@infowarrior.org> Exclusive: Computer Virus Hits U.S. Drone Fleet ? By Noah Shachtman ? October 7, 2011 | ? 1:11 pm | ? Categories: Drones http://www.wired.com/dangerroom/2011/10/virus-hits-drone-fleet/ A computer virus has infected the cockpits of America?s Predator and Reaper drones, logging pilots? every keystroke as they remotely fly missions over Afghanistan and other warzones. The virus, first detected nearly two weeks ago by the military?s Host-Based Security System, has not prevented pilots at Creech Air Force Base in Nevada from flying their missions overseas. Nor have there been any confirmed incidents of classified information being lost or sent to an outside source. But the virus has resisted multiple efforts to remove it from Creech?s computers, network security specialists say. And the infection underscores the ongoing security risks in what has become the U.S. military?s most important weapons system. ?We keep wiping it off, and it keeps coming back,? says a source familiar with the network infection, one of three that told Danger Room about the virus. ?We think it?s benign. But we just don?t know.? Military network security specialists aren?t sure whether the virus and its so-called ?keylogger? payload were introduced intentionally or by accident; it may be a common piece of malware that just happened to make its way into these sensitive networks. The specialists don?t know exactly how far the virus has spread. But they?re sure that the infection has hit both classified and unclassified machines at Creech. That raises the possibility, at least, that secret data may have been captured by the keylogger, and then transmitted over the public internet to someone outside the military chain of command. Drones have become America?s tool of choice in both its conventional and shadow wars, allowing U.S. forces to attack targets and spy on its foes without risking American lives. Since President Obama assumed office, a fleet of approximately 30 CIA-directed drones have hit targets in Pakistan more than 230 times; all told, these drones have killed more than 2,000 suspected militants and civilians, according to the Washington Post. More than 150 additional Predator and Reaper drones, under U.S. Air Force control, watch over the fighting in Afghanistan and Iraq. American military drones struck 92 times in Libya between mid-April and late August. And late last month, an American drone killed top terrorist Anwar al-Awlaki ? part of an escalating unmanned air assault in the Horn of Africa and southern Arabian peninsula. But despite their widespread use, the drone systems are known to have security flaws. Many Reapers and Predators don?t encrypt the video they transmit to American troops on the ground. In the summer of 2009, U.S. forces discovered ?days and days and hours and hours? of the drone footage on the laptops of Iraqi insurgents. A $26 piece of software allowed the militants to capture the video. The lion?s share of U.S. drone missions are flown by Air Force pilots stationed at Creech, a tiny outpost in the barren Nevada desert, 20 miles north of a state prison and adjacent to a one-story casino. In a nondescript building, down a largely unmarked hallway, is a series of rooms, each with a rack of servers and a ?ground control station,? or GCS. There, a drone pilot and a sensor operator sit in their flight suits in front of a series of screens. In the pilot?s hand is the joystick, guiding the drone as it soars above Afghanistan, Iraq, or some other battlefield. Some of the GCSs are classified secret, and used for conventional warzone surveillance duty. The GCSs handling more exotic operations are top secret. None of the remote cockpits are supposed to be connected to the public internet. Which means they are supposed to be largely immune to viruses and other network security threats. But time and time again, the so-called ?air gaps? between classified and public networks have been bridged, largely through the use of discs and removable drives. In late 2008, for example, the drives helped introduce the agent.btz worm to hundreds of thousands of Defense Department computers. The Pentagon is still disinfecting machines, three years later. Use of the drives is now severely restricted throughout the military. But the base at Creech was one of the exceptions, until the virus hit. Predator and Reaper crews use removable hard drives to load map updates and transport mission videos from one computer to another. The virus is believed to have spread through these removable drives. Drone units at other Air Force bases worldwide have now been ordered to stop their use. In the meantime, technicians at Creech are trying to get the virus off the GCS machines. It has not been easy. At first, they followed removal instructions posted on the website of the Kaspersky security firm. ?But the virus kept coming back,? a source familiar with the infection says. Eventually, the technicians had to use a software tool called BCWipe to completely erase the GCS? internal hard drives. ?That meant rebuilding them from scratch? ? a time-consuming effort. The Air Force declined to comment directly on the virus. ?We generally do not discuss specific vulnerabilities, threats, or responses to our computer networks, since that helps people looking to exploit or attack our systems to refine their approach,? says Lt. Col. Tadd Sholtis, a spokesman for Air Combat Command, which oversees the drones and all other Air Force tactical aircraft. ?We invest a lot in protecting and monitoring our systems to counter threats and ensure security, which includes a comprehensive response to viruses, worms, and other malware we discover.? However, insiders say that senior officers at Creech are being briefed daily on the virus. ?It?s getting a lot of attention,? the source says. ?But no one?s panicking. Yet.? From rforno at infowarrior.org Fri Oct 7 13:30:03 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 7 Oct 2011 14:30:03 -0400 Subject: [Infowarrior] - Text of WH EO on Classified Networks Message-ID: <77344224-EDCC-42B2-B913-FF9989ECED97@infowarrior.org> FWIW...... Executive Order -- Structural Reforms to Improve the Security of Classified Networks and the Responsible Sharing and Safeguarding of Classified Information http://www.whitehouse.gov/the-press-office/2011/10/07/executive-order-structural-reforms-improve-security-classified-networks- From rforno at infowarrior.org Fri Oct 7 14:37:59 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 7 Oct 2011 15:37:59 -0400 Subject: [Infowarrior] - Removal of Restrictions Can Decrease Music Piracy Message-ID: <01F5E33B-20DB-40BB-B089-96FF317F1417@infowarrior.org> (c/o JJ) ... the website in question is horribly laid out, giving FAR FAR too much space to ads versus content. -- rick Removal of Restrictions Can Decrease Music Piracy http://www.sciencedaily.com/releases/2011/10/111007113944.htm ScienceDaily (Oct. 7, 2011) ? Contrary to the traditional views of the music industry, removal of digital rights management (DRM) restrictions can actually decrease piracy, according to new research from Rice University and Duke University. Marketing professors Dinah Vernik of Rice and Devavrat Purohit and Preyas Desai of Duke used analytical modeling to examine how piracy is influenced by the presence or absence of DRM restrictions. They found that while these restrictions make piracy more costly and difficult, the restrictions also have a negative impact on legal users who have no intention of doing anything illegal. Their findings, which will appear in the November-December issue of Marketing Science, add to the ongoing debate about technology that limits usage of digital content. Because a DRM-restricted product will only be purchased by a legal user, ?"only the legal users pay the price and suffer from the restrictions," the study said. "Illegal users are not affected because the pirated product does not have DRM restrictions." "In many cases, DRM restrictions prevent legal users from doing something as normal as making backup copies of their music," Vernik said. "Because of these inconveniences, some consumers choose to pirate." The research challenges conventional wisdom that removal of DRM restrictions increases piracy levels; the study shows that piracy can actually decrease when a company allows restriction-free downloads. "Removal of these restrictions makes the product more convenient to use and intensifies competition with the traditional format (CDs), which has no DRM restrictions," Vernik said. "This increased competition results in decreased prices for both downloadable and CD music and makes it more likely that consumers will move from stealing music to buying legal downloads." "Unlike in earlier literature, we examine consumers' choices among all the major sources of music," Desai said. "By analyzing the competition among the traditional retailer, the digital retailer and pirated music, we get a better understanding of the competitive forces in the market." The research also revealed that copyright owners don't necessarily benefit from a lower amount of piracy. "Decreased piracy doesn't guarantee increased profits," Purohit said. "In fact, our analysis demonstrates that under some conditions, one can observe lower levels of piracy and lower profits." Vernik, Desai and Purohit hope that their research paper, "Music Downloads and the Flip Side of Digital Rights Management Protection," will provide important insights into the role of DRM. "[The late] Steve Jobs said it best: 'Why would the big four music companies agree to let Apple and others distribute their music without using DRM systems to protect it? The simplest answer is because DRMs haven't worked, and may never work, to halt music piracy.'" Vernik said. "And our research presented a counterintuitive conclusion that in fact, removing the DRM can be more effective in decreasing music piracy than making the DRM more stringent." The research was funded by Rice and Duke universities. From rforno at infowarrior.org Fri Oct 7 15:02:40 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 7 Oct 2011 16:02:40 -0400 Subject: [Infowarrior] - FBI to launch nationwide facial recognition service Message-ID: FBI to launch nationwide facial recognition service By Aliya Sternstein 10/07/2011 http://www.nextgov.com/nextgov/ng_20111007_6100.php?oref=rss The FBI by mid-January will activate a nationwide facial recognition service in select states that will allow local police to identify unknown subjects in photos, bureau officials told Nextgov. The federal government is embarking on a multiyear, $1 billion dollar overhaul of the FBI's existing fingerprint database to more quickly and accurately identify suspects, partly through applying other biometric markers, such as iris scans and voice recordings. Often law enforcement authorities will "have a photo of a person and for whatever reason they just don't know who it is [but they know] this is clearly the missing link to our case," said Nick Megna, a unit chief at the FBI's criminal justice information services division. The new facial recognition service can help provide that missing link by retrieving a list of mug shots ranked in order of similarity to the features of the subject in the photo. Today, an agent would have to already know the name of an individual to pull up the suspect's mug shot from among the 10 million shots stored in the bureau's existing Integrated Automated Fingerprint Identification System. Using the new Next-Generation Identification system that is under development, law enforcement analysts will be able to upload a photo of an unknown person; choose a desired number of results from two to 50 mug shots; and, within 15 minutes, receive identified mugs to inspect for potential matches. Users typically will request 20 candidates, Megna said. The service does not provide a direct match. Michigan, Washington, Florida and North Carolina will participate in a test of the new search tool this winter before it is offered to criminal justice professionals across the country in 2014 as part of NGI. The project, which was awarded to Lockheed Martin Corp. in 2008, already has upgraded the FBI's fingerprint matching service. Local authorities have the choice to file mug shots with the FBI as part of the booking process. The bureau expects its collection of shots to rival its repository of 70 million fingerprints once more officers are aware of the facial search's capabilities. Thomas E. Bush III, who helped develop NGI's system requirements when he served as assistant director of the CJIS division between 2005 and 2009, said, "The idea was to be able to plug and play with these identifiers and biometrics." Law enforcement personnel saw value in facial recognition and the technology was maturing, said the 33-year FBI veteran who now serves as a private consultant. NGI's incremental construction seems to align with the White House's push to deploy new information technology in phases so features can be scrapped if they don't meet expectations or run over budget. But immigrant rights groups have raised concerns that the Homeland Security Department, which exchanges digital prints with the FBI, will abuse the new facial recognition component. Currently, a controversial DHS immigrant fingerprinting program called Secure Communities runs FBI prints from booked offenders against the department's IDENT biometric database to check whether they are in the country illegally. Homeland Security officials say they extradite only the most dangerous aliens, including convicted murderers and rapists. But critics say the FBI-DHS print swapping ensnares as many foreigners as possible, including those whose charges are minor or are ultimately dismissed. Megna said Homeland Security is not part of the facial recognition pilot. But, Bush said in the future NGI's data, including the photos, will be accessible by Homeland Security's IDENT. The planned addition of facial searches worries Sunita Patel, a staff attorney with the Center for Constitutional Rights, who said, "Any database of personal identity information is bound to have mistakes. And with the most personal immutable traits like our facial features and fingerprints, the public can't afford a mistake." In addition, Patel said she is concerned about the involvement of local police in information sharing for federal immigration enforcement purposes. "The federal government is using local cops to create a massive surveillance system," she said. Bush said, "We do have the capability to search against each other's systems," but added, "if you don't come to the attention of law enforcement you don't have anything to fear from these systems." Other civil liberties advocates questioned whether the facial recognition application would retrieve mug shots of those who have simply been arrested. "It might be appropriate to have nonconvicted people out of that system," said Jim Harper, director of information policy at the libertarian Cato Institute. FBI officials declined to comment on the recommendation. Harper also noted large-scale searches may generate a lot of false positives, or incorrect matches. Facial recognition "is more accurate with a Google or a Facebook, because they will have anywhere from a half-dozen to a dozen pictures of an individual, whereas I imagine the FBI has one or two mug shots," he said. FBI officials would not disclose the name of the search product or the vendor, but said they gained insights on the technique's accuracy by studying research from the National Institutes for Standards and Technology. In responding to concerns about the creation of a Big Brother database for tracking innocent Americans, Megna said the system will not alter the FBI's authorities or the way it conducts business. "This doesn't change or create any new exchanges of data," he said. "It only provides [law enforcement] with a new service to determine what photos are of interest to them." In 2008, the FBI released a privacy impact assessment summarizing its appraisal of controls in place to ensure compliance with federal privacy regulations. Megna said that, during meetings with the CJIS Advisory Policy Board and the National Crime Prevention and Privacy Compact Council, "we haven't gotten a whole lot of pushback on the photo capability." The FBI has an elaborate system of checks and balances to guard fingerprints, palm prints, mug shots and all manner of criminal history data, he said. "This is not something where we want to collect a bunch of surveillance film" and enter it in the system, Megna said. "That would be useless to us. It would be useless to our users." From rforno at infowarrior.org Fri Oct 7 16:48:43 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 7 Oct 2011 17:48:43 -0400 Subject: [Infowarrior] - More movie studio lunacy Message-ID: <787425CF-05DD-48CD-B586-4AC71AF84C59@infowarrior.org> No One Wanted To Pay $30 For In-Home Movie Rentals... So Now Universal Will Try $60? Techdirt10/7/11 14:06 PM Mike Masnick http://www.techdirt.com/articles/20111007/02570316246/no-one-wanted-to-pay-30-in-home-movie-rentals-so-now-universal-will-try-60.shtml There are times when I wonder just what various entertainment industry execs are thinking (or drinking or smoking, as the case may be). Back in April we laughed at the idea that people would be interested in paying $30 for video on demand for a movie, just because they could get it a little bit before it came out on DVD. The $30 price point was just too high. And, of course, it didn't take long for the news to come out that... $30 was just too high and almost no one bought. So what do you do if that plan fails? Well, if you're smart, you look at more reasonable price points. If you're not... you raise the price. Yes, that's right. Universal, with the assistance of parent company Comcast, is now going to test the preposterous $60 video on demand offering. The reason for the jacked up price? Because it'll come out on VOD three weeks after being released in the theaters -- at which point the film will still be in the theaters. The test is also going to be done on what the studio hopes is going to be a blockbuster: Tower Heist, starring Eddie Murphy, Ben Stiller and Matthew Broderick. Here's what's wrong with this: the studio is thinking about this from the studio's perspective and not the consumer's perspective (at all). Of course, this is NBC Universal we're talking about, so that's not particularly shocking. In the studio world, release "windows" are everything. And each later release window is less and less of a big deal. So it's totally natural to them to think "gee, if we move up the release window, that's more valuable, so let's jack up the price." But a consumer isn't thinking about release windows. A consumer is thinking "I want to watch a movie. I could go out to the theater, or I could watch it at home." And then they look at the option at home... and if they can, say, watch a film at no additional cost from Netflix... or if they can grab a movie at Redbox for $1... and they compare that to $60 for video on demand, who's actually going to do that? The pricing is insanity. Even funnier, however, was watching how the theaters totally freaked out over the original $30 plan, as they do with any plan to shrink the precious "window" between the theatrical release and any other kind of release. This is because theater owners don't know what business they're in. They think that they're in the content business, when they're really in the business of selling their seats. The fact that theater owners thought they couldn't compete with an insane $30 rental suggests that they don't know how to provide a good experience. And, of course, now that there's an even more ridiculous $60 price point, you would think that the theater folks would chuckle and say "hey, we can compete with that, no problem." But it appears theater owners may be even more unable to comprehend the mind of the consumer than the execs at NBC Universal. Thus, Cinemark is already warning that it will boycott the movie if Universal goes forward with this plan. In the meantime, it's also worth noting that the theaters convinced a bunch of big name Hollywood directors to sign an open letter to the studios protesting these kinds of "early" VOD releases. One of the names on that letter, by the way? Brett Ratner. The director of Tower Heist. Embarrassing... He is, of course, trying to distance himself from this trial, noting that he wasn't informed of it until the day before it was announced and had nothing to do with it. Of course, that's part of what happens when you do a deal like this. The studio owns the project, and they can do whatever they want with it. Either way, don't expect too many people to pay up for this experiment. It almost makes you wonder if the idea is to make it fail on purpose. From rforno at infowarrior.org Sat Oct 8 08:44:48 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 8 Oct 2011 09:44:48 -0400 Subject: [Infowarrior] - =?windows-1252?q?Banking=92s_Self_Inflicted_Wound?= =?windows-1252?q?s?= Message-ID: Banking?s Self Inflicted Wounds By Barry Ritholtz - October 4th, 2011, 7:24AM http://www.ritholtz.com/blog/2011/10/bankings-self-inflicted-wounds/ Morgan Stanley in a free fall. Goldman Sachs at multi-year lows. Citigroup looking Ugly. Bank of America off 50% from recent highs. You may be wondering what is going on with the major firms in the financial sector. While each of these firms have different problems ? vampire squids to Countrywide acquisitions ? they all have something in common: Their balance sheets are opaque. This is no accident. Indeed, it was by design that execs in the banking sector, and their outside accountants, hatched a scheme in 2008 to hide their balance sheets from public view. The bankers had been lobbying the Financial Accounting Standards Board to change the rules that governed ?Fair Value Measurements? also known as FAS157 (September 2006). You may recall during 2008 this was referred to as ?Mark-to-market? accounting. Banks loved m2m during a boom period. M2M made the more unusual balance sheet holdings ? derivatives, the mortgage-backed securities (MBS), exotic liabilities, and other assets ? look fantastic. The fair value measurements of these items ? essentially, yesterday?s closing price ? allowed the accounts to show enormous profits. Those were the underlying basis for huge bonuses, stock option grants and of course, company share prices. The reality was quite a bit different. These were not equities or treasuries or corporate bonds ? they were thinly traded items whose prices were ramping upwards on a sea of delusional optimism. As soon as the credit bubble ended and housing began to retreat, these assets would free fall like an Acme anvil in a Roadrunner cartoon ? and the bankers were the Coyote. Uh-oh, this was gonna be a problem. So the bankers began to lobby FASB to change the rules governing Fair Value Accounting. Sure, it was hugely helpful on the way up, but now, reporting actual holdings ? previously marked at all time highs ? was becoming problematic. To their credit, the accounting board resisted. What Bankers were proposing ? marking to their models ? was patently absurd. These were the models that told them these purchases were good ideas in the first place. Changing Mark-to-Market to Mark-to-Model was a free pass to practically allowed banks to NEVER have to write down their liabilities. Some people began calling the proposed accounting changes ?Mark-to-Make-Believe.? In the midst of the 2008-09 collapse, however, Congress was in a panic. They mandated that FASB accept Mark-to-Make-Believe accounting in the Emergency Economic Stabilization Act of 2008. It gave the Securities and Exchange Commission the authority to ?Suspend Mark-to-Market Accounting.? In March and April of 2009, that is precisely what occurred. It was yet another example of an industry lobbying Washington, D.C. to get precisely what they want ? and then having that legislation blow up in their faces. (I detailed other examples of this in a chapter of Bailout Nation ? you can see that chapter here: Strange Connections, Unintended Consequences). The bottom line is this: Investors do not really have a clear idea of how healthy any of these banks truly are. We do not know the state of their balance sheets. We do not know what their exposures are to mortgages, to Europe, to Greece, etc. They could all be technically insolvent, as far as any investor can tell. And that is exactly how the bankers wanted it. But given the trouble in Europe, and the likely problems in housing if the US goes into a recession, Investors have decided they cannot take the risk of a holding an opaque, possibly under-capitalized probably over-leveraged financial firm blindly. They are telling the banks no thanks, we are not interested, we are going to be prudent and we have to assume the worst. Hence, for the second half of 2011, they have been selling off their holdings in these opaque, potentially insolvent too big to succeed entities. Bankers, enjoy your beds. You made them, now lay in them . . . From rforno at infowarrior.org Sat Oct 8 20:12:06 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 8 Oct 2011 21:12:06 -0400 Subject: [Infowarrior] - Chaos Computer Club analyzes government malware Message-ID: Chaos Computer Club analyzes government malware 2011-10-08 19:00:00, admin http://ccc.de/en/updates/2011/staatstrojaner The largest European hacker club, "Chaos Computer Club" (CCC), has reverse engineered and analyzed a "lawful interception" malware program used by German police forces. It has been found in the wild and submitted to the CCC anonymously. The malware can not only siphon away intimate data but also offers a remote control or backdoor functionality for uploading and executing arbitrary other programs. Significant design and implementation flaws make all of the functionality available to anyone on the internet. Even before the German constitutional court ("Bundesverfassungsgericht") on February 27 2008 forbade the use of malware to manipulate German citizen's PCs, the German government introduced a less conspicuous newspeak variant of the term spy software: "Quellen-TK?" (the term means "source wiretapping" or lawful interception at the source). This Quellen-TK? can by definition only be used for wiretapping internet telephony. The court also said that this has to be enforced through technical and legal means. The CCC now published the extracted binary files [0] of the government malware that was used for "Quellen-TK?", together with a report about the functionality found and our conclusions about these findings [1]. During this analysis, the CCC wrote its own remote control software for the trojan. The CCC analysis reveals functionality in the "Bundestrojaner light" (Bundestrojaner meaning "federal trojan" and is the colloquial German term for the original government malware concept) concealed as "Quellen-TK?" that go much further than to just observe and intercept internet based telecommunication, and thus violates the terms set by the constitutional court. The trojan can, for example, receive uploads of arbitrary programs from the Internet and execute them remotely. This means, an "upgrade path" from Quellen-TK? to the full Bundestrojaner's functionality is built-in right from the start. Activation of the computer's hardware like microphone or camera can be used for room surveillance. The analysis concludes, that the trojan's developers never even tried to put in technical safeguards to make sure the malware can exclusively be used for wiretapping internet telephony, as set forth by the constitution court. On the contrary, the design included functionality to clandestinely add more components over the network right from the start, making it a bridge-head to further infiltrate the computer. "This refutes the claim that an effective separation of just wiretapping internet telephony and a full-blown trojan is possible in practice ? or even desired," commented a CCC speaker. "Our analysis revealed once again that law enforcement agencies will overstep their authority if not watched carefully. In this case functions clearly intended for breaking the law were implemented in this malware: they were meant for uploading and executing arbitrary code on the targeted system." The government malware can, unchecked by a judge, load extensions by remote control, to use the trojan for other functions, including but not limited to eavesdropping. This complete control over the infected PC ? owing to the poor craftsmanship that went into this trojan ? is open not just to the agency that put it there, but to everyone. It could even be used to upload falsified "evidence" against the PC's owner, or to delete files, which puts the whole rationale for this method of investigation into question. But the trojan's built-in functions are scary enough, even without extending it by new moduls. For the analysis, the CCC wrote it's own control terminal software, that can be used to remotely control infected PCs over the internet. With its help it is possible to watch screenshots of the web browser on the infected PC ? including private notices, emails or texts in web based cloud services. The official claim of a strict separation of lawful interception of internet telephony and the digital sphere of privacy has no basis in reality. [NB: The German constitutional court ruled that there is a sphere of privacy that is afforded total protection and can never be breached, no matter for what reason, for example keeping a diary or husband and wife talking in the bedroom. Government officials in Germany argued that it is possible to avoid listening in on this part but still eavesdrop electronically. The constitutional court has created the concept of "Kernbereich privater Lebensgestaltung", core area of private life. The CCC is basically arguing that nowadays a person's laptop is intrinsically part of this core area because people put private notes there and keep a diary on it] The fact that a judge has to sign the warrant does not protect the privacy, because the data are being taken directly from the core area of private life. The legislator should put an end to the ever growing expansion of computer spying that has been getting out of hand in recent years, and finally come up with an unambiguous definition for the digital privacy sphere and with a way to protect it effectively. Unfortunately, for too long the legislator has been guided by demands for technical surveillance, not by values like freedom or the question of how to protect our values in a digital world. It is now obvious that he is no longer able to oversee the technology, let alone control it. The analysis also revealed serious security holes that the trojan is tearing into infected systems. The screenshots and audio files it sends out are encrypted in an incompetent way, the commands from the control software to the trojan are even completely unencrypted. Neither the commands to the trojan nor its replies are authenticated or have their integrity protected. Not only can unauthorized third parties assume control of the infected system, but even attackers of mediocre skill level can connect to the authorities, claim to be a specific instance of the trojan, and upload fake data. It is even conceivable that the law enforcement agencies's IT infrastructure could be attacked through this channel. The CCC has not yet performed a penetration test on the server side of the trojan infrastructure. "We were surprised and shocked by the lack of even elementary security in the code. Any attacker could assume control of a computer infiltrated by the German law enforcement authorities", commented a speaker of the CCC. "The security level this trojan leaves the infected systems in is comparable to it setting all passwords to '1234'". To avoid revealing the location of the command and control server, all data is redirected through a rented dedicated server in a data center in the USA. The control of this malware is only partially within the borders of its jurisdiction. The instrument could therefore violate the fundamental principle of national sovereignty. Considering the incompetent encryption and the missing digital signatures on the command channel, this poses an unacceptable and incalculable risk. It also poses the question how a citizen is supposed to get their right of legal redress in the case the wiretapping data get lost outside Germany, or the command channel is misused. According to our hacker ethics and to avoid tipping off criminals who are being investigated, the CCC has informed the German ministry of the interior. They have had enough time to activate the existing self destruct function of the trojan. When arguing about the government authorized infiltration of computers and secretly scanning suspects' hard drives, the former minister of the interior Wolfgang Sch?uble and J?rg Ziercke, BKA's president (BKA, German federal policy agency), have always claimed that the population should not worry because there would only be "a handful" of cases where the trojan would be used at all. Either almost the complete set of government malware has found their way in brown envelopes to the CCC's mailbox, or the truth has been leapfrogged once again by the reality of eavesdropping and "lawful interception". The other promises made by the officials also are not basis in reality. In 2008 the CCC was told that all versions of the "Quellen-TK?" software would manually be hand-crafted for the specifics of each case. The CCC now has access to several software versions of the trojan, and they all use the same hard-coded cryptographic key and do not look hand-crafted at all. Another promise has been that the trojan would be subject to exceptionally strict quality control to make sure the rules set forth by the constitutional court would not be violated. In reality this exceptionally strict quality control has neither found that the key is hard coded, nor that the "encryption" is uni-directional only, nor that there is a back door for uploading and executing further malware. The CCC expressed hope that this farce is not representative for exceptionally strict quality control in federal agencies. The CCC demands: The clandestine infiltration of IT systems by government agencies must stop. At the same time we would like to call on all hackers and people interested in technology to further analyze the malware, so that at least some benefit can be reaped from this embarrassing eavesdropping attempt. Also, we will gladly continue to receive copies of other versions of government malware off your hands. [4] Links: [0] Binaries [1] Analysis of the government malware (German) [4] BigBrotherAwards 2009, Category Business: companies selling internet and phone surveillance technology --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Oct 8 20:26:34 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 8 Oct 2011 21:26:34 -0400 Subject: [Infowarrior] - Secret U.S. Memo Made Legal Case to Kill a Citizen Message-ID: <424D1DF1-A69A-4B12-B0AF-5E4C2C042644@infowarrior.org> http://www.nytimes.com/2011/10/09/world/middleeast/secret-us-memo-made-legal-case-to-kill-a-citizen.html October 8, 2011 Secret U.S. Memo Made Legal Case to Kill a Citizen By CHARLIE SAVAGE WASHINGTON ? The Obama administration?s secret legal memorandum that opened the door to the killing of Anwar al-Awlaki, the American-born radical Muslim cleric hiding in Yemen, found that it would be lawful only if it were not feasible to take him alive, according to people who have read the document. The memo, written last year, followed months of extensive interagency deliberations and offers a glimpse into the legal debate that led to one of the most significant decisions made by President Obama ? to move ahead with the killing of an American citizen without a trial. The secret document provided the justification for acting despite an executive order banning assassinations, a federal law against murder, protections in the Bill of Rights and various strictures of the international laws of war, according to people familiar with the analysis. The memo, however, was narrowly drawn to the specifics of Mr. Awlaki?s case and did not establish a broad new legal doctrine to permit the targeted killing of any Americans believed to pose a terrorist threat. The Obama administration has refused to acknowledge or discuss its role in the drone strike that killed Mr. Awlaki last month and that technically remains a covert operation. The government has also resisted growing calls that it provide a detailed public explanation of why officials deemed it lawful to kill an American citizen, setting a precedent that scholars, rights activists and others say has raised concerns about the rule of law and civil liberties. But the document that laid out the administration?s justification ? a roughly 50-page memorandum by the Justice Department?s Office of Legal Counsel, completed around June 2010 ? was described on the condition of anonymity by people who have read it. The legal analysis, in essence, concluded that Mr. Awlaki could be legally killed, if it was not feasible to capture him, because intelligence agencies said he was taking part in the war between the United States and Al Qaeda and posed a significant threat to Americans, as well as because Yemeni authorities were unable or unwilling to stop him. The memorandum, which was written more than a year before Mr. Awlaki was killed, does not independently analyze the quality of the evidence against him. The administration did not respond to requests for comment on this article. The deliberations to craft the memo included meetings in the White House Situation Room involving top lawyers for the Pentagon, State Department, National Security Council and intelligence agencies. It was principally drafted by David Barron and Martin Lederman, who were both lawyers in the Office of Legal Counsel at the time, and was signed by Mr. Barron. The office may have given oral approval for an attack on Mr. Awlaki before completing its detailed memorandum. Several news reports before June 2010 quoted anonymous counterterrorism officials as saying that Mr. Awlaki had been placed on a kill-or-capture list around the time of the attempted bombing of a Detroit-bound airliner on Dec. 25, 2009. Mr. Awlaki was accused of helping to recruit the attacker for that operation. Mr. Awlaki, who was born in New Mexico, was also accused of playing a role in a failed plot to bomb two cargo planes last year, part of a pattern of activities that counterterrorism officials have said showed that he had evolved from merely being a propagandist ? in sermons justifying violence by Muslims against the United States ? to playing an operational role in Al Qaeda in the Arabian Peninsula?s continuing efforts to carry out terrorist attacks. Other assertions about Mr. Awlaki included that he was a leader of the group, which had become a ?cobelligerent? with Al Qaeda, and he was pushing it to focus on trying to attack the United States again. The lawyers were also told that capturing him alive among hostile armed allies might not be feasible if and when he were located. Based on those premises, the Justice Department concluded that Mr. Awlaki was covered by the authorization to use military force against Al Qaeda that Congress enacted shortly after the terrorist attacks of Sept. 11, 2001 ? meaning that he was a lawful target in the armed conflict unless some other legal prohibition trumped that authority. It then considered possible obstacles and rejected each in turn. Among them was an executive order that bans assassinations. That order, the lawyers found, blocked unlawful killings of political leaders outside of war, but not the killing of a lawful target in an armed conflict. A federal statute that prohibits Americans from murdering other Americans abroad, the lawyers wrote, did not apply either, because it is not ?murder? to kill a wartime enemy in compliance with the laws of war. But that raised another pressing question: would it comply with the laws of war if the drone operator who fired the missile was a Central Intelligence Agency official, who, unlike a soldier, wore no uniform? The memorandum concluded that such a case would not be a war crime, although the operator might be in theoretical jeopardy of being prosecuted in a Yemeni court for violating Yemen?s domestic laws against murder, a highly unlikely possibility. Then there was the Bill of Rights: the Fourth Amendment?s guarantee that a ?person? cannot be seized by the government unreasonably, and the Fifth Amendment?s guarantee that the government may not deprive a person of life ?without due process of law.? The memo concluded that what was reasonable, and the process that was due, was different for Mr. Awlaki than for an ordinary criminal. It cited court cases allowing American citizens who had joined an enemy?s forces to be detained or prosecuted in a military court just like noncitizen enemies. It also cited several other Supreme Court precedents, like a 2007 case involving a high-speed chase and a 1985 case involving the shooting of a fleeing suspect, finding that it was constitutional for the police to take actions that put a suspect in serious risk of death in order to curtail an imminent risk to innocent people. The document?s authors argued that ?imminent? risks could include those by an enemy leader who is in the business of attacking the United States whenever possible, even if he is not in the midst of launching an attack at the precise moment he is located. There remained, however, the question of whether ? when the target is known to be a citizen ? it was permissible to kill him if capturing him instead were a feasible way of suppressing the threat. Killed in the strike alongside Mr. Awlaki was another American citizen, Samir Khan, who had produced a magazine for Al Qaeda in the Arabian Peninsula promoting terrorism. He was apparently not on the targeting list, making his death collateral damage. His family has issued a statement citing the Fifth Amendment and asking whether it was necessary for the government to have ?assassinated two of its citizens.? ?Was this style of execution the only solution?? the Khan family asked in its statement. ?Why couldn?t there have been a capture and trial?? Last month, President Obama?s top counterterrorism adviser, John O. Brennan, delivered a speech in which he strongly denied the accusation that the administration had sometimes chosen to kill militants when capturing them was possible, saying the policy preference is to interrogate them for intelligence. The memorandum is said to declare that in the case of a citizen, it is legally required to capture the militant if feasible ? raising a question: was capturing Mr. Awlaki in fact feasible? It is possible that officials decided last month that it was not feasible to attempt to capture him because of factors like the risk it could pose to American commandos and the diplomatic problems that could arise from putting ground forces on Yemeni soil. Still, the raid on Osama bin Laden?s compound in Pakistan demonstrates that officials have deemed such operations feasible at times. Last year, Yemeni commandos surrounded a village in which Mr. Awlaki was believed to be hiding, but he managed to slip away. The administration had already expressed in public some of the arguments about issues of international law addressed by the memo, in a speech delivered in March 2010 by Harold Hongju Koh, the top State Department lawyer. The memorandum examined whether it was relevant that Mr. Awlaki was in Yemen, far from Afghanistan. It concluded that Mr. Awlaki?s geographical distance from the so-called hot battlefield did not preclude him from the armed conflict; given his presumed circumstances, the United States still had a right to use force to defend itself against him. As to whether it would violate Yemen?s sovereignty to fire a missile at someone on Yemeni soil, Yemen?s president secretly granted the United States that permission, as secret diplomatic cables obtained by WikiLeaks have revealed. The memorandum did assert that other limitations on the use of force under the laws of war ? like avoiding the use of disproportionate force that would increase the possibility of civilian deaths ? would constrain any operation against Mr. Awlaki. That apparently constrained the attack when it finally came. Details about Mr. Awlaki?s location surfaced about a month ago, American officials have said, but his hunters delayed the strike until he left a village and was on a road away from populated areas. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Oct 10 08:50:27 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 10 Oct 2011 09:50:27 -0400 Subject: [Infowarrior] - Secret Orders Target Email Message-ID: <90DDEF80-1F17-4912-A392-9ECA02E1204C@infowarrior.org> http://online.wsj.com/article/SB10001424052970203476804576613284007315072.html ? TECHNOLOGY ? OCTOBER 10, 2011 Secret Orders Target Email By JULIA ANGWIN The U.S. government has obtained a controversial type of secret court order to force Google Inc. and small Internet provider Sonic.net Inc. to turn over information from the email accounts of WikiLeaks volunteer Jacob Appelbaum, according to documents reviewed by The Wall Street Journal. Sonic said it fought the government's order and lost, and was forced to turn over information. Challenging the order was "rather expensive, but we felt it was the right thing to do," said Sonic's chief executive, Dane Jasper. The government's request included the email addresses of people Mr. Appelbaum corresponded with the past two years, but not the full emails. Both Google and Sonic pressed for the right to inform Mr. Appelbaum of the secret court orders, according to people familiar with the investigation. Google declined to comment. Mr. Appelbaum, 28 years old, hasn't been charged with wrongdoing. The court clashes in the WikiLeaks case provide a rare public window into the growing debate over a federal law that lets the government secretly obtain information from people's email and cellphones without a search warrant. Several court decisions have questioned whether the law, the Electronic Communications Privacy Act, violates the U.S. Constitution's Fourth Amendment protections against unreasonable searches and seizures. WikiLeaks is a publisher of documents that people can submit anonymously. After WikiLeaks released a trove of classified government diplomatic cables last year, U.S. Attorney General Eric Holder said the U.S. was pursuing an "active criminal investigation" of WikiLeaks. Passed in 1986, the Electronic Communications Privacy Act is older than the World Wide Web, which was dreamed up in 1989. A coalition of technology companies?including Google, Microsoft Corp. and AT&T Corp.?is lobbying Congress to update the law to require search warrants in more digital investigations. The law was designed to give the same protections to electronic communications that were already in place for phone calls and regular mail. But it didn't envision a time when cellphones transmitted locations and people stored important documents on remote services, such as Gmail, rather than on their own computers. Law enforcement uses the law to obtain some emails, cellphone-location records and other digital documents without getting a search warrant or showing probable cause that a crime has been committed. Instead the law sets a lower bar: The government must show only "reasonable grounds" that the records would be "relevant and material" to an investigation. As a result, it can be easier for law-enforcement officers to see a person's email information than it is to see their postal mail. Another significant difference: A person whose email is inspected this way often never knows a search was conducted. That's because court orders under the 1986 law are almost always sealed, and the Internet provider is generally prohibited from notifying the customer whose data is searched. By contrast, search warrants are generally delivered to people whose property is being searched. The secrecy makes it difficult to determine how often such court orders are used. Anecdotal data suggest that digital searches are becoming common. In 2009, Google began disclosing the volume of requests for user data it received from the U.S. government. In the six months ending Dec. 31, Google said it received 4,601 requests and complied with 94% of them. The data include all types of requests, including search warrants, subpoenas and requests under the 1986 law. At a Senate hearing in April on whether the 1986 law needs updating, Associate Deputy Attorney General James A. Baker cautioned Congress "that raising the standard for obtaining information under ECPA may substantially slow criminal and national security investigations." In May, the ECPA's author, U.S. Sen. Patrick Leahy (D., Vt.), said the original law is "significantly outdated and outpaced by rapid changes in technology." He introduced a bill adopting many of the recommendations of the technology coalition lobbying for changes to the law. Some federal courts have questioned the law's constitutionality. In a landmark case in December, the U.S. Court of Appeals for the Sixth Circuit ruled that the government violated the Fourth Amendment when it obtained 27,000 emails without a search warrant. "The police may not storm the post office and intercept a letter, and they are likewise forbidden from using the phone system to make a clandestine recording of a telephone call?unless they get a warrant," Judge Danny Boggs wrote in the 98-page opinion. "It only stands to reason that, if government agents compel an [Internet service provider] to surrender the contents of a subscriber's emails, those agents have thereby conducted a Fourth Amendment search." In August, the U.S. District Court of the Eastern District of New York over-ruled a government request to obtain cellphone location records without a warrant, calling it "Orwellian." Judge Nicholas Garaufis wrote: "It is time that the courts begin to address whether revolutionary changes in technology require changes to existing Fourth Amendment doctrine." The government has appealed. The WikiLeaks case became a test bed for the law's interpretation earlier this year when Twitter fought a court order to turn over records from the accounts of WikiLeaks supporters including Mr. Appelbaum. Mr. Applebaum is a developer for the Tor Project Inc., a Walpole, Mass., nonprofit that provides free tools that help people maintain their anonymity online. Tor's tools are often used by people living in countries where Internet traffic is monitored by the government. Tor obtains some of its funding from the U.S. government. Mr. Appelbaum has also volunteered for WikiLeaks, which recommends people use Tor's tools to protect their identities when submitting documents to its website. In April 2010, Mr. Appelbaum's involvement in WikiLeaks was inadvertently disclosed publicly in a blog post on the website of the Committee to Protect Journalists. The reporter, Danny O'Brien, said Mr. Appelbaum had thought he was speaking anonymously. Mr. O'Brien said he later offered to remove Mr. Appelbaum's name from the post. After the blog post appeared, Mr. Appelbaum became a public advocate for WikiLeaks. In June, he gave a speech at a Northern California technology camp where he called WikiLeaks founder Julian Assange one of the "biggest inspirations in my life." On Dec. 14, the U.S. Department of Justice obtained a court order for information from the Twitter account of people including Mr. Appelbaum and WikiLeaks supporters Birgitta Jonsdottir, a member of the Icelandic parliament, and Rop Gonggrijp, a Dutch computer programmer. Neither has been charged with wrongdoing. The order sought the "Internet protocol," or IP, addresses of the devices from which people logged into their accounts. An IP address is a unique number assigned to a device connected to the Internet. The order also sought the email addresses of the people with whom those accounts communicated. The order was filed under seal, but Twitter successfully won from the court the right to notify the subscribers whose information was sought. On Jan. 26, attorneys for Mr. Appelbaum, Mr. Gonggrijp and Ms. Jonsdottir jointly filed a motion to vacate the court order. They argued, among other things, that because IP addresses can be used to locate a person in "specific geographic destinations," it constituted a search under the Fourth Amendment and thus required a warrant. The government argued that IP addresses don't reveal precise location and are more akin to phone numbers. At a Feb. 15 hearing, Assistant U.S. Attorney John S. Davis said, "this is a standard? investigative measure that is used in criminal investigations every day of the year all over this country." On March 11, U.S. Magistrate Judge Theresa Carroll Buchanan denied the WikiLeaks supporters' motion. They have appealed. Twitter hasn't turned over information from the accounts of Mr. Appelbaum, Ms. Jonsdottir and Mr. Gonggrijp, according to people familiar with the investigation. The court orders reviewed by the Journal seek the same type of information that Twitter was asked to turn over. The secret Google order is dated Jan. 4 and directs the search giant to hand over the IP address from which Mr. Appelbaum logged into his gmail.com account and the email and IP addresses of the users with whom he communicated dating back to Nov. 1, 2009. It isn't clear whether Google fought the order or turned over documents. The secret Sonic order is dated April 15 and directs Sonic to turn over the same type of information from Mr. Appelbaum's email account dating back to Nov. 1, 2009. On Aug. 31, the court agreed to lift the seal on the Sonic order to provide Mr. Appelbaum a copy of it. Sonic Chief Executive Mr. Jasper said the company also sought to unseal the rest of its legal filings but that request "came back virtually entirely denied." http://online.wsj.com/article/SB10001424052970203476804576613284007315072.html --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Oct 10 18:46:02 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 10 Oct 2011 19:46:02 -0400 Subject: [Infowarrior] - NYT sues over secret PATRIOT Act legal interpretation. Message-ID: <8F0A3923-89FA-488D-BC29-1440C8F8B31B@infowarrior.org> FOIA and the Question of Secret Law by Robert Chesney http://www.lawfareblog.com/2011/10/foia-and-the-question-of-secret-law/ Charlie Savage of the New York Times has filed this FOIA suit in an effort to acquire a classified report issued by DOJ and ODNI to Congress ?pertaining to intelligence collection authorities? under section 215 of the USA PATRIOT Act (permitting the government to obtain from the FISC an order for the production of ?any tangible things? upon a showing of ?reasonable grounds? in relation to an international terrorism or counterintelligence investigation). The report appears to have sparked fierce objections from Senators Ron Wyden and Mark Udall, who have asserted in floor debate that the government has a troubling ?secret? interpretation of the PATRIOT Act. The suit itself presents the question whether legal analysis, as distinct from details of the program itself, warrants protection under FOIA exemption 1. The complain calls for release of at least a redacted version of the DOJ/ODNI report, if not the whole thing. If successful, of course, this strategy could have significant implications across a range of settings involving internal government legal advice. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Oct 11 11:13:44 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 11 Oct 2011 12:13:44 -0400 Subject: [Infowarrior] - OS X and iOS are not jails Message-ID: <78A1C0C4-E5BB-478A-BA4F-4A2C9E7FE888@infowarrior.org> OS X and iOS are not jails by Chris Rawson Oct 11th 2011 at 10:00AM http://www.tuaw.com/2011/10/11/os-x-and-ios-are-not-jails/ I've always had a problem with the term "jailbreaking" when it comes to Apple's mobile devices. The term "jail" came into usage long before iOS in reference to isolated user-space instances, but that old meaning seems to have been obscured through both overuse and continued attempts to paint Apple as a dictatorial company interested only in hamstringing users of its devices. I've let "jailbreaking" slide until now because even though I think it's a loaded term, it's also a nice, short way to describe the act of opening the device to greater customization than Apple offers out of the box. It's also a better term than Android's "rooting," which sounds a bit rude in my part of the world. In the wake of Richard Stallman's epically tasteless diatribe against Steve Jobs last week (Google for it if you're truly curious, I'm not serving him any page views), I've decided I can't let this slide anymore. In addition to saying he was glad Steve is gone, Stallman also called Jobs "the pioneer of the computer as a jail made cool, designed to sever fools from their freedom." So according to him, Mac users, iPhone users, iPod and iPad owners are all imprisoned and too stupid to realize it. It's at this point that I have to wonder whether Stallman or any of the other members of the free software movement have ever spent any appreciable amount of time in an actual jail or jail-like environment. I'm betting that few if any of them have. If they had, they'd see as I do just how full of hyperbole (and something else that rhymes with "chit") the "jail" metaphor is. I've never been in prison either, but as an enlisted member of the US Navy in the late 1990s I've been in the next "best" thing to it. The Navy was an environment where virtually every aspect of my life was wrested out of my control. I had no say in what clothes I wore, when I could sleep, or how to do my job, and my options for entertainment during my (incredibly rare) downtime were pitifully limited. As part of the Reactor Department, weeks at a time could pass where I never even saw the sun while my aircraft carrier turned circles in the Pacific Ocean. Basic amenities and liberties that civilians take for granted became distant and cherished memories. Worst of all, I couldn't just say I was fed up with it and leave. I was locked in, with no options to dissent when I felt the system wasn't offering me equitable treatment. Life in the military was the ultimate paradox: while defending the freedom of those back home, I had next to none of my own. It remains the worst period of my life, and no amount of compensation could ever convince me to repeat it. Plenty of people serve in the military and don't have as poor of an experience as I did, but nothing could ever motivate me to go through that again. The Navy may not have actually been a jail, but it was as close to one as I ever intend to come. Equating the modern computing environment of OS X or iOS with that kind of experience is the worst kind of hyperbole. I find it difficult to believe that either Richard Stallman or anyone else pushing the "jail" metaphor for iOS and OS X devices ever experienced anything like that. Don't mistake what I'm saying as a diatribe against the idea of free software itself. Despite the fact that its UI is kind of abominable, VLC is an app I consider an essential part of my computing experience. Several key components of both OS X and iOS were built on open source software (yes, I know that's not the same as "free" software). And "jailbreaking" ended up being what convinced Apple to launch its App Store in the first place, vastly expanding the utility of the iPhone beyond its completely locked-down beginnings. Having said that, from my perspective many arguments from free software advocates come across as the kind of petulant all-or-nothing proposition that's become an increasingly common argumentative fallacy over the past decade. Essentially it sounds to me like the most fervent of the free software enthusiasts are saying, "Either you give me the freedom to do whatever I want, whenever I want, or else you're Hitler." It's the kind of argument virtually every one of us pulls on our parents at least once when we're teenagers, but most of us grow out of that phase and realize that we must trade away some individual freedoms in order to properly function within a society of rules. Stallman is basically a mountain man when it comes to computing. He rolls his own OS, doesn't use a browser to surf the web, and he goes out of his way to select only computing hardware that can be loaded with free software from the BIOS on up. In the 19th century he might have been the type of man who built his own log cabin in the deep forest, hunting and trapping everything he ate and living off the land, independent from society and glad of it. Where Stallman errs is in his belief that anyone who doesn't choose to live that way is automatically a prisoner. What he's advocating sounds a lot less like freedom and more like anarchy. Living in modern society means trading away some freedoms for the sake of security and convenience. In theory I could forsake civilization and all its inconvenient rules and strictures, go live in the forest, and survive off the land -- millions of years of evolution have given me the basic tools I need. The proposition has seemed tempting more than once. But I like electricity, and running water, and being able to go to the grocery store for food instead of spending most of the day foraging and hunting. For the sake of those conveniences, I accept a number of restrictions on my freedom. I pay taxes, and I pay bills, and I enter into an implicit contract -- a user agreement, if you will -- with my city, region, and country: I agree to follow your rules in exchange for using your services. If following the speed limit and not being able to beat the hell out of anyone who irritates me without repercussions is the price I pay for Internet access and mochaccinos, then so be it. Does living within the law mean I'm living in a prison? Some people might make that argument, but my counterargument is those people are whackadoos. In the same vein, I could alter my computing environment and dedicate myself to the sort of "wilderness computing" that Stallman engages in. One of the laudable things the Free Software Foundation has done is make that choice possible in the first place. Instead, for the sake of convenience, I choose a computing platform that gets out of my way and lets me do the work I need to do with a minimum of hassle. Instead of building my own log cabin, my MacBook Pro is a pre-fabricated home, complete with central heating and air conditioning. Yes, it comes loaded with proprietary software that I'm not technically "allowed" to tinker with, but that tradeoff is acceptable to me when I don't have to spend any time at all writing the software, compiling it, or debugging it in order to get it to work. Someone else has done all of that work for me -- the same way the city of Palmerston North paved the road in front of my house and freed me from the need to do so myself in exchange for a portion of my income. Simply put, the kind of freedom Stallman advocates is not one I find particularly enthralling. Safari may not be "free," but it's a hell of a lot more convenient than using wget to email web pages to myself. My iPad and iPhones may be tools of a "walled garden" approach to computing, but they do what I need them to do, every time, and without me having to tweak around the guts of their code in order to coax them into doing my bidding. How is that not freedom? How is that in any way equivalent to living in a prison? Stallman might say I've sacrificed too much in the name of convenience. I'd counter that his vision of computing is unsuitable to the vast majority of the computer-using public. Linux has had over a decade to prove itself, but literally the only people I know in real life who use Linux on their own computers also have degrees in Computer Science. Most people I know neither have nor want the specialized knowledge necessary to embrace the kind of software the FSF advocates; instead, virtually all of them gravitate toward proprietary platforms featuring interfaces of varying degrees of polish, and the most satisfied computer users I know are the ones using operating systems that require a bare minimum of tinkering. iOS is about as tinkering-free as you can make an OS while still retaining usability for a broad range of users. The proof of what users really want out of computers shows in the continued success and adoption of iOS devices throughout an almost bewildering array of use cases, with everyone from airline pilots down to preschoolers gladly hopping on board. It doesn't even occur to most of those users that they should tinker with these devices, because the devices already do what they want them to do out of the box. I used to be a tinkerer. I owned a 1969 Chevy Impala for years, and I did all the maintenance and repairs on it myself. I could have stripped that car down to its bolts and put it back together again, and I very nearly did exactly that several times. Eventually I realized I was spending more time working on the car than I was driving it. Now I have a Toyota Echo, and other than changing the oil most of the car is a complete mystery to me. I couldn't swap out the transmission on this thing even if I had instructions. I open the hood and see a cramped mishmash of parts that I entrust to the local mechanic's specialized knowledge; the sum of my interaction with my car is now "Foot goes on gas pedal, car goes where I steer it." Guess how often I miss the Impala? Almost never. The motives of the FSF are worthy ones, but their essential message is getting lost in the noise from stalwarts like Stallman. I went to a "conference" on sustainable development a few years ago, expecting a serious discussion of serious issues. When I got there, I found instead a bunch of hippie drum circles, people in tents trying to sell me healing crystals, and a guy offering didgeridoo massages. For fifteen bucks, this guy would hover around you and blow a didgeridoo at you for ten minutes. After seeing that, I'd have dismissed as gourd-baked nonsense any message the "conference" might have promoted even if they'd put Stephen Hawking on stage. Saying you're glad Steve Jobs is gone and calling OS X and iOS users "fools" in "a jail made cool" is a deep-tissue didgeridoo massage. It's a load of noise and hot air that ultimately accomplishes nothing other than irritating people who might otherwise have listened to what you had to say. As Harry McCracken points out, even the most deeply "imprisoned" of us still have the choice to not buy Apple's products, to not use Apple's software, and to dedicate ourselves to free software and open platforms instead. The fact that so few people are going down that route doesn't mean we're blind to what we give up when we use proprietary platforms. It simply means we prefer the digital equivalents of paved roads, low crime, and clean water to the more liberated but also, paradoxically, more constraining alternative. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Oct 11 23:25:47 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 12 Oct 2011 00:25:47 -0400 Subject: [Infowarrior] - Verisign wants power to shut sites down upon law enforcement request Message-ID: <069C2305-91DD-4979-9AA1-3DC3A5BDD509@infowarrior.org> Verisign wants power to shut sites down upon law enforcement request By Sean Gallagher | Published about 7 hours ago http://arstechnica.com/business/news/2011/10/verisign-wants-power-to-scan-sites-for-malware-and-shut-them-down.ars In a request made yesterday to the Internet Corporation for Assigned Names and Numbers, Verisign outlined a new ?anti-abuse? policy that would allow the company to terminate, lock, or transfer any domain under its registration jurisdiction under a number of circumstances. And one of those circumstances listed was ?requests of law enforcement.? The request, submitted through ICANN's Registry Services Evaluation Process on October 10, proposes a new malware scanning service for domains as well as a new Verisign Anti-Abuse Domain Use Policy. In the request letter, Verisign stated that its policy would help the registrar align with requirements ICANN is placing on new generic top level domains. ?All parts of the internet community are feeling the pressure to be more proactive in dealing with malicious activity,? Verisign explained. ?ICANN has recognized this and the new gTLD Applicant Guidebook requires new gTLDs to adopt a clear definition of rapid takedown or suspension systems that will be implemented.? In part, the policy is aimed at empowering Verisign to act quickly to take down sites that are harboring malware, launching phishing attacks, or otherwise being used to launch attacks across the Internet. The scanning service, which registrars can opt into voluntarily, would scan sites on all .com, .net and .name sites for ?known malware,? and inform the registrar and the site owner when malware is detected. Verisign has been soliciting domain registrars to participate in a pilot of the program, derived from the company's Verisign Trust Seal program, since March. But the request also asks for authority to take down sites quickly for a number of reasons beyond malware, including ?to protect the integrity, security and stability of the DNS; to comply with any applicable court orders, laws, government rules or requirements, requests of law enforcement or other governmental or quasi-governmental agency, or any dispute resolution process; (and) to avoid any liability, civil or criminal, on the part of Verisign, as well as its affiliates, subsidiaries, officers, directors, and employees... Verisign also reserves the right to place upon registry lock, hold or similar status a domain name during resolution of a dispute.? Verisign said it has been piloting takedown procedures with US law enforcement agencies, cybersecurity experts, US government Computer Emergeny Readiness Teams, and domain registrars to establish baseline procedures, and has begun planning pilots with European government agencies and registrars. Just what those baseline procedures are?and what recourse domain holders who run afoul of them have?hasn't been spelled out. Verisign says it "will be offering a protest procedure to support restoring a domain name to the zone." Aden Fine, senior attorney with the ACLU, said in an interview with Ars Technica that the "protest procedure" is cause for concern. "The default shouldn't be 'take down first'," he said. "Any time the government is involved in seizing websites, that raises serious First Amendment issues. It doesn't matter if it's a private company pushing the button." Electronic Frontier Foundation media relations director and digital rights analyst Rebecca Jeschke told Ars Technica that Verisign's proposal is "an extraordinarily bad idea." "We've already seen how problematic domain seizures are through the ICE (Immigration and Customs Enforcement) shutdowns," she said. "It's similar to things the US government is trying to get through congress with the Protect IP Act, though there's a little more oversight in Protect IP. The key is if you're going to do something as drastic as taking a whole site offline, you at least need some meaningful court review. " --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Oct 12 22:12:52 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 12 Oct 2011 23:12:52 -0400 Subject: [Infowarrior] - RIP Dennis Ritchie, co-creator of Unix, inventor of C Message-ID: Dennis Ritchie, 1941-2011: Computer scientist, Unix co-creator, C programming language co-inventor By Xeni Jardin at 7:19 pm Wednesday, Oct 12 http://boingboing.net/2011/10/12/dennis-ritchie-1941-2011-computer-scientist-unix-co-creator-c-co-inventor.html Computer scientist Dennis Ritchie is reported to have died at his home this past weekend, after a long battle against an unspecified illness. No further details are available at the time of this blog post. Wikipedia biography here. He was the co-inventor of the C programming language, and a central figure in the development of Unix. He spent much of his career at Bell Labs. He was awarded the Turing Award in 1983, and the National Medal of Technology in 1999. "Ritchie's influence rivals Jobs's; it's just less visible," James Grimmelman observed on Twitter. "His pointer has been cast to void *; his process has terminated with exit code 0." The news of Ritchie's death was first made public by way of Rob Pike's Google+. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Oct 14 15:33:42 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 14 Oct 2011 16:33:42 -0400 Subject: [Infowarrior] - U.S. Copyright Czar Cozied Up to Content Industry, E-Mails Show Message-ID: U.S. Copyright Czar Cozied Up to Content Industry, E-Mails Show ? By David Kravets ? October 14, 2011 | ? 6:30 am | ? Categories: intellectual property, politics http://www.wired.com/threatlevel/2011/10/copyright-czar-cozies-up/ Top-ranking Obama administration officials, including the U.S. copyright czar, played an active role in secret negotiations between Hollywood, the recording industry and ISPs to disrupt internet access for users suspected of violating copyright law, according to internal White House e-mails. The e-mails, obtained via the Freedom of Information Act, (.pdf) show the administration?s cozy relationship with Hollywood and the music industry?s lobbying arms and its early support for the copyright-violation crackdown system publicly announced in July. One top official even used her personal e-mail account at least once in the course of communicating during the negotiations with executives and lobbyists from companies ranging from AT&T to Universal Music. Internet security and privacy researcher Christopher Soghoian obtained the e-mails via a government sunshine request for them filed in June, and provided them to Wired. The e-mails are embedded at the end of this story. The records show the government clearly had a voice in the closed-door negotiations, though it was not a signatory to the historic accord, which isn?t an actual government policy. The agreement includes participation by the U.S.?s largest consumer internet providers including AT&T, Cablevision, Comcast, Time Warner and Verizon. It requires internet service providers, for the first time, to punish residential internet-service customers who media companies suspect are violating copyright rules by downloading copyrighted movies or music from peer-to-peer networks. Those so-called ?mitigation measures? lobbied for by the record labels and Hollywood include reducing internet speeds and redirecting a subscriber?s service to an ?educational? landing page for customers accused of copyright infringement. Internet providers may eliminate service altogether for people repeatedly accused of copyright infringement under what the deal calls ?graduated response.? The e-mails do not entail much detail of the discussions between the administration and industry ? as any substantive text in the e-mails (.pdf) was blacked out before being released to Soghoian. But the communications show that a wide range of officials ? from Vice President Joe Biden?s deputy chief of staff Alan Hoffman, the Justice Department?s criminal chief Lanny Breuer to copyright czar Victoria Espinel ? were in the loop well ahead of the accord?s unveiling. ?These kind of backroom voluntary deals are quite scary, particularly because they are not subject to judicial review. I wanted to find out what role the White House has played in the negotiation, but unfortunately, the OMB (Office of Management and Budget) withheld key documents that would shed further light on it,? Soghoian said when asked why he sought the documents. He is appealing to OMB to disclose more e-mails. The e-mails, some of which had the subject line ?counteroffer,? show off what seems to be a cordial and friendly two-way relationship between industry and the administration. Alec French, NBC?s top lobbyist, sent Espinel an e-mail from his Blackberry in January of last year, asking if she was ?available for call this am?? She promptly replied: ?Btw, i only check my gmail intermittently now so much quicker to reach me on omb email,? referrring to her work e-mail address provided by the Office of Management and Budget. Espinel, whose title officially is intellectually property enforcement coordinator, replied she was available for a call. Her personal e-mail address was redacted in the documents. Espinel, whose position was created in 2008 as part of intellectual property reform legislation, declined in an e-mail to Wired to comment for this story. Instead, the President Barack Obama appointee whom the Senate confirmed in 2009 referred Wired to the OMB press office. That office neither responded for comment nor replied to a follow-up e-mail before this story was published. After the story came out, Moira Mack, an OMB spokeswoman, messaged back to Wired that the communications show that Espinel is just doing her job: These e-mails show Victoria Espinel implementing precisely the work outlined in the administration?s 2010 Joint Strategic Plan on Intellectual Property Enforcement. In order to effectively serve as the intellectual property enforcement coordinator, Espinel communicates with a wide range of federal, state and local officials, with Congress, and with a wide variety of stakeholders including consumer and public interest advocates, labor unions, academics, and the private sector. The office has effectively brought diverse groups together to discuss voluntary actions to reduce intellectual property theft that costs American jobs, hurts the nation?s economy and in some cases threatens the health and safety of the American public. Neil Turkewitz, the Recording Industry Association of America vice president, routinely sent messages advocating stringent piracy crackdown measures to dozens of government officials from a wide range of agencies, including the Commerce, Treasury, State, Justice and Homeland Security departments. Digital rights groups were barely visible in the messages the government provided to Soghoian, an issue that was not lost on Espinel. In a December 2010 e-mail to Cary Sherman, the RIAA?s president, the copyright czar asks, ?How are things going on putting together a rollout plan?? She adds: ?I was at Brookings this morning and CDT came up to ask me to please not have the graduated response announcement be a complete surprise but to have some outreach to stakeholders in advance,? the e-mail to Sherman said. CDT is the Center for Democracy and Technology, a centrist digital rights group based in D.C.. David Sohn, CDT?s senior policy counsel, said in a telephone interview that the group participated in a ?couple of meetings.? ?We weren?t there during the whole negotiating process,? Sohn said. ?We did have an opportunity to provide some feedback.? Months after the e-mail to Sherman, Espinel organized a meeting with CDT and Public Knowledge, another digital rights group. One of the required attendees was Aneesh Chopra, the government?s chief technology officer. Art Brodsky, a spokesman for Public Knowledge, the only other consumer group believed to have had any input on the agreement, said in a telephone interview, ?We were sort of consulted at the end.? ?But we were not an integral part of the process,? he added. When the deal was announced, the public interest groups put out a joint statement, saying: ?We believe it would be wrong for any ISP to cut off subscribers, even temporarily, based on allegations that have not been tested in court.? All the while, the administration was sensitive that the existence of the accord remain out of public purview. One e-mail showed that Biden?s office was concerned that CNET?s Greg Sandoval had broken the news of the deal weeks before it was publicly announced. ?So what is the plan? Monitor and respond if need be. We can be ready to move at a moment?s notice,? Hoffman, Biden?s deputy chief of staff, wrote to Espinel and Sherman in a June e-mail. The subject was ?the leaked story.? The RIAA?s Sherman promptly replied to Hoffman?s concerns: ?That?s the plan exactly. Thanks for being prepared to move quickly if necessary.? All in all, the e-mails ? which contain redacted draft copies of the deal marked ?Privileged and Confidential? ? show that the government was on top of the negotiations, and actively sought input from industry. In a December 2009 e-mail, Espinel thanked DeDe Lea, a Viacom vice president, for forwarding the talking points of Michael Lynton, the Sony Pictures chairman. (The talking points were redacted out.) ?Ok ? thanks. And look forward to hearing back from you on that,? Espinel wrote Lea. In August of last year, in an e-mail to Randal Milch, Verizon?s lead counsel, Espinel said she and Hoffman ?were hoping we could meet sometime this week or next,? to discuss the plan. Milch replied: ?Next week would be doable, I hope.? Espinel had organized a meeting last year between Hoffman, Sherman, herself, NBC general counsel Rick Cotton and Michael O?Leary, the Motion Picture Association of America?s top lobbyist, according to a September 2010 e-mail. Next to O?Leary?s name on the e-mail invite was ?Today is his birthday? in parenthesis. Terms of the brokered deal include: On an internet subscriber?s first reported copyright offense, internet subscribers will receive an e-mail ?alert? from their ISP saying the account ?may have been? misused for online content theft. On the second reported offense, the alert might contain an ?educational message? about the legalities of online file sharing. On the third and fourth reported infractions, the subscriber will likely receive a pop-up notice ?asking the subscriber to acknowledge receipt of the alert.? After four alerts, according to the program, ?mitigation measures? may commence. They include ?temporary reductions of internet speeds, redirection to a landing page until the subscriber contacts the ISP to discuss the matter or reviews and responds to some educational information about copyright, or other measures (as specified in published policies) that the ISP may deem necessary to help resolve the matter.? The content industry monitors peer-to-peer networks for infringement and informs ISPs of the IP addresses of alleged copyright scofflaws. ISPs then check which subscriber account the IP address was assigned to at the time of the alleged infringement and sends a notice of the allegation to the account holder. An internet subscriber could get such notices without having engaged in illegal downloading if others have used their connection or if the monitoring company makes a mistake. The RIAA, which includes Universal Music Group Recordings, Warner Music Group, Sony Music Entertainment and EMI Music North America, kicked off the negotiations with ISPs in December 2008, when it abruptly stopped a litigation campaign which included some 30,000 lawsuits targeting individual file sharers. The RIAA and the MPAA wanted ISPs to monitor Americans? internet usage for copyright infringement, but the agreement does not include any provisions for that. One Turkewitz e-mail was addressed to about 50 government employees. It appeared to pirate a blog post from Canadian lawyer Barry Sookman, who had analyzed an Irish court decision on internet piracy. The entire 3,200 word article is included in the e-mail. Turkewitz, the RIAA vice president, told Wired he ?had Barry?s permission to forward his piece.? Sookman did not respond to a request for comment. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Oct 14 20:28:51 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 14 Oct 2011 21:28:51 -0400 Subject: [Infowarrior] - SEC outlines requirement that companies report data breaches Message-ID: <89D6AACF-C554-416C-B085-F4B994BEE676@infowarrior.org> Cybersecurity: SEC outlines requirement that companies report data breaches By Ellen Nakashima and David S. Hilzenrath, Updated: Friday, October 14, 7:45 PM http://www.washingtonpost.com/world/national-security/cybersecurity-sec-outlines-requirement-that-companies-report-data-breaches/2011/10/14/gIQArGjskL_print.html Cyberspies and criminals steal what is estimated to be tens of billions of dollars worth of data from U.S. companies each year. Yet experts say few companies report these losses to shareholders. Now the Securities and Exchange Commission is pressing for more disclosure, issuing new guidelines this week that make clear that publicly traded companies must report significant instances of cybertheft or attack, or even when they are at material risk of such an event. ?Investors have been kept completely in the dark,? said Sen. John D. Rockefeller IV (D-W.Va.), chairman of the Senate commerce committee, which urged the SEC to take the action. ?This guidance changes everything. It will allow the market to evaluate companies in part based on their ability to keep their networks secure.? The SEC guidance clarifies a long-standing requirement that companies report ?material? developments, or matters significant enough that an investor would want to know about them. The guidance spells out that cyberattacks are no exception. For example, the SEC says, a company probably will need to report on costs and consequences of material intrusions in which customer data are compromised. The company?s revenue could suffer, and it could be forced to spend money to beef up security or fight lawsuits. In addition, if a company is vulnerable to cyberattack, investors may need to be informed of the risk, the SEC said. The move is a significant step toward transparency in an opaque area of corporate security and should spur greater awareness that protecting computer networks is crucial to a company?s bottom line, experts said. Combating espionage against corporate America by hackers in China and other countries is a matter of national and economic security, U.S. officials have said, and they say understanding the scope of the problem is key to fashioning an effective response. ?It?ll force executives to really understand what?s going on within their corporations,? said Melissa Hathaway, a former White House cyber coordinator who has long advocated the SEC strengthen its guidance. ?I think it will create the demand curve for cybersecurity.? But the SEC is pushing against a corporate culture predisposed to secrecy. ?It?s very unlikely companies are going to belly up to the bar and run around and start reporting this all of sudden,? said Jody Westby, chief executive of Global Cyber Risk, a consulting firm. Westby said she advised a Fortune 100 company that had suffered a major breach in 2008 that the company report it to the SEC. ?They just laughed and said, ?We don?t agree,??? she recalled. ?Companies involved in breaches are very reluctant to reveal what happened, and much less tell the SEC what happened. Why? Because of a fear of reputational damage.? Experts said this is why the guidance is necessary ? to underscore that disclosure of material breaches is mandatory. But Larry Ponemon, chairman of the Ponemon Institute, a research group in Traverse City, Mich., said reporting on potential risk is almost meaningless because virtually every firm is at risk and ?almost every major organization? has suffered a breach. He predicted that companies still will provide only minimal disclosure. Some companies may want to disclose a hacking incident but do not have the expertise to assess the damage, said John Reed Stark, a former SEC official and now a security consultant with Stroz Friedberg. ?Yet the SEC has clearly launched a shot across the bow,? he said. He urged the SEC to allow companies some latitude. ?Otherwise the result will be chaos and confusion,? he said. Companies that fail to make disclosures could face various consequences, said David B.H. Martin, co-head of the securities practice at Covington & Burling. They could be sued by shareholders or subjected to SEC enforcement actions. Regulators also could send them letters calling on them to improve their disclosures. Calculating the costs of cybertheft, whether for criminal or espionage purposes, is difficult. The Ponemon Institute has found the average cost of a breach to be between $5 million and $8 million. But it took nine months to assess the impact on 50 companies, Larry Ponemon said. Scott Borg, an economist with the nonprofit U.S. Cyber Consequences Unit, said companies often do not know the value or extent of data loss. Using data from the U.S. Bureau of Economic Analysis, he has estimated the annual loss to cybertheft at $6 billion to $20 billion. One of the few companies to report a compromise to the SEC was Intel, which did so in January 2010 ? shortly after Google?s disclosure that it had been hacked by attackers in China who stole valuable source code. Alan Paller of the SANS Institute has said Google was among more than 80 companies hit by the same malware. Intel spokesman Chuck Mulloy this year said that ?nothing of any value was taken that we can tell,? though he added, ?We can?t say that with absolute certainty.? ?You don?t want to disclose confidential or proprietary information,? Mulloy said. ?But to the extent you can disclose and be as forthright as you can, it?s simply good corporate governance.? ? The Washington Post Company --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Oct 14 22:12:12 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 14 Oct 2011 23:12:12 -0400 Subject: [Infowarrior] - Gov't cameras in your car? E-toll patent hints at Big Brotherish future Message-ID: <63D8A743-DFE0-4A6C-9001-49E0686E5514@infowarrior.org> Gov't cameras in your car? E-toll patent hints at Big Brotherish future By Bob Sullivan http://redtape.msnbc.msn.com/_news/2011/10/13/8308841-govt-cameras-in-your-car-e-toll-patent-hints-at-big-brotherish-future Imagine that you couldn't drive on major highways without agreeing to put a camera in your car -- one that could film either the occupants or the vehicle?s surroundings and transmit the images back to a central office for inspection. You don't have to read George Orwell to conjure up such an ominous surveillance state. You just have to skim through filings at the U.S. Patent Office. It's hard to imagine Americans would tolerate such a direct, Big-Brotherish intrusion. But they might not notice if the all-seeing cameras were tucked inside another kind of government tracking technology that millions of Americans have already invited into their cars. Kapsch TrafficCom AG, an Austrian company that just signed a 10-year contract to provide in-car transponders such as the E-Z Pass to 22 electronic highway toll collection systems around the U.S., recently filed a patent on technology to add multi-function mini-cameras to their toll gadgets. Today, transponders are in about 22 million cars around the U.S. Adding inward and outward facing cameras to the gadgets would create surveillance capabilities far beyond anything government agencies have tried until now. The stated reason for an inward-pointing camera is to verify the number of occupants in the car for enforcement of HOV and HOT lanes. The outward-pointing camera could be used for the same purpose, helping authorities enforce minimum occupant rules against drivers who aren't carrying transponders. But it's easy to imagine other uses. The patent says the transponders would have the ability to store and transmit pictures, either at random intervals or on command from a central office. It would be tempting to use them as part of a search for a lost child, for example, and law enforcement officials might find the data treasure trove irresistible. The gadget could also be instructed to take pictures when the acceleration of a car "exceeds a threshold," or when accidents occur, so it could be used like an airplane cockpit flight recorder. It's important to note that a patent filing is a far cry from the invention and manufacturing of a new product. Many patent filings are nothing more than a defensive measure taken to protect the farthest reaches of intellectual property. Officials at Kapsch declined to be interviewed for this story, but in a statement said that citizens shouldn't read too much into the filing. ?This patent filing is part of the standard intellectual property protection process followed by every company that invests in research and development," said Erwin Toplak, chief operating officer of Kapsch, in an e-mail. "Kapsch, for example, files approximately 20 patent applications a year. This process protects our unique ideas; it does not signify that a commercial product is in development or even contemplated .? And P.J. Wilkins, executive director of the E-Z Pass Group consortium that manages the massive toll collection cooperative, said he hadn't even heard of camera technology when told about the patent by msnbc.com. "It's not an upgrade we are working on here," said. "We just signed a long-term contract with them and this wasn't a requirement." Enforcement of HOV and HOT lanes is a labor-intensive and expensive issue for many state agencies, he said, and he understood why a company like Kapsch would try to invent a technology to deal with the problem, But he said he couldn't imagine it being used in the E-Z Pass system. "Before anyone goes down that road there's a whole host of questions that would have to be answered,? he said. ?What's the impact on privacy? What's the impact on the data stream? I just don't think it's something that would gain a lot of traction." Kapsch sells its technology in 41 countries around the globe, and 64 million cars worldwide have been outfitted with its transponders, according to the firm's website. Occupant cameras could be attractive, and more acceptable, outside the U.S. And while it's possible cameras-in-cars technology would be a non-starter in America, that doesn't mean Americans shouldn't be worried, said Lee Tien, a privacy expert with the Electronic Frontier Foundation. "I think (drivers) should be pretty concerned," he said. "You want to make sure any use of that technology is very carefully regulated. People should let the E-Z Pass folks know now what they think about any possible plans to introduce cameras in their cars, now, while it's being developed, rather than before it's already a fait accompli, and some agency says it's already spent millions on it and can't turn back now." Tien said there's nothing inherently bad about using new technology to enforce tolls, but he cautioned against what is sometimes called "surveillance spillover." Technology designed for one function is inevitably used by law enforcement officials and other government agencies in unintended ways. "You could imagine that they could limit the capacity of devices -- say the images would be destroyed after a very short period of time -- so it would not be as powerful a surveillance device. But that's not the general dynamic," he said. "Once you have the device out there, someone says, 'Why not use it for this, or that.' That's usually where the battle between privacy and other social goals is lost." The dynamic is playing out right now in a European scandal surrounding use of a secret government program used by German law enforcement officials to monitor citizens' Internet behavior through the use of Trojan horse software called R2D2. German courts had permitted use of the software only when officials were fulfilling a legal wiretap order, and only to listen in on Skype conversations. But the R2D2 Trojan has allegedly been used by German authorities to send thousands of screen shots detailing suspects' Internet explorations, to keylog their typing, and in a host of other potentially illegal evidence-gathering methods. The solution, says Tien, is to design privacy right into the gadget in the first place, to minimize the inevitable temptations for law enforcement and security officials. "It doesn't bother me that (Kapsch) filed this patent. Surveillance technology is constantly being developed. There is money in surveillance," he said. "The question is less about lamenting the invention of these things and more about questioning our demand for surveillance, and thinking about the kind of society we are building and encouraging when we legitimize the continual, gradual architecting of the social world into a surveillance society." News of the camera patents comes as electronic toll collection continues to expand around the U.S. -- and while options for using the systems anonymously have finally become commonplace. After years of complaints from skeptics that E-Z Pass toll paying created an undesirable public record that could be used to track individuals, systems in Texas and Washington state now allow users to register for the devices without disclosing their identities. And a new "E-Z Pass On the Go" gadget is being sold in the Eastern U.S. that functions much like a disposable prepaid phone card, allowing anonymous use of the E-Z Pass tolls. E-Z Pass has had to beat back a lot of conspiracy theories through the years, Wilkins noted -- such as the idea that the gadgets would be used to catch speeders and issue tickets. E-Z Pass users now register very few complaints, he said, and are overwhelmingly happy with a system that helps them avoid delays at long toll booth lines. "The whole tracking thing is a bogus argument," said Wilkins. "If you have a cell phone you are being tracked anyway. Law enforcement can get to cell phone records just as easily (as E-Z Pass records). And the phone company keeps that data a very long time." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Oct 16 09:06:28 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 16 Oct 2011 10:06:28 -0400 Subject: [Infowarrior] - Anti-Piracy Outfit Tries to Erase History Message-ID: <6CDB0EBC-35CB-486E-BA75-B82FB9F1A5C8@infowarrior.org> (the last paragraph is the real takeaway here -- rick) Anti-Piracy Outfit Tries to Erase History ? Ernesto ? October 15, 2011 http://torrentfreak.com/anti-piracy-outfit-tries-to-erase-history-111015/ AiPlex Software made the news last year when their boss was quoted in the press admitting that his company launched DDoS attacks against several torrent sites. This confession resulted in an avalanche of negative PR and several retributive attacks from Anonymous. Today, a year later, AiPlex are attempting to erase these events from history by asking bloggers to take down their reports. While there have always been suspicions that anti-piracy outfits are actively DDoSing torrent sites, when the boss of the Indian company AiPlex Software admitted to using these tactics in public it still came as a shock. ?When we detect a website offering a link or a download, we contact the server hosts and intimate them about the illegal activity. They issue a notice to the site owner,? said AiPlex?s Girish Kumar in an interview with DNA. The above is nothing out of the ordinary, but where other content protection companies stop, AiPlex takes it up a notch. Uncooperative sites are not ignored but can expect to be taken offline by force. ?The problem is with torrent sites, which usually do not oblige. In such cases, we flood the website with requests, which results in database error, causing denial of service as each server has a fixed bandwidth capacity.? ?At times, we have to go an extra mile and attack the site and destroy the data to stop the movie from circulating,? Kumar said. In other words, AiPlex admitted to breaking the law by DDoSing several websites. This confession wasn?t received well by sympathizers of torrent sites, and under the name ?Operation Payback? Anonymous took out the company?s website for several weeks. Today, a year later, AiPlex is still claiming to be hurt by the unusual openness of their boss. In an attempt to make it all go away, they are trying to rewrite history by asking people who reported on the news to pull their posts. Several site owners forwarded us the same request, which is posted in full below. ?We kindly request you to deactivate the link as the article is defaming the company?s image & its prospects. It was mis-interpreted by the news agency which was blown out of proportion by some of the pirates across the globe,? the email starts. It further notes that the company is still suffering immense losses due to threats and continuous attacks from pirates. As we?ve seen before, the email from AiPlex also claims that the words of their boss have been misinterpreted. But this seems unlikely. The verbatim quotes can only be interpreted in one way and several torrent site owners told TorrentFreak that they were indeed threatened and attacked by AiPlex in the past. Interestingly, AiPlex has yet to contact TorrentFreak with a takedown request. This is odd since we are the source of all the articles that AiPlex is desperately trying to pull offline. Also, the original DNA article on which we based our report still remains online, completely unedited. The irony of it all is that Aiplex?s attempt to rewrite history have only resulted in attracting more attention for the mistakes they made in the past. For a tech company they seem to understand very little about how the Internet works, and they definitely have never heard of the Streisand effect. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Oct 16 13:03:27 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 16 Oct 2011 14:03:27 -0400 Subject: [Infowarrior] - BAC: Customers can't close their accounts if protesting Message-ID: <2D5B1589-263C-4183-A2AF-B2E3343C1FF4@infowarrior.org> Two protesters involved with Occupy Santa Cruz in California walked into Bank of America earlier this week to close their own accounts as part of the national protest against the greed and irresponsibility of Wall Street, which has only seen it?s profits soar since it nearly collapsed the economy back in 2008. So Bank of America naturally closed the accounts, right? Not even close. Rather than allow their customers to close their accounts, they told them that ?you can not be a protester and a customer at the same time.? The bank manager threatened to lock the doors and call the police to have their own customers arrested for the simple act of requesting the closure of their own accounts. The two women left the bank and called the police. The officer went into the bank and after talking to the manager, relayed a message to them. According to the bank manager, ?If they came in with the signs and they were part of the protest earlier, then they are protesters and cannot be customers at the same time.? < - > http://www.addictinginfo.org/2011/10/15/bank-of-america-refuses-to-allow-customers-to-close-their-accounts-at-occupy-santa-cruz-video/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Oct 17 16:35:24 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 17 Oct 2011 17:35:24 -0400 Subject: [Infowarrior] - U.S. Debated Cyberwarfare in Attack Plan on Libya Message-ID: <2C130667-9335-42EF-A63B-8EFE3B19769C@infowarrior.org> October 17, 2011 U.S. Debated Cyberwarfare in Attack Plan on Libya http://www.nytimes.com/2011/10/18/world/africa/cyber-warfare-against-libya-was-debated-by-us.html?_r=1&pagewanted=print By ERIC SCHMITT and THOM SHANKER WASHINGTON ? Just before the American-led strikes against Libya in March, the Obama administration intensely debated whether to open the mission with a new kind of warfare: a cyberoffensive to disrupt and even disable the Qaddafi government?s air-defense system, which threatened allied warplanes. While the exact techniques under consideration remain classified, the goal would have been to break through the firewalls of the Libyan government?s computer networks to sever military communications links and prevent the early-warning radars from gathering information and relaying it to missile batteries aiming at NATO warplanes. But administration officials and even some military officers balked, citing the precedent it might set for other nations, in particular Russia or China, to carry out cyberraids of their own, and questioning whether the attack could be mounted on such short notice. They were also unable to resolve whether the president had the power to proceed with such an attack without informing Congress. In the end, American officials rejected the cyberattacks and used conventional aircraft, cruise missiles and drones to strike the Libyan air-defense missiles and radars used in Col. Muammar el-Qaddafi?s government. This previously undisclosed debate among a small circle of advisers demonstrates that cyberweapons are a growing form of warfare. The question facing the United States is whether and when to cross the threshold into overt cyberattacks. A Stuxnet computer worm appears to have wiped out a part of Iran?s nuclear centrifuges last year and delayed its ability to produce nuclear fuel. Although no entity has acknowledged being the source of the poisonous code, some evidence suggests that the virus was an American-Israeli project. And the Pentagon and military contractors regularly repel attacks on their computer networks ? many coming from China and Russia. The Obama administration is revving up the nation?s digital capabilities, while publicly emphasizing only its efforts to defend vital government, military and public infrastructure networks. ?We don?t want to be the ones who break the glass on this new kind of warfare,? said James Andrew Lewis, a senior fellow at the Center for Strategic and International Studies, where he specializes in cyberissues. That reluctance peaked during planning for the opening salvos of the Libya mission, and it was repeated on a smaller scale several weeks later, when military planners suggested a far narrower computer-network attack to prevent Pakistani radars from spotting helicopters carrying Navy Seal commandos on the raid that killed Osama bin Laden on May 2. Again, the decision was no. Instead, specially modified, radar-evading Black Hawk helicopters ferried the strike team, and a still-secret stealthy surveillance drone was deployed. ?These cybercapabilities are still like the Ferrari that you keep in the garage and only take out for the big race and not just for a run around town, unless nothing else can get you there,? said one Obama administration official briefed on the cyberdiscussions, who, like the more than half-dozen officials interviewed for this article, spoke on the condition of anonymity or was not authorized to speak publicly about the classified cyberplanning. In the days ahead of the American-led airstrikes to take down Libya?s integrated air-defense system, a more serious debate was convened to consider the military effectiveness ? and potential legal complications ? of using cybertools to blind Libyan radars and missiles. ?They were seriously considered because they could cripple Libya?s air defense and lower the risk to pilots, but it just didn?t pan out,? said a senior Defense Department official. After a discussion described as thorough and never vituperative, the proposals were rejected before they reached the senior political levels of the White House. Gen. Carter F. Ham, the head of the military?s Africa Command, which led the two-week American air campaign against Libya until NATO assumed full control of the operation on March 31, would not comment on any proposed cyberattacks. In an interview, he said only that ?no capability that I ever asked for was denied.? Senior officials said a central reason a cyberoffensive was rejected for Libya was that it might not have been ready for use in time given that the rebel city of Benghazi was on the verge of being overrun by government forces. While popular fiction and films depict cyberattacks as easy to mount ? only a few computer keystrokes needed ? in reality it takes significant digital snooping to identify potential entry points and susceptible nodes in a linked network of communications systems, radars and missiles like that operated by the Libyan government, and then to write and insert the proper poisonous codes. ?It?s the cyberequivalent of fumbling around in the dark until you find the doorknob,? Mr. Lewis said. ?It takes time to find the vulnerabilities. Where is the thing that I can exploit to disrupt the network?? Had the computer-network attack gone ahead, administration officials said they were confident it could have been contained within Libyan networks and offered high promise of disrupting the regime?s integrated air-defense system. One unresolved concern was whether ordering a cyberattack on Libya might create domestic legal restrictions on war-making by the executive branch without Congressional permission. One question was whether the War Powers Resolution ? which requires the executive to formally report to lawmakers when it has introduced forces into ?hostilities? and sets a 60-day limit on such deployments if Congress does not authorize them to continue ? would be required for a purely cyber-based attack. The War Powers Resolution, a Vietnam-era law enacted over President Richard M. Nixon?s veto, does not define ?hostilities.? In describing its actions to Congress and the American people, the White House argued that its use of conventional forces in the Libyan intervention fell short of the level of hostilities requiring Congressional permission under either the Constitution or the resolution, citing the lack of ground forces and the supporting role the United States was playing in a multilateral effort to fulfill a United Nations resolution. Some officials also expressed concern about revealing American technological capabilities to potential enemies for what seemed like a relatively minor security threat to the United States. In the end, Libya?s air-defense network was dangerous but not exceptionally robust. American surveillance identified its locations, and it was degraded through conventional attacks. Charlie Savage contributed reporting. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Oct 17 17:16:32 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 17 Oct 2011 18:16:32 -0400 Subject: [Infowarrior] - ICANN takes over time zone database Message-ID: <77797AFD-DC50-4905-9405-98E7CD8A3888@infowarrior.org> ICANN takes over time zone database AAP, AAP on October 17th, 2011 (1 day ago) The organisation in charge of the internet's address system is taking over a database widely used by computers and websites to keep track of time zones around the world. The transition to the Internet Corporation for Assigned Names and Numbers, or ICANN, comes a week after the database was abruptly removed from a US government server because of a lawsuit claiming copyright infringement. Without this database and others like it, computers would display Greenwich Mean Time, or the time in London when it isn't on summer time. People would have to manually calculate local time when they schedule meetings or book flights. The Time Zone Database allows people to set clocks simply by choosing a city. Select New York, for example, and the computer will know that it is normally five hours behind London, but four hours during a brief period when the US is still on summer time and Britain is not. The database is updated more than a dozen times a year and is used by a range of computer operating systems, including Apple's Mac OS X, Oracle Corp, Unix and Linux, but not Microsoft's Windows. It's also used by several websites that tell people what the current time is around the world, or what time it will be in Sydney or Moscow next Tuesday at 8pm in Los Angeles. Some non-internet functions, such as calendar software, also incorporate the database. Although those functions continued to work after the database disappeared from the government's server, computer systems couldn't get updates to reflect changes in time zones and in the duration of summer time. Kim Davies, a technical manager at ICANN, said that because much of the internet depends on the database, its management by ICANN is consistent with the organisation's mission to maintain a stable internet. One of ICANN's main functions is to coordinate internet domain names ? the suffixes such as .com and .org in internet addresses. Those are key for allowing computers to find websites and route email. ICANN has been in discussions for months about taking over the database with the impending retirement of its long-time coordinator. Arthur David Olson, an employee of the National Institutes of Health (NIH) who volunteered as coordinator as a side project, began looking for a new home for the database in 2009. ICANN accelerated those discussions and took over management on Friday after the database was removed from NIH's server on 6 October, following a lawsuit over historical data used. Astrology software company Astrolabe argues that Olson and another volunteer at University of California, Los Angeles, should have paid royalties for including data from its software. The defendants have insisted that the data are in the public domain and not subject to copyright. Their employers were not named as defendants. The federal lawsuit, filed on 30 September in Boston, does not affect current time zone information, which comes from tips sent by volunteers through an email list. However, ICANN is keeping the historical information in the database. "We are aware of the lawsuit," Davies said. "We believe it's important to continue the operation of the database. We'll deal with any legal matters as they arise." URL:http://www.zdnet.com.au/icann-takes-over-time-zone-database-339324397.htm --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Oct 18 12:03:25 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 18 Oct 2011 13:03:25 -0400 Subject: [Infowarrior] - SocGen Strategist Blames Blogosphere for financial problems Message-ID: (Umm, yeah, okay.....it's the anonymous bloggers' fault. What-evarrrr. -- rick) SocGen Asia Strategist Has Near Fit On Bloomberg TV After Making It Clear That It's All The Blogosphere's Fault Submitted by Tyler Durden on 10/17/2011 10:58 -0400 http://www.zerohedge.com/news/socgen-asia-strategist-has-near-fit-bloomberg-tv-after-making-it-clear-its-all-blogospheres-fau SocGen's Todd Martin, who is the bank's Asia equity strategist (and, despite being regulated, failing to disclose he worked at Morgan Stanley previously), appeared on Bloomberg earlier today to discuss the Volcker Rule and prop trading, against which the anonymous blogosphere had some very "strong views" back in 2009 before anyone had even considered prop trading. Sure enough, prop trading ended a few months later with the adoption of the Volcker Rule. Somehow, the topic of the Volcker rule shifted to the topic of whether or not Morgan Stanley is exposed to France, and its insolvent banks (ahem), and who is to blame. Take a wild guess on Mr. Martin's opinion in the matter: "For example one blog just a week ago, had a very, very strong view against Morgan Stanley. They quoted Sanford Bernstein who actually was telling people to buy the stock. And then they were quoting Gross Exposures not Net, and then concluding that Morgan Stanley had to go down and be dismembered [sic]. Now I have a serious problem with this.... If I get regulated why isn't this place regulated. It's also very dangerous because they are using psudonames [sic] and we don't know who they are. They could be the guy on the street. They could be a hedge fund dangling out information. It could be the head of a prop desk. Thing is it is supposed to be regulated. And they get their revenues from trading platforms on US soil. And I don't think it's fair. And I think the US should go and take a look and regulate the blogosphere. I think it's really, really out of control." In other words: it is all the blogosphere's fault. Where does one start with that one. First, we understand why you are angry Todd: after all, your employer recently blamed the blogosphere for blowing out the spreads of SocGen, which then used the stress test part two to defend itself... You know, the same stress test that saw insolvent Dexia pass with flying colors if not in first place. Second, we inquire Todd and his regulators, to advise on how it is that he concluded that a "blog" had "very, very strong views" on a company when the only information presented was a blurb from a 10-K with the following advice: "We'll leave it up to readers to find the relevant number." Furthermore, the AB report was naturally quoted as follows: "As for the coup de grace in the AB report, it is this piece of rhetorical brilliance: "Over the last six months, there have been 5,600+ articles published by the press on the subject of "French Banks" and "Credit Risk". We believe Morgan Stanley's risk management staff and its trading units are fully aware of the highly publicized risks emanating from Europe and warnings about the firm's potential exposure to a European Sovereign crisis."" Apparently they were, and their only defense is "bilateral netting" which failed with an epic bang when AIG was nationalized, and had to hope and pray for mainstream media rumors and a wholesale market squeeze to send their stock higher, thus avoiding a death spiral. Lastly we won't go into the accuracy of Mr. Martin's China predictions (we are happy to) and leave the question of "fairness" to those who may have followed his regulated advice. But our advice is this: Mr. Martin's credibility and future employment status is predicated upon his accuracy, not to mention how much money SocGen will be able to take out of taxpayers when and if it is forced to recapitalize shortly (which uber-regulated Credit Suisse seems to have some very, very strong thoughts about and believes it is the most undercapitalized bank in Europe). He should probably worry about that. And let the anonymous blogosphere worry about its own credibility. After all, if there is none, nobody will listen to it, even if "it is out there." If, however, it provides critical information that is missing because gentlemen like Mr. Martin are conflicted from telling the truth when their own job is at stake, then we say: onward, upward, and always twirling, twirling, twirling. Because without the natural filter to the endless bullshit that the sellside spews forth (where was Mr. Martin warning that Dexia was about to fail and actually saving people money for a change?), losses at the retail level would be orders of magnitude higher. As for revenues, Mr Martin, it is all ads we are afraid: feel free to click on one or two, because we doubt we will be bailed out when we need a few billion in bailout funding. Full truly hilarious clip of a sellsider having a near-nervous breakdown due to a blog. Fast forward to 4 minutes in. < - > http://www.zerohedge.com/news/socgen-asia-strategist-has-near-fit-bloomberg-tv-after-making-it-clear-its-all-blogospheres-fau --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Oct 18 17:53:01 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 18 Oct 2011 18:53:01 -0400 Subject: [Infowarrior] - Ruling Sets Back Stem-Cell Scientists in Europe Message-ID: ? HEALTH INDUSTRY ? OCTOBER 18, 2011, 4:27 P.M. ET Ruling Sets Back Stem-Cell Scientists in Europe By GAUTAM NAIK http://online.wsj.com/article/SB10001424052970204346104576639010759884794.html Europe's top court ruled Tuesday that any research involving the destruction of human embryos can't be patented, a decision that deals a blow to scientists on the continent but gives an edge to those in the U.S. and other countries. The ruling by the European Court of Justice doesn't prevent scientists from experimenting with cells plucked from human embryos?which destroys the embryo?but it removes a key commercial incentive for biotechnology and pharmaceutical companies to back stem-cell research in Europe. Stem cells obtained from embryos can become all other cells in the body, which makes them a potential tool for repairing and regenerating diseased organs and tissue. "Companies now will not invest in these technologies because they cannot safeguard their investment" through patents, said stem-cell researcher Oliver Bruestle of the University of Bonn, in an interview following the ruling. The case centered on a technique he invented to make nerve cells from human embryonic cells. "It's a bitter pill for all of us to swallow." Dr. Bruestle's 1997 patent was challenged by Greenpeace in Germany on the basis of a European Union directive banning the patenting of inventions whose commercialization violates public order or "morality." A German court then decided Dr. Bruestle's patent was invalid. After he appealed the decision, Germany's federal court referred questions about the case to the European Court of Justice in Luxembourg. An advocate there handed down a legal decision, and this was largely upheld on Tuesday. There are no further legal appeals available to Dr. Bruestle. Greenpeace has long argued that patents should only be granted to human inventions, and has opposed patents on plants, animals, genes and smaller parts of DNA. "We're not against research on human embryonic stem cells," said Christoph Then, a spokesman for the group. "But this involves the commercialization of the human body, which we are against." Stem cells are typically derived from 80-to-100-cell embryos?each the size of a pinhead?that are left over from fertility treatments and donated for research. For some people, the destruction of embryos in the extraction of stem cells is tantamount to destroying a human life. The latest decision means that techniques invented by scientists in Europe involving human embryonic stem cells can now be safely copied by rival scientists without fear of violating European intellectual-property laws or having to pay licensing fees. European scientists can still get patents to protect their work in non-European markets. Patents awarded outside Europe are unaffected by the decision. The ruling could deter companies from investing in European labs that work with human embryos. And scientists outside Europe said the ruling could help researchers in the U.S and elsewhere who are also working on embryonic stem-cell science. "Of all the intellectual work being done in Europe, if something is successful it will now be [commercialized] by a company outside Europe" where patent protection is available, said Robert Lanza, chief scientific officer at Advanced Cell Technology Inc. in Marlborough, Mass. "Europe is basically exporting its research?it is unfortunate." The decision comes at a time when embryonic stem-cell research, long a controversial field, is starting to attract commercial attention from biotechnology and pharmaceutical companies operating in Europe. Next year, for example, Pfizer Inc. and scientists at University College London, hope to begin a human trial in the U.K. using embryonic stem cells to treat age-related macular degeneration, a common problem in the elderly that can cause blindness. In September, Advanced Cell Technology received U.K. regulatory permission to use a product derived from human embryonic stem cells in a human trial for Stargardt's macular dystrophy, a rare condition that can cause vision loss. The company says its work in Europe won't be affected by the latest patent ruling because it involves cell lines created from a very early stage embryo?eight cells in size?in a way that doesn't destroy the embryo. The legal ruling is likely to hit scientists in the U.K. and Sweden especially hard since they own a large chunk of stem-cell-related patents in Europe. Researchers in the two countries together own more than 100 such patents, according to Dr. Bruestle. His own lab has converted human embryonic stem cells into nerve cells, which have been genetically changed to release a particular substance that inhibits epileptic seizures. Dr. Bruestle now intends to see if such human-derived cells can stop seizures in mice. If successful, he might move on to human trials. Write to Gautam Naik at gautam.naik at wsj.com --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Oct 18 21:01:55 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 18 Oct 2011 22:01:55 -0400 Subject: [Infowarrior] - Georgia Tech Turns iPhone Into spiPhone Message-ID: <7D1ACDC8-61C9-4C67-8C13-21B05C632D54@infowarrior.org> Georgia Tech Turns iPhone Into spiPhone Posted October 17, 2011 Atlanta, GA Patrick Traynor - spiPhone (image/jpeg) Download image http://www.gatech.edu/newsroom/release.html?nid=71506 ATLANTA ? Oct. 18, 2011 ? It?s a pattern that no doubt repeats itself daily in hundreds of millions of offices around the world: People sit down, turn on their computers, set their mobile phones on their desks and begin to work. What if a hacker could use that phone to track what the person was typing on the keyboard just inches away? A research team at Georgia Tech has discovered how to do exactly that, using a smartphone accelerometer?the internal device that detects when and how the phone is tilted?to sense keyboard vibrations and decipher complete sentences with up to 80 percent accuracy. The procedure is not easy, they say, but is definitely possible with the latest generations of smartphones. ?We first tried our experiments with an iPhone 3GS, and the results were difficult to read,? said Patrick Traynor, assistant professor in Georgia Tech?s School of Computer Science. ?But then we tried an iPhone 4, which has an added gyroscope to clean up the accelerometer noise, and the results were much better. We believe that most smartphones made in the past two years are sophisticated enough to launch this attack.? Previously, Traynor said, researchers have accomplished similar results using microphones, but a microphone is a much more sensitive instrument than an accelerometer. A typical smartphone?s microphone samples vibration roughly 44,000 times per second, while even newer phones? accelerometers sample just 100 times per second?two full orders of magnitude less often. Plus, manufacturers have installed security around a phone?s microphone; the phone?s operating system is programmed to ask users whether to give new applications access to most built-in sensors, including the microphone. Accelerometers typically are not protected in this way. The technique works through probability and by detecting pairs of keystrokes, rather than individual keys (which still is too difficult to accomplish reliably, Traynor said). It models ?keyboard events? in pairs, then determines whether the pair of keys pressed is on the left versus right side of the keyboard, and whether they are close together or far apart. After the system has determined these characteristics for each pair of keys depressed, it compares the results against a preloaded dictionary, each word of which has been broken down along similar measurements (i.e., are the letters left/right, near/far on a standard QWERTY keyboard). Finally, the technique only works reliably on words of three or more letters. For example, take the word ?canoe,? which when typed breaks down into four keystroke pairs: ?C-A, A-N, N-O and O-E.? Those pairs then translate into the detection system?s code as follows: Left-Left-Near, Left-Right-Far, Right-Right-Far and Right-Left-Far, or LLN-LRF-RRF-RLF. This code is then compared to the preloaded dictionary and yields ?canoe? as the statistically probable typed word. Working with dictionaries comprising about 58,000 words, the system reached word-recovery rates as high as 80 percent. ?The way we see this attack working is that you, the phone?s owner, would request or be asked to download an innocuous-looking application, which doesn?t ask you for the use of any suspicious phone sensors,? said Henry Carter, a PhD student in computer science and one of the study?s co-authors. ?Then the keyboard-detection malware is turned on, and the next time you place your phone next to the keyboard and start typing, it starts listening.? Mitigation strategies for this vulnerability are pretty simple and straightforward, Traynor said. First, since the study found an effective range of just three inches from a keyboard, phone users can simply leave their phones in their purses or pockets, or just move them further away from the keyboard. But a fix that puts less onus on users is to add a layer of security for phone accelerometers. ?The sampling rate for accelerometers is already pretty low, and if you cut it in half, you start to approach theoretical limitations that prevent eavesdropping. The malware simply does not have the data to work with,? Traynor said. ?But most phone applications can still function even with that lower accelerometer rate. So manufacturers could set that as the default rate, and if someone downloads an application like a game that needs the higher sampling rate, that would prompt a permission question to the user to reset the accelerometer.? In the meantime, Traynor said, users shouldn?t be paranoid that hackers are tracking their keystrokes through their iPhones. ?The likelihood of someone falling victim to an attack like this right now is pretty low,? he said. ?This was really hard to do. But could people do it if they really wanted to? We think yes.? The finding is reported in the paper, ?(sp)iPhone: Decoding Vibrations From Nearby Keyboards Using Mobile Phone Accelerometers,? and will be presented Thursday, Oct. 20, at the 18th ACM Conference on Computer and Communications Security in Chicago. In addition to Carter, Traynor?s coauthors include Georgia Tech graduate student Arunabh Verman and Philip Marquardt of the MIT Lincoln Laboratory. ### About the Georgia Tech College of Computing The Georgia Tech College of Computing is a national leader in the creation of real-world computing breakthroughs that drive social and scientific progress. With its graduate program ranked 10th nationally by U.S. News and World Report, the College?s unconventional approach to education is defining the new face of computing by expanding the horizons of traditional computer science students through interdisciplinary collaboration and a focus on human-centered solutions. For more information about the Georgia Tech College of Computing, its academic divisions and research centers, please visit http://www.cc.gatech.edu. Contact Michael Terrazas Assistant Director of Communications College of Computing at Georgia Tech mterraza at cc.gatech.edu 404-245-0707 --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Oct 18 21:06:38 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 18 Oct 2011 22:06:38 -0400 Subject: [Infowarrior] - Out ACTA-ing ACTA Message-ID: <1C87B319-29F8-4CC5-A22C-A8BB55E14D4B@infowarrior.org> Tue, Oct 18th 2011 2:30pm Out ACTA-ing ACTA: All TPP Negotiating Documents To Be Kept Secret Until Four Years After Ratification from the it's-a-secret-it's-a-secret dept The Anti-Counterfeiting Trade Agreement (ACTA) has now been signed by several nations ? even if its actual status is by no means clear. But that doesn't mean governments have finished with their trade negotiations behind closed doors. As Techdirt reported earlier this year, the Trans Pacific Partnership (TPP) agreement is, in some ways, even worse than ACTA, and looks to be a conscious attempt to apply the tricks developed there to circumvent scrutiny yet further. < - > http://www.techdirt.com/articles/20111018/05561916398/out-acta-ing-acta-all-tpp-negotiating-documents-to-be-kept-secret-until-four-years-after-ratification.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Oct 19 06:35:50 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 19 Oct 2011 07:35:50 -0400 Subject: [Infowarrior] - EFF Gets Straight Privacy Answers From Amazon About New "Silk" Tablet Browser Message-ID: https://www.eff.org/2011/october/amazon-fire%E2%80%99s-new-browser-puts-spotlight-privacy-trade-offs October 18, 2011 - 4:28pm | By Dan Auerbach EFF Gets Straight Privacy Answers From Amazon About New "Silk" Tablet Browser Amazon recently announced that the new Kindle Fire tablet will ship with a brand new browser called Silk. The Silk browser works in ?cloud acceleration? mode by routing most webpage requests through servers controlled by Amazon. The idea is to capitalize on Amazon?s powerful AWS cloud servers to parallelize and hence speed up downloading web page elements, and then pass that information back to the tablet through a persistent connection using the SPDY protocol. This protocol is generally faster than the standard HTTP protocol. This split-browser idea, not unique to Amazon, is a departure from the way major browsers work today. Following the announcement, security experts as well as lawmakers have raised privacy questions and concerns about Silk. After all, while in cloud acceleration mode, the user is trusting Amazon with an incredible amount of information. This is because Amazon is sitting in the middle of most communications between a user's Fire tablet on the one hand, and the website she chooses to visit on the other. This puts Amazon in a position to track a user's browsing habits and possibly sensitive content. As there were a lot of questions that the Silk announcement left unresolved, we decided to follow up with Amazon to learn more about the privacy implications. Our conversation with Amazon allayed many of our major concerns. Cloud acceleration mode is the default setting, but Amazon has assured us it will be easy to turn off on the first page of the browser settings menu. When turned off, Silk operates as a normal web browser, sending the requests directly to the web sites you are visiting. Regarding cloud acceleration mode, here is what we found out: SSL Traffic Amazon does not intercept encrypted traffic, so your communications over HTTPS would not be accelerated or tracked. According to Jon Jenkins, director of Silk development, ?secure web page requests (SSL) are routed directly from the Kindle Fire to the origin server and do not pass through Amazon?s EC2 servers.? In other words, no HTTPS requests will ever use cloud acceleration mode. Given the prevalence of web pages served over HTTPS, this gives Amazon good incentive to make Silk fast and usable even when cloud acceleration is off. Turning it off completely should be a viable option for users. Logging For the persistent SPDY connection between the device and Amazon?s servers, Amazon assures us that the only pieces of information from the device that are regularly logged are: ? URL of the resource being requested ? Timestamp ? Token identifying a session This data is logged for 30 days. The token has no identifying information about a device or user and is only used to identify a particular session. Indeed, Jenkins said, ?individual identifiers like IP and MAC addresses are not associated with browsing history, and are only collected for technical troubleshooting.? We repeatedly asked if there was any way to associate the logged information with a particular user or Amazon account, and we were told that there was not, and that Amazon is not in a position to track users. No information about the outgoing requests from the AWS servers is logged. With respect to caching, Amazon follows caching headers, which offers some protection against caching sensitive information sent over HTTP. Analysis It is good that Amazon does not receive your encrypted traffic, and does not record any identifying information about your device. And there are other benefits to user privacy that can result from cloud acceleration mode. For one, the persistent SPDY connection between the user?s tablet and Amazon?s servers is always encrypted. Accordingly, if you are using your tablet on an open Wifi network, other users on that network will not be able to spy on your browsing behavior. Amazon does not act like an anonymizing proxy, because it does not shield your IP address from the websites you visit or strip unnecessary information out of the outgoing request. Indeed, because the XFF header is set for HTTP requests, your IP is still passed through to the websites you visit. Other headers, such as the HTTP referer header, are set as normal. Thus, the website you are visiting using Silk has access to the exact same information that it would if you were using a normal browser. Remaining Privacy Concerns Though we are happy about some of the ways the browser protects the end user's privacy, a couple of serious privacy concerns remain that are worth pointing out. First of all, Amazon stores URLs you visit, and these sometimes contain identifying information. To pick a prominent example, there is an opportunity to identify people through their search history with some degree of accuracy. Indeed, given the common practice employed by search engines of putting query terms in the URL as parameters, Amazon will effectively have a database of user search histories across many different search engines. As evidenced by the AOL search history debacle, there is always a chance that search queries--even if they are unlinkable to otherwise uniquely identifying data--can effectively identify individuals. It is worth noting that unlike that AOL data set, Amazon will only be able to link a set of queries to a given browsing session, not an anonymized user that persists indefinitely over time. Second, in addition to URLs, the content of the EC2 servers' cache might in some instances might contain information that could identify an individual. Moreover, the data collected by Amazon provides a ripe source of users' collective browsing habits, which could be an attractive target for law enforcement. For users who are worried about these privacy issues and about putting a lot of trust in Amazon to keep their data safe, we recommend turning off cloud acceleration. Conclusion We are generally satisfied with the privacy design of Silk, and happy that the end user has control over whether to use cloud acceleration. But this new technology highlights the need for better online privacy protections. As companies continue to innovate in ways that make novel uses of--and expose much more personal data to--the internet cloud, it's critical that the legal protections for that data keep up with changes technology. That's why we have teamed up with groups like the ACLU and companies like Google and Facebook as well as Amazon to push for a digital upgrade to the Electronic Communications Privacy Act, which was signed into law 25 years ago this week. Please get involved by signing our petition and sharing it with others. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Oct 19 06:39:14 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 19 Oct 2011 07:39:14 -0400 Subject: [Infowarrior] - =?windows-1252?q?Scammers_Try_To_Trick_Cash_From_?= =?windows-1252?q?Surprised_=91File-Sharers=92?= Message-ID: <71A1B573-4AC9-4DDB-9245-337A167798D3@infowarrior.org> (Like everyone BUT the French government could see this coming. --- rick) Scammers Try To Trick Cash From Surprised ?File-Sharers? ? enigmax ? October 13, 2011 With hundreds of thousands of warnings already sent out, chances are that soon most French Internet users will know someone who has received one. Unsurprisingly, scammers are now riding the wave of publicity and uncertainty by sending out fake Hadopi emails which trick users into requesting more information about their ?infringements? which cost them money. < - > http://torrentfreak.com/scammers-try-to-trick-cash-from-surprised-file-sharers-111013/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Oct 19 18:02:11 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 19 Oct 2011 19:02:11 -0400 Subject: [Infowarrior] - Waaaay OT: Shatner is God. (video) Message-ID: Need I say more? :) William Shatner - Bohemian Rhapsody [Official Music Video] http://www.youtube.com/watch?v=cKo4FMzt_hM --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Oct 20 07:43:32 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 20 Oct 2011 08:43:32 -0400 Subject: [Infowarrior] - GAO: Federal Reserve Board Rife With Conflict of Interest Message-ID: <5B82637A-4638-4BC1-81AC-CD0F492A9720@infowarrior.org> Federal Reserve Board Rife With Conflict of Interest, GAO Report (ABC): The makeup of the Federal Reserve?s board of directors poses a conflict of interest and there is concern that several financial firms and corporations could have reaped monetary benefits from their executives? close ties to the Fed, according to a new report released today by the Government Accountability Office. In one case, the Federal Reserve consulted with General Electric on the creation of a commercial paper funding facility and then provided $16 billion in financing to the company while its chief executive, Jeffrey Immelt, served as a director on the board of the Federal Reserve Bank of New York. Immelt is now President Obama?s ?jobs czar.? JP Morgan Chase could also have benefited from its chief executive Jamie Dimon?s position on the board of the Federal Reserve Bank of New York, according to the GAO. The bank received emergency loans from the Federal Reserve at the same time it served as the clearinghouse for the Fed?s emergency lending program. The Federal Reserve gave JP Morgan Chase an 18-month exemption from risk-based leverage and capital requirements in 2008, the same year that the Fed gave it $29 billion to acquire Bear Stearns, according to the GAO. Similarly, Lehman Brothers? chief executive Richard Fuld served on the board of the Federal Reserve Bank of New York at the same time one of its subsidiaries participated in the Fed?s emergency programs. The Federal Reserve system has come under increased scrutiny in recent years, particularly for the structure of its board of directors. Executives of banks and companies that are regulated by the Fed, and that receive emergency funding from it, often serve on the board. < -- > more < -- > http://publicintelligence.net/federal-reserve-board-has-serious-conflicts-of-interest/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Oct 24 12:13:17 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 24 Oct 2011 13:13:17 -0400 Subject: [Infowarrior] - USG Could Hide Existence of Records under FOIA Rule Proposal Message-ID: Government Could Hide Existence of Records under FOIA Rule Proposal by Jennifer LaFleur ProPublica, Oct. 24, 2011, 10:26 a.m. http://www.propublica.org/article/government-could-hide-existence-of-records-under-foia-rule-proposal A proposed rule to the Freedom of Information Act would allow federal agencies to tell people requesting certain law-enforcement or national security documents that records don?t exist ? even when they do. Under current FOIA practice, the government may withhold information and issue what?s known as a Glomar denial that says it can neither confirm nor deny the existence of records. The new proposal ? part of a lengthy rule revision by the Department of Justice ? would direct government agencies to ?respond to the request as if the excluded records did not exist." Open-government groups object. "We don?t believe the statute allows the government to lie to FOIA requesters,? said Mike German, senior policy counsel for the American Civil Liberties Union, which opposes the provision. The ACLU, along with Citizens for Responsibility and Ethics in Washington and OpenTheGovernment.org said the move would ?dramatically undermine government integrity by allowing a law designed to provide public access to government to be twisted. The Glomar denial arose in the mid-1970s when a Los Angeles Times reporter requested information about the CIA?s Glomar Explorer, built to recover a sunken Soviet submarine and the CIA?s attempt to suppress stories about it. But the advocacy groups propose another response: You have requested ??records which, if they exist, would not be subject to the disclosure requirements of FOIA...? They prefer such language because a last resort is to sue to obtain the records, something people requesting information might not do if they assumed that no records existed. Open government groups also contend that the proposed rule could undermine judicial proceedings. In a recent case brought by the ACLU of Southern California, the FBI denied the existence of documents. But the court later discovered that the documents did exist. In an amended order, U.S. District Judge Cormac Carney wrote that the ?Government cannot, under any circumstance, affirmatively mislead the Court.? DOJ?s draft FOIA rule was first published in March, but DOJ re-opened comment submissions in September at the request of open-government groups. The new comment period ended October 19. The DOJ did not immediately respond to a request for comment. We will update as soon as it does. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Oct 25 08:20:03 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 25 Oct 2011 09:20:03 -0400 Subject: [Infowarrior] - New radar detector lets drivers 'un-friend' speed cameras Message-ID: New radar detector lets drivers 'un-friend' speed cameras http://www.wtop.com/?nid=41&sid=2606117 Tuesday - 10/25/2011, 8:31am ET Evan Haning, wtop.com WASHINGTON -- A new combination radar detector and social networking device alerts its owner and other nearby drivers whenever it spots a speed camera. The ESCORT Live uses Bluetooth technology to transmit warnings about laser guns to smartphones, before drivers are in range. When a driver is near a speed trap or speed camera, a "laser detected" alert is relayed to other drivers in the ESCORT Live network. The alerts display a directional location arrow, distance-to-arrive, and change color and transparency, depending on the warning's relevance. Rather than helping people cheat traffic laws, Triple-A Mid-Atlantic spokesman Lon Anderson says the device may reduce speeding. "Police often say that the purpose of speed cameras is to deter speeding, not to rack up tickets. Well, if that's the case, I think we may see a lot of police that are very happy." Despite the possibility of radar detectors having an ultimately positive effect on traffic safety, they are illegal in Virginia. "Even if you've got one in your car and it's unplugged, you can be ticketed for that," Anderson warns. ESCORT Live went on sale Monday and is being offered to current ESCORT owners at an introductory price of $79.95. Follow Evan Haning and WTOP on Twitter. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Oct 25 08:20:03 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 25 Oct 2011 09:20:03 -0400 Subject: [Infowarrior] - New radar detector lets drivers 'un-friend' speed cameras Message-ID: New radar detector lets drivers 'un-friend' speed cameras http://www.wtop.com/?nid=41&sid=2606117 Tuesday - 10/25/2011, 8:31am ET Evan Haning, wtop.com WASHINGTON -- A new combination radar detector and social networking device alerts its owner and other nearby drivers whenever it spots a speed camera. The ESCORT Live uses Bluetooth technology to transmit warnings about laser guns to smartphones, before drivers are in range. When a driver is near a speed trap or speed camera, a "laser detected" alert is relayed to other drivers in the ESCORT Live network. The alerts display a directional location arrow, distance-to-arrive, and change color and transparency, depending on the warning's relevance. Rather than helping people cheat traffic laws, Triple-A Mid-Atlantic spokesman Lon Anderson says the device may reduce speeding. "Police often say that the purpose of speed cameras is to deter speeding, not to rack up tickets. Well, if that's the case, I think we may see a lot of police that are very happy." Despite the possibility of radar detectors having an ultimately positive effect on traffic safety, they are illegal in Virginia. "Even if you've got one in your car and it's unplugged, you can be ticketed for that," Anderson warns. ESCORT Live went on sale Monday and is being offered to current ESCORT owners at an introductory price of $79.95. Follow Evan Haning and WTOP on Twitter. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Oct 25 14:20:08 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 25 Oct 2011 15:20:08 -0400 Subject: [Infowarrior] - Mica: Secret TSA report will "knock your socks off" Message-ID: <51F78F2C-2AED-4663-A744-738E0A994338@infowarrior.org> Congressman: Secret Report On TSA Pat Downs, Body Scanner Failures Will ?Knock Your Socks Off? http://www.infowars.com/congressman-secret-report-on-tsa-pat-downs-body-scanner-failures-will-knock-your-socks-off/ ?Off the charts? failure rate ?sort of like the record of the Marx Brothers? Steve Watson Infowars.com October 25, 2011 The chairman of the House Transportation and Infrastructure Committee, which oversees the TSA, has asserted that the release of a classified report on TSA security failures will renew calls for the replacement of the agency with private airport security personnel. ?The failure rate (for body scanning equipment) is classified but it would absolutely knock your socks off,? Florida Republican, Rep. John L. Mica told reporters during a briefing Monday. Mica also asserted that recorded instances of pat downs failing to detect contraband are ?off the charts.? This information is also currently still classified, but is due to be released within weeks as part of an upcoming committee report on the TSA?s first decade. Mica suggested that the TSA?s performance report would read ?sort of like the record of the Marx Brothers?. The TSA has withheld results of its official security tests, despite repeated requests to release the information under the Freedom of Information Act. The Department of Homeland Security has classified the results of the most recent random, covert ?red team tests,? where undercover agents try to see what they can get past airport security. The reason they have done so, according to MIca, is because the results have been so shockingly and consistently bad for the past nine years. Mica further slammed the TSA Monday, ripping into the agency?s latest experimental security ?chat down? procedure. The chairman referred to the pilot program of ?behaviour detection? being tested at Boston Logan airport as an ?idiotic mess?. Describing the program as a poor man?s version of Israeli interrogation security techniques, Mica noted that that the pilot is merely an extension of an already existing program that the Government Accountability Office concluded had little scientific credibility and had cost ?a quarter billion? in hiring additional TSA officers. ?This is no joke,? Mica told reporters at the briefing, adding that he had personally visited Logan airport and witnessed first hand the failures of the program. ?I put my ear up and listened to some idiotic questions,? Mica said of the ?chat down? procedure, also noting that TSA officers expressed a lack of understanding of the program they had supposedly been trained to engage in. ?I talked to them about their training, which was minimal,? Mica said, adding ?It?s almost idiotic? It?s still not a risk-based system. It?s not a thinking system.? The program is set to be beta tested in Detroit next, before being rolled out nationwide. Mica repeatedly argued that the TSA?s role at airports could be undertaken in a more efficient and less costly manner by private companies, albeit ultimately still under the supervision of the federal government. Back in March, the Congressman charged that the TSA intentionally fixed data to ensure that federal workers were employed to screen airport passengers, rather than private contractors. ?TSA cooked the books to try to eliminate the federal-private screening program,? said Mica at the time. The Congressman was referring to revelations from federal auditors that cost differentials between federal employees and private contractors were overstated by the TSA. Though the agency contends it was an ?error?, The TSA made it appear that it was more cost effective for airports to use federal government workers for security ?by increasing the costs for private-contractor screeners relative to federal screeners,? government auditors wrote. The 2001 Aviation Transportation Security Act, which created the TSA, contained an option written in by Congress allowing airports to choose between using TSA workers and private screeners. It is known as the Security Partnership Program (SPP). Currently, sixteen airports throughout the country use private contractors under the SPP, however, the TSA has since actively prevented other airports from joining the program, as more and more express an interest in dropping the federal workforce in wake of an epidemic of TSA scandals and failures. Mica, who helped create the TSA after 9/11, has repeatedly stated that he believes the agency is now completely out of control and believes it should be radically reformed. ?????????????????????? Steve Watson is the London based writer and editor for Alex Jones? Infowars.net, and Prisonplanet.com. He has a Masters Degree in International Relations from the School of Politics at The University of Nottingham in England. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Oct 26 07:26:22 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 26 Oct 2011 08:26:22 -0400 Subject: [Infowarrior] - Who Else Was Hit by the RSA Attackers? Message-ID: The data breach disclosed in March by security firm RSA received worldwide attention because it highlighted the challenges that organizations face in detecting and blocking intrusions from targeted cyber attacks. The subtext of the story was that if this could happen to one of the largest and most integral security firms, what hope was there for organizations that aren?t focused on security? Security experts have said that RSA wasn?t the only corporation victimized in the attack, and that dozens of other multinational companies were infiltrated using many of the same tools and Internet infrastructure. But so far, no one has been willing to talk publicly about which other companies may have been hit. Today?s post features a never-before-published list of those victim organizations. The information suggests that more than 760 other organizations had networks that were compromised with some of the same resources used to hit RSA. Almost 20 percent of the current Fortune 100 companies are on this list. Since the RSA incident was disclosed, lawmakers in the U.S. Congress have taken a renewed interest in so-called ?advanced persistent threat? or APT attacks. Some of the industry?s top security experts have been summoned to Capitol Hill to brief lawmakers and staff about the extent of the damage. The information below was shared with congressional staff. Below is a list of companies whose networks were shown to have been phoning home to some of the same control infrastructure that was used in the attack on RSA. The first victims appear to have begun communicating with the attacker?s control networks as early as November 2010. A few caveats are in order here. First, many of the network owners listed are Internet service providers, and are likely included because some of their subscribers were hit. Second, it is not clear how many systems in each of these companies or networks were compromised, for how long those intrusions persisted, or whether the attackers successfully stole sensitive information from all of the victims. Finally, some of these organizations (there are several antivirus firms mentioned below) may be represented because they intentionally compromised internal systems in an effort to reverse engineer malware used in these attacks. Among the more interesting names on the list are Abbott Labs, the Alabama Supercomputer Network, Charles Schwabb & Co., Cisco Systems, eBay, the European Space Agency, Facebook, Freddie Mac, Google, the General Services Administration, the Inter-American Development Bank, IBM, Intel Corp., the Internal Revenue Service (IRS), the Massachusetts Institute of Technology, Motorola Inc., Northrop Grumman, Novell, Perot Systems, PriceWaterhouseCoopers LLP, Research in Motion (RIM) Ltd., Seagate Technology, Thomson Financial, Unisys Corp., USAA, Verisign, VMWare, Wachovia Corp., and Wells Fargo & Co. At the end of the victim list is a pie chart that shows the geographic distribution of the command and control networks used to coordinate the attacks. The chart indicates that the overwhelming majority of the C&Cs are located in or around Beijing, China. < - list follows - > http://krebsonsecurity.com/2011/10/who-else-was-hit-by-the-rsa-attackers/#more-11975 --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Oct 26 08:18:45 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 26 Oct 2011 09:18:45 -0400 Subject: [Infowarrior] - How the Patriot Act stripped me of my free-speech rights Message-ID: How the Patriot Act stripped me of my free-speech rights By Nicholas Merrill, Published: October 25 http://www.washingtonpost.com/opinions/how-the-patriot-act-stripped-me-of-my-free-speech-rights/2011/10/20/gIQAXB53GM_print.html Sometime in 2012, I will begin the ninth year of my life under an FBI gag order, which began when I received what is known as a national security letter at the small Internet service provider I owned. On that day in 2004 (the exact date is redacted from court papers, so I can?t reveal it), an FBI agent came to my office and handed me a letter. It demanded that I turn over information about one of my clients and forbade me from telling ?any person? that the government had approached me. National security letters are issued by the FBI, not a judge, to obtain phone, computer, and banking information. Instead of complying, I spoke with a lawyer at the American Civil Liberties Union and filed a constitutional challenge against the NSL provision of the Patriot Act, which was signed into law 10 years ago Wednesday. A decade later, much of the government?s surveillance policy remains shrouded in secrecy, making it impossible for the American public to engage in a meaningful debate on the effectiveness or wisdom of various practices. The government has used NSLs to collect private information on hundreds of thousands of people. I am the only person from the telecommunications industry who received one to ever challenge in court the legality of the warrantless NSL searches and the associated gag order and to be subsequently (partially) un-gagged. In 2004, it wasn?t at all clear whether the FBI would charge me with a crime for telling the ACLU about the letter, or for telling the court clerk about it when I filed my lawsuit as ?John Doe.? I was unable to tell my family, friends, colleagues or my company?s clients, and I had to lie about where I was going when I visited my attorneys. During that time my father was battling cancer and, in 2008, he succumbed to his illness. I was never able to tell him what I was going through. For years, the government implausibly claimed that if I were able to identify myself as the plaintiff in the case, irreparable damage to national security would result. But I did not believe then, nor do I believe now, that the FBI?s gag order was motivated by legitimate national security concerns. It was motivated by a desire to insulate the FBI from public criticism and oversight. In 2007, this newspaper made an exception to its policy against anonymous op-eds and published a piece I wrote about my predicament. In August 2010, the government agreed to a settlement, and I was finally allowed to reveal my name to the public in connection with my case, but I am still prevented ? under the threat of imprisonment ? from discussing any fact that was redacted in the thousands of pages of court documents, including the target of the investigation or what information was sought. I don?t believe that it?s right for Americans? free speech rights to be bound by perpetual gag orders that can?t be meaningfully challenged in a court of law. The courts agreed, but the NSLs and the gag orders live on. Now the FBI is supposed to notify NSL recipients that they can challenge a gag order ? but the government refuses to say how the court?s ruling has been put into practice, or how many gag orders have been issued, challenged or reversed. This information is especially important since internal Justice Department investigations have found widespread violations of NSL rules by the FBI. During the recent debate to reauthorize sections of the Patriot Act, two members of the Senate Intelligence Committee ? Mark Udall (D-Colo.) and Ron Wyden (D-Ore.) ? warned that the government is interpreting the law to conduct surveillance that does not follow from a plain reading of the text. ?When the American people find out how their government has secretly interpreted the Patriot Act, they will be stunned and they will be angry,? Wyden said. As someone who had to keep silent and live a lie for the better part of a decade, in the false name of ?national security,? I know he?s right. The writer is executive director of the Calyx Institute, a nonprofit organization that promotes ?best practices? with regard to privacy and freedom of expression in the telecommunications industry. ? The Washington Post Company --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Oct 26 09:00:54 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 26 Oct 2011 10:00:54 -0400 Subject: [Infowarrior] - Comment: Happy Birthday, America 2.0 !! Message-ID: <818816DA-2952-4CA3-8467-3C47ABBCAE98@infowarrior.org> July 4 celebrates America 1.0 and the America That Was. Sadly, the actions taken in the aftermath of September 11 symbolises America 2.0 and the America That Is. The hallmark legal framework that began the "New Normal" for America turns 10 today.[2] Break out the party hats! But what is the New Normal? What is America 2.0, or the America That Is? For those living in a cave or exclusively within the intellectual confines of sappy reality television, among other things, this term refers to the systemic removal (or dramatic reinterpretation) of many civil liberties[1] and/or government powers over the past ten years, enacting greater secrecy over laws, jurisprudence, policies, procedures, and legal status of law-abiding citizens (ie, watchlists), perpetuating a national culture that fears the strange, different, or foreign, all of which contributes to a modern American society that desires (or tolerates) things like invasive, embarrassing (and ineffective) 'security' at airports, overly-broad monitoring of business transactions, large roving anti-terror squads in NYC and around the country under TSA's VIPR program, the mass surveillance of our citizens in an attempt to foster "pre-crime" intelligence, the creation of a generally-incompetent-but-profitable federal homeland security apparatus (military-industrial-congressional-contractor), the deployment of multiple layers of dubious intelligence and "fusion" centers that although being "needed" to fight terrorism are used more and more for non-terrorist investigative purposes, and the back-door implementation of a national identity card in the form of the REAL ID Act. That's just the highlights -- there just aren't enough hours in the day to list the specific areas of nationalised idiocy that's been displayed in the name of "protecting the homeland" by people and politicians operating from a position of fear (of one sort or other) instead of objective analysis and rationality. [3] So be sure to celebrate the day today, because nationalised idiocy knows no bounds!! Just be sure to smile for the cameras, say nice things when on the phone, don't buy, wear, or say anything suspicious, and wear clean underwear when moving through the airports. In other words, to tweak a quote the Most Interesting Man in The World: "Stay fearful, my friends." *headdesk* --- rick [1] As George Carlin once said, "they're not 'rights', they're 'privileges' that can be revoked at any time." He was right. [2] http://en.wikipedia.org/wiki/USA_PATRIOT_Act The USA PATRIOT Act (commonly known as the "Patriot Act") is an Act of the U.S. Congress that was signed into law by President George W. Bush on October 26, 2001. The title of the act is a ten letter acronym (USA PATRIOT) that stands for: Uniting (and) Strengthening America (by) Providing Appropriate Tools Required (to) Intercept (and) Obstruct Terrorism Act of 2001.[1] [3] Yes, I know what a run-on-sentence is. Deal. ;) --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Oct 26 09:02:39 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 26 Oct 2011 10:02:39 -0400 Subject: [Infowarrior] - Ten years of the Patriot Act Message-ID: (c/o MS) Ten years of the Patriot Act http://boston.com/community/blogs/on_liberty/2011/10/ten_years_of_the_patriot_act.html Print | Comments (23) Posted by Carol Rose, On Liberty October 25, 2011 04:28 PM Ten years ago, Congress passed the so-called Patriot Act with virtually no public debate about what this extraordinary grant of power to the executive branch would mean for our democracy. So what have we learned in a decade? One lesson is that the Patriot Act hasn?t been about getting the bad guys ? namely, terrorists or even criminals. The government had the power to do that without the Patriot Act. Instead, the Patriot Act gives the government the power secretly to collect and forever keep information on ordinary people who are not suspected of doing anything wrong. And that is a threat to all of us. Here are three things you should know about the Patriot Act: First, it gives the Feds virtually unchecked power to spy on ordinary Americans without a warrant. Second, the Patriot Act hasn?t made us safer. Third, the government has been lying to the American people about how the Act is actually being used. Let?s unpack each of these in turn. First, the Patriot Act and its progeny permit the government to spy on innocent people. It does this by applying the lax rules ? designed in the 1970s to allow wiretapping of Soviet spies ? to be used instead to eavesdrop on ordinary Americans. By lowering the burden of proof required to engage in domestic surveillance, the Act permits Federal agents to place bugs and conduct other forms of surveillance in your home, your office, on your computer, or phone ? all without a showing of ?probable cause? that you are involved in a crime. The FBI has interpreted this power to extend to gathering information about you from car rental companies, casinos, Internet hosts like Google, social networking sites like Facebook, and most likely cafes and businesses that offer WiFi access to their customers. Second, these new government spying powers haven?t made us safer. Repeated Inspector General reports on the Patriot Act and related government spying programs have unearthed multiple instances of government officials abusing their power. But they have yet to find evidence that these new spying powers have made it easier to catch terrorists. In fact, the overwhelming number of arrests that the government has attributed to Patriot Act powers were, in fact, drug arrests that could have been prosecuted without Patriot Act powers. Finally, the situation is worse than you think ? or than the public knows ? because the government has been lying to the American people about how it uses its Patriot Act powers. Last May 2011, as Congress prepared to reauthorize expiring provisions of the Patriot Act, two members of the Senate Intelligence Committee ? Sen. Ron Wyden and Sen. Mark Udall ? were given the Executive Branch?s classified interpretation of the Act. Alarmed by what they heard, they have urged the Executive Branch to stop misleading Congress and the American people about the actual interpretation and use of the Patriot Act. ?As members of the Senate intelligence Committee,? they wrote, ?we have been provided with the executive ranch?s classified interpretation of [the Act] and can tell you that we believe there is a significant discrepancy between what most people ? including many Members of Congress ? think the Patriot Act allows the government to do and what government officials secretly believe the Patriot Act allows them to do. ?What does this mean?? the Senator?s ask. ?It means that Congress and the public are prevented from having an informed, open debate on the Patriot Act because the official meaning of the law itself is secret?this is unacceptable.? ?In a democratic society, government agencies derive their power from the public?s trust ? what James Madison called a ?Foundation of Authority.? Secret laws undermine that trust and authority, which then erodes and ultimately damages our ability to fight terrorism and protect the American people.? Senators Wyden and Udall then proposed an amendment to require the government to tell the truth to the American people about the Patriot Act: ?United States Government officials should not secretly reinterpret public laws and statutes in a manner that is inconsistent with the public?s understanding of these laws and should not describe the execution of these laws in ways that misinforms or misleads the public.? How did Congress respond? It reauthorized the Patriot Act without public debate ? again. So remember: whatever government officials say in public about the Patriot Act may be untrue. The founders of our great country understood why unlimited government power to spy on people is intolerable. Americans were especially outraged by the general warrants the Kings? agents employed to search at will ? knowing that fishing expeditions just to see if someone has done something wrong is a power associated with totalitarian states. They wrote the Fourth Amendment to the Constitution to ensure that it would never happen again. By requiring government agents to explain their reasons for searching our personal papers and effects, the Constitution puts a judicial check on the ability of executive branch agents to trample our privacy, target political opponents, or focus on people of a particular race or religion. Our Constitution is resilient and has served us well through many threats to our national security. But today, it needs us ? its citizens and true patriots -- to demand that its protections be restored. Key provisions of the Patriot Act will again be up for reauthorization in 2012. Let?s hope that, after a decade of Patriot Act abuses and government cover-ups, the American people will rise up and demand that Congress restore the checks and balances that form the cornerstone of our democracy and ensure our liberty. This blog is not written or edited by Boston.com or the Boston Globe. The author is solely responsible for the content. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Oct 26 09:15:13 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 26 Oct 2011 10:15:13 -0400 Subject: [Infowarrior] - =?windows-1252?q?New_Street_Lights_To_Have_=93Hom?= =?windows-1252?q?eland_Security=94_Applications?= Message-ID: New Street Lights To Have ?Homeland Security? Applications High-tech system to include speakers, video surveillance, emergency alerts Paul Joseph Watson Infowars.com Wednesday, October 26, 2011 http://www.infowars.com/new-street-lights-to-have-homeland-security-applications/ New street lights that include ?Homeland Security? applications including speaker systems, motion sensors and video surveillance are now being rolled out with the aid of government funding. The Intellistreets system comprises of a wireless digital infrastructure that allows street lights to be controlled remotely by means of a ubiquitous wi-fi link and a miniature computer housed inside each street light, allowing for ?security, energy management, data harvesting and digital media,? according to the Illuminating Concepts website. According to the company?s You Tube video of the concept, the primary capabilities of the devices include ?energy conservation, homeland security, public safety, traffic control, advertising, video surveillance.? In terms of Homeland Security applications, each of the light poles contains a speaker system that can be used to broadcast emergency alerts, as well as a display that transmits ?security levels? (presumably a similar system to the DHS? much maligned color-coded terror alert designation), in addition to showing instructions by way of its LED video screen. The lights also include proximity sensors that can record both pedestrian and road traffic. The video display and speaker system will also be used to transmit Minority Report-style advertising, as well as Amber Alerts and other ?civic announcements?. With the aid of grant money from the federal government, the company is about to launch the first concept installation of the system in the city of Farmington Hills, Michigan. ? A d v e r t i s e m e n t ? Using street lights as surveillance tools has already been advanced by several European countries. In 2007, leaked documents out of the UK Home Office revealed that British authorities were working on proposals to fit lamp posts with CCTV cameras that would X-ray scan passers-by and ?undress them? in order to ?trap terror suspects?. Dutch police also announced last year that they are developing a mobile scanner that will ?see through people?s clothing and look for concealed weapons?. So-called ?talking surveillance cameras? that use a speaker system similar to the Intellistreets model are already being used in UK cities like Middlesborough to bark orders and reprimand people for dropping litter and other minor offenses. According to reports, one of the most common phrases used to shame people into obeying instructions is to broadcast the message, ?We are watching you.? The transformation of street lights into surveillance tools for Homeland Security purposes will only serve to heighten concerns that the United States is fast on the way to becoming a high-tech police state, with TSA agents being empowered to oversee that control grid, most recently with the announcement that TSA screeners would be manning highway checkpoints, a further indication that security measures we currently see in airports are rapidly spilling out onto the streets. The ability of the government to use street lights to transmit ?emergency alerts? also dovetails with the ongoing efforts to hijack radio and television broadcasts for the same purpose, via FEMA?s Emergency Alert System. ********************* Paul Joseph Watson is the editor and writer for Prison Planet.com. He is the author of Order Out Of Chaos. Watson is also a regular fill-in host for The Alex Jones Show. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Oct 26 12:40:44 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 26 Oct 2011 13:40:44 -0400 Subject: [Infowarrior] - NSA helps banks battle hackers Message-ID: <05F59001-AC7E-490D-8BEE-0ED3BC51753C@infowarrior.org> Exclusive: National Security Agency helps banks battle hackers 1:24pm EDT By Andrea Shalal-Esa and Jim Finkle http://www.reuters.com/article/2011/10/26/us-cybersecurity-banks-idUSTRE79P5E020111026 WASHINGTON (Reuters) - The National Security Agency, a secretive arm of the U.S. military, has begun providing Wall Street banks with intelligence on foreign hackers, a sign of growing U.S. fears of financial sabotage. The assistance from the agency that conducts electronic spying overseas is part of an effort by American banks and other financial firms to get help from the U.S. military and private defense contractors to fend off cyber attacks, according to interviews with U.S. officials, security experts and defense industry executives. The Federal Bureau of Investigation has also warned banks of particular threats amid concerns that hackers could potentially exploit security vulnerabilities to wreak havoc across global markets and cause economic mayhem. While government and private sector security sources are reluctant to discuss specific lines of investigations, they paint worst-case scenarios of hackers ensconcing themselves inside a bank's network to disable trading systems for stocks, bonds and currencies, trigger flash crashes, initiate large transfers of funds or turn off all ATM machines. It is unclear if hackers have ever been close to producing anything as dire, but the FBI says it has already helped banks avert several major cyber attacks by helping identify network vulnerabilities. NSA Director Keith Alexander, who runs the U.S. military's cyber operations, told Reuters the agency is currently talking to financial firms about sharing electronic information on malicious software, possibly by expanding a pilot program through which it offers similar data to the defense industry. He did not provide further details on his agency's collaboration with banks. Alexander said industry and government were making progress in protecting computer networks, but "tremendous vulnerabilities" remained. The four-star Army general noted companies that have suffered damage from hackers, such as Google Inc, Lockheed Martin Corp and Nasdaq OMX Group, had among the best security systems in the world. "If they're getting exploited, what about the rest? We have to change that paradigm," Alexander said. NSA, which has long been charged with protecting classified government networks from attack, is already working with Nasdaq to beef up its defenses after hackers infiltrated its computer systems last year and installed malicious software that allowed them to spy on the directors of publicly held companies. A Nasdaq spokesman confirmed the investigation into the attack continues, but declined to give further details. OFFICIALS WORRIED Hackers have targeted Wall Street investment banks for more than a decade, but recent attacks have been more sophisticated, coordinated and deliberate. That makes security experts suspect the hackers were backed by countries such as China, and fueled concerns that cyber terrorists might someday use malware to wipe out crucial data and cripple networks across the financial sector. China has repeatedly said it does not condone hacking, but experts say the evidence continues to mount against Beijing. In June, Google blamed China for an attempt to steal the passwords of hundreds of email account holders, the second major breach the Internet giant has blamed on the Chinese. Earlier this year, security firm McAfee said hackers working in China broke into the computer systems of five global oil and gas companies to steal bidding plans and other critical proprietary information. "We know adversaries have full unfettered access to certain networks," Shawn Henry, executive assistant director of the FBI, said without identifying the adversaries. "Once there, they have the ability to destroy data," he said in an interview. "We see that as a credible threat to all sectors, but specifically the financial services sector." The FBI has helped banks avert several potential attacks by alerting them to vulnerabilities in their computer networks, and by flagging possible hackers before they struck, he said. Security experts interviewed by Reuters declined to identify any banks that may have data compromised, citing promises of confidentiality to clients, colleagues and employers that they would not to discuss the matter publicly. Representatives of Wall Street's biggest banks including Bank of America Corp, Citigroup Inc, Goldman Sachs Group Inc and JPMorgan Chase & Co either declined to discuss security issues or were not available to comment. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Oct 26 15:08:39 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 26 Oct 2011 16:08:39 -0400 Subject: [Infowarrior] - What If We Paid Off The Debt? The Secret Government Report Message-ID: What If We Paid Off The Debt? The Secret Government Report by David Kestenbaum http://www.npr.org/blogs/money/2011/10/21/141510617/what-if-we-paid-off-the-debt-the-secret-government-report Planet Money has obtained a secret government report outlining what once looked like a potential crisis: The possibility that the U.S. government might pay off its entire debt. It sounds ridiculous today. But not so long ago, the prospect of a debt-free U.S. was seen as a real possibility with the potential to upset the global financial system. We recently obtained the report through a Freedom of Information Act Request. You can read the whole thing here. (It's a PDF.) The report is called "Life After Debt". It was written in the year 2000, when the U.S. was running a budget surplus, taking in more than it was spending every year. Economists were projecting that the entire national debt could be paid off by 2012. This was seen in many ways as good thing. But it also posed risks. If the U.S. paid off its debt there would be no more U.S. Treasury bonds in the world. "It was a huge issue ... for not just the U.S. economy, but the global economy," says Diane Lim Rogers, an economist in the Clinton administration. The U.S. borrows money by selling bonds. So the end of debt would mean the end of Treasury bonds. But the U.S. has been issuing bonds for so long, and the bonds are seen as so safe, that much of the world has come to depend on them. The U.S. Treasury bond is a pillar of the global economy. Banks buy hundreds of billions of dollars' worth, because they're a safe place to park money. Mortgage rates are tied to the interest rate on U.S. treasury bonds. The Federal Reserve ? our central bank ? buys and sells Treasury bonds all the time, in an effort to keep the economy on track. If Treasury bonds disappeared, would the world unravel? Would it adjust somehow? "I probably thought about this piece easily 16 hours a day, and it took me a long time to even start writing it," says Jason Seligman, the economist who wrote most of the report. It was a strange, science-fictiony question. "What would it look like to be in a United States without debt?" Seligman says. "What would life look like in those United States?" Yes, there were ways for the world to adjust. But certain things got really tricky. For example: What do you do with the money that comes out of people's paychecks for Social Security? Now, a lot of that money gets invested in ?- you guessed it ? Treasury bonds. If there are no Treasury bonds, what do you invest it in? Stocks? Which stocks? Who picks? In the end, Seligman concluded it was a good idea to pay down the debt ? but not to pay it off entirely. "There's such a thing as too much debt," he says. "But also such a thing, perhaps, as too little." The copy of Life After Debt we obtained reads "PRELIMINARY AND CLOSE HOLD OFFICIAL USE ONLY." The report was intended to be included in the official "Economic Report of the President" ? the final one of the Clinton administration. But in the end, people above Jason Seligman decided it was too speculative, too politically sensitive. So it was never published. The danger that we would pay off our debt by 2012 has clearly passed. There are plenty of Treasury bonds around these days. U.S. debt held by the public is now over $10 trillion. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Oct 26 20:33:00 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 26 Oct 2011 21:33:00 -0400 Subject: [Infowarrior] - PROTECT IP Renamed E-PARASITES Act; Would Create The Great Firewall Of America Message-ID: <80425297-7540-4179-BF86-9ECAF6F90645@infowarrior.org> PROTECT IP Renamed E-PARASITES Act; Would Create The Great Firewall Of America from the censorship-galore dept As was unfortunately expected, the House version of PROTECT IP has been released (embedded below) and it's ridiculously bad. Despite promises from Rep. Goodlatte, there has been no serious effort to fix the problems of the Senate bill, and it's clear that absolutely no attention was paid to the significant concerns of the tech industry, legal professionals, investors and entrepreneurs. There are no two ways around this simple fact: this is an attempt to build the Great Firewall of America. The bill would require service providers to block access to certain websites, very much contrary to US official positions on censorship and internet freedom, and almost certainly in violation of the First Amendment. Oh, and because PROTECT IP wasn't enough of a misleading and idiotic name, the House has upped the ante. The new bill is called: "the Enforcing and Protecting American Rights Against Sites Intent on Theft and Exploitation Act" or the E-PARASITE Act (though, they also say you can call it the "Stopping Online Piracy Act"). The bill is big, and has a bunch of problems. First off, it massively expands the sites that will be covered by the law. The Senate version at least tried to limit the targets of the law (but not the impact of the law) on sites that were "dedicated to infringing activities" with no other significant purposes (already ridiculously broad), the new one just targets "foreign infringing sites" and "has only limited purpose or use other than" infringement. They're also including an "inducement" claim not found elsewhere in US regulations -- and which greatly expands what is meant by inducement. The bill effectively takes what the entertainment industry wanted the Supreme Court to say in Grokster (which it did not say) and puts it into US law. In other words, any foreign site declared by the Attorney General to be "inducing" infringement, with a very broad definition of inducing, can now be censored by the US. With no adversarial hearing. Hello, Great Firewall of America. < - big snip - > http://www.techdirt.com/articles/20111026/12130616523/protect-ip-renamed-e-parasites-act-would-create-great-firewall-america.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Oct 26 21:12:32 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 26 Oct 2011 22:12:32 -0400 Subject: [Infowarrior] - With Antitrust Decree Gone, Microsoft Again Tying Browser Tightly To Windows Message-ID: <7F106C14-1D13-4E97-BE05-B7D9BDF38681@infowarrior.org> Analysis: With Antitrust Decree Gone, Microsoft Again Tying Browser Tightly To Windows By Edward F. Moltzen, CRN 12:45 PM EST Wed. Oct. 26, 2011 http://www.crn.com/231901699/printablearticle.htm For more than a decade, Microsoft lived under constraints of a consent decree with the U.S. government that, essentially, led the company to allow for ?unbundling? of its Web browsing software from its flagship Windows operating system. The final remnants of that decree lapsed earlier this year, and now Microsoft is wasting little time in returning to its past strategy: A pre-release version of Windows 8 shows an OS that is deeply intertwined with Internet Explorer 10, with it impossible to uninstall the browser from the OS at this point in Microsoft?s development process. Microsoft?s unveiling of the Windows 8 Developer Preview, which includes its next generation browser, Internet Explorer 10, initially had most observers focusing on changes made to the traditional Windows user interface and support for a new ?Metro? style of applications that would provide much the same user experience on PCs or mobile tablets. In prior versions of Internet Explorer, including versions 8 and 9, Microsoft provided instructions for uninstalling the browser from the Windows PC operating system. Instead, Microsoft has provided a method for ?turning on? or ?turning off? some Windows 8 features, including the browser. This is almost identical to the process in Microsoft?s Windows Server 2008 for turning on and off several features and functions, including its Hyper-V virtualization software. But turning off IE 10 doesn?t appear to remove it completely from Windows 8. For example, before we turned off IE 10, we changed the default privacy setting from allowing some cookies to completely blocking all cookies. We then turned the browser off, rebooted, and IE 10 appeared to have completely disappeared from the PC. But when we went back into the settings, turned IE 10 back on, and rebooted again, the browser was back -- but with our customized settings, not the default. That would appear to indicate that Microsoft doesn?t really remove the browser entirely, but rather just hides it ? with customized settings and all. The ability to turn Internet Explorer ?on or off? on a Windows PC is not new. Microsoft introduced this capability when it rolled out Windows 7 in conjunction with IE 8. However, Microsoft also provided instructions for uninstalling Internet Explorer 8 and Internet Explorer 9 from Windows PCs. With Windows 8 and Internet Explorer 10, it apparently does not as of now. Asked whether it is possible to uninstall IE 10 from Windows 8, a Microsoft spokeswoman referred to previously published information from the company on IE 10 and Windows 8, in addition to the company?s official blog for IE. None appear to provide information on how to completely uninstall IE 10. ?We have nothing more to share about IE10 at this time beyond what in the guides and the IE Blog,? the spokeswoman said via e-mail. To say market conditions have changed since 2001, when Microsoft entered into the consent decree, and now, would be the king of understatements. Then, Microsoft was accused of bundling its browser directly with the OS in a manner that was anticompetitive and damaging to its then-rival, Netscape -- a publicly traded company that produced the Navigator browser. Today, Netscape no longer exists as a stand-alone company and its co-founder, Marc Andreessen, is a board member of Hewlett-Packard, a strategic Microsoft partner. Google, a top Microsoft competitor today, has gone from a search engine company at that time to one that not only makes a browser, but makes a browser that?s also an operating system (the Chrome OS.) And both Google and another rival, Apple, have essentially passed Microsoft like it was stalled in the explosive market for smart phones, tablets and app ecosystems. Windows 8 and IE 10 are critical to Microsoft?s effort to battle back against Apple, Google and others. The Metro interface, which relies on IE 10, is aimed at permitting a new generation of application software development for the Windows platform -- one that leverages both the touch-screen capability of Windows 8 and an interface that is friendly not just for the PC but for the tablet platform as well. It?s worth noting that when you ?turn off? IE 10 in the Windows 8 Developer Preview, you also turn off the Metro interface. No IE 10, no Metro apps -- at least not at this stage of the development process. The official launch of both Windows 8 and IE 10 could be as much as a year away -- an eternity in technology. But after more than 10 eternities under the U.S. antitrust consent decree, Microsoft?s strategy appears to be back to where it was. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Oct 27 08:49:52 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 27 Oct 2011 09:49:52 -0400 Subject: [Infowarrior] - NYPD Monitors Everyone in City Who Changes Their Name Message-ID: NYPD Monitors Everyone in City Who Changes Their Name October 27, 2011 in Featured http://publicintelligence.net/nypd-monitors-everyone-in-city-who-changes-their-name/ NYPD keeps files on Muslims who change their names (AP): For generations, immigrants have shed their ancestral identities and taken new, Americanized names as they found their place in the melting pot. For Muslims in New York, that rite of assimilation is now seen by police as a possible red flag in the hunt for terrorists. The New York Police Department monitors everyone in the city who changes his or her name, according to interviews and internal police documents obtained by The Associated Press. For those whose names sound Arabic or might be from Muslim countries, police run comprehensive background checks that include reviewing travel records, criminal histories, business licenses and immigration documents. All this is recorded in police databases for supervisors, who review the names and select a handful of people for police to visit. The program was conceived as a tripwire for police in the difficult hunt for homegrown terrorists, where there are no widely agreed upon warning signs. Like other NYPD intelligence programs created in the past decade, this one involved monitoring behavior protected by the First Amendment. Since August, an Associated Press investigation has revealed a vast NYPD intelligence-collecting effort targeting Muslims following the terror attacks of September 2001. Police have conducted surveillance of entire Muslim neighborhoods, chronicling daily life including where people eat, pray and get their hair cut. Police infiltrated dozens of mosques and Muslim student groups and investigated hundreds more. Monitoring name changes illustrates how the threat of terrorism now casts suspicion over what historically has been part of America?s story. For centuries, foreigners have changed their names in New York, often to lose any stigma attached with their surname. ? Sometime around 2008, state court officials began sending the NYPD information about new name changes, said Ron Younkins, the court?s chief of operations. The court regularly sends updates to police, he said. The information is all public, and he said the court was not aware of how police used it. The NYPD program began as a purely analytical exercise, according to documents and interviews. Police reviewed the names received from the court and selected some for background checks that included city, state and federal criminal databases as well as federal immigration and Treasury Department databases that identified foreign travel. Early on, police added people with American names to the list so that if details of the program ever leaked out, the department would not be accused of profiling, according to one person briefed on the program. On one police document from that period, two of every three people who were investigated had changed their names to or from something that could be read as Arabic-sounding. All the names that were investigated, even those whose background checks came up empty, were cataloged so police could refer to them in the future. The legal justification for the program is unclear from the documents obtained by the AP. Because of its history of spying on anti-war protesters and political activists, the NYPD has long been required to follow a federal court order when gathering intelligence. That order allows the department to conduct background checks only when police have information about possible criminal activity, and only as part of ?prompt and extremely limited? checking of leads. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Oct 27 13:24:16 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 27 Oct 2011 14:24:16 -0400 Subject: [Infowarrior] - TSA misses loaded gun in bag at LAX Message-ID: Oct 24, 2011 TSA misses loaded gun in bag at LAX By Melanie Eversley, USA TODAY Updated 2d 19h ago http://content.usatoday.com/communities/ondeadline/post/2011/10/tsa-misses-loaded-gun-in-bag-at-lax/1?csp=34news Despite all the extra airport security measures installed since the 2001 terror attacks, federal security officials at Los Angeles International Airport, or LAX, missed a loaded gun inside a checked bag on Sunday, the Los Angeles Times and other news organizations are reporting. The .38-caliber handgun fell out of a duffel bag as a luggage ramp crew was loading it onto an Alaska Airlines flight to Portland, Ore., the Times reports. The gun was turned over to police and police temporarily detained the gun owner, who took a later flight to Portland. Guns are allowed to be in locked containers in checked bags but not loaded, according to the Times. The Transportation Security Administration screens for firearms in carry-on bags, but it is not its responsibility to do so with checked luggage, TSA spokeswoman Lorie Dankers tells the news organization. But the head of a union representing police officers assigned to LAX says the federal agency should do more. "Local law enforcement needs to know that TSA is doing their part," union representative Marshall McClain tells the Times. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Oct 27 14:41:40 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 27 Oct 2011 15:41:40 -0400 Subject: [Infowarrior] - National test of the Emergency Alert System Message-ID: (Interesting discussion going on elsewhere - why is this being done during the middle of the day instead late at night? And yes, I've seen conspiracy theories already mentioned from some fringe mouthpieces about this, too. -- rick) A national test of the Emergency Alert System Alvin Williams October 27, 2011 http://www.examiner.com/tv-in-mobile/a-national-test-of-the-emergency-alert-system The first national test of the Emergency Alert System is scheduled for Wednesday, November 9th and all participants of the system are required to participate. The participants include TV stations, radio stations, cable TV systems, satellite TV systems, and wireline (telephone line) video systems. Participants classified as non-participating national sources are required by the rules of the Federal Communications Commission (the FCC) to participate in the national test, too, even though they may choose not to relay national alerts at other times. The test is scheduled to begin at 1:00 PM (Central) on November 9th and last about three minutes, which would be longer than a regular monthly test of the Emergency Alert System. The maximum limit for all other alerts, including alerts issued during tests, of the Emergency Alert System is two minutes. According to the handbook for the national test, the reason the test is scheduled to be longer than usual is to ensure no equipment locks up after two minutes. No regular weekly tests of the Emergency Alert System will be necessary during the week of Monday, November 7th and no regular monthly tests will be necessary during the month of November either. According to the weblog for the Federal Emergency Management Agency (FEMA), managers of the test may choose to delay their participating in the national test if the National Oceanic and Atmospheric Administration (NOAA) activates the Emergency Alert System to alert their local areas or states of severe weather. According to the current rules and regulations for the Emergency Alert System in the Electronic Code of Federul Regulations, the maximum delay time for a required monthly test of the Emergency Alert System is 60 minutes (filed under Title 47, Part 11, Section 11.51, Paragraph N). An electronic version of the handbook for the national test was uploaded unto the World Wide Web sites for the Alabama Broadcasters Association and the FCC. The site for the FCC includes audible and visual public service announcements about the national test, questions and answers about the test, and a link to the National Emergency Alert System Test Reporting System for participants to use to provide information about their facilities, Emergency Alert System equipment, and whether they had succeeded or failed in receiving and sending the national test alert to the public through their respective mediums. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Oct 27 15:47:07 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 27 Oct 2011 16:47:07 -0400 Subject: [Infowarrior] - E-PARASITES' Sponsor, Lamar Smith, Was Against Massive Regulatory Compliance The Day Before He's For It Message-ID: <6D3F496D-B335-4811-A025-662F64B75077@infowarrior.org> E-PARASITES' Sponsor, Lamar Smith, Was Against Massive Regulatory Compliance The Day Before He's For It from the do-they-even-know-what-they're-doing? dept Sometimes you just shake your head and wonder. As you now know, Rep. Lamar Smith just introduced the E-PARASITES Act, which puts incredibly massive regulatory compliance costs on large portions of the internet. Perhaps you think that Congress burdening companies -- especially tech companies, which, recent studies have shown, are responsible for much of the job growth in this country -- is par for the course. But, isn't it interesting to see that just the day before E-PARASITES came out, the House Judiciary Committee cleared a bill to try to limit the costs of regulatory compliance. The main supporter of the bill? You guessed it -- none other than the head of the House Judiciary Committee... Rep. Lamar Smith: < - > So, basically, on Tuesday, Rep. Lamar Smith is against damaging regulations that increase compliance costs on the American economy and small businesses. Then, on Wednesday, he introduces a bill that will establish massive regulatory compliance costs on tons of American small businesses. Kinda makes you wonder if he even understands the legislation he's introducing. http://www.techdirt.com/articles/20111027/00222316532/e-parasites-sponsor-lamar-smith-was-against-massive-regulatory-compliance-day-before-hes-it.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Oct 28 06:51:28 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 28 Oct 2011 07:51:28 -0400 Subject: [Infowarrior] - HB Gary at it again Message-ID: (c/o AJR) Corporate Hacking Firm That Targeted ThinkProgress Now Markets Services Against ?Politically Motivated? Attacks By Lee Fang and Scott Keyes on Oct 27, 2011 at 1:00 pm Earlier this year, ThinkProgress exposed a plot concocted by a set of military contractors, working on behalf of the law firm for the corporate lobbying group called the U.S. Chamber of Commerce, to hack and sabotage progressive organizations, including, to our surprise, ThinkProgress. The ploy was made public by hacktivists known as Anonymous, who stole a batch of e-mails from one of the military contractors involved, HB Gary Federal, and dumped them online for all to see (the dump revealed a separate conspiracy, on behalf of Bank of America, to destroy WikiLeaks and journalists like Glenn Greenwald). One of the corporate hackers involved in the scheme, Aaron Barr, has moved on to another firm. But during a visit to Las Vegas for a political conference last week, ThinkProgress came across HB Gary?s booth at a McAfee cyber security summit occurring in the same hotel ? and found that HB Gary is shamelessly marketing its ability to protect against the very same illicit tactics they plotted to use against us and other liberal organizations. ThinkProgress picked up a pamphlet HB Gary distributed at the McAfee conference for potential clients that warns ominously that a new wave of ?politically motivated? hackers are using targeted data-stealing techniques and deceitful social networking exploits. HB Gary seems to be playing both sides of the equation. HB Gary essentially describes the same hacking strategy the firm planned to use against U.S. Chamber of Commerce critics like U.S. Chamber Watch, the SEIU, and ThinkProgress ? then advertises itself as the only company capable of combating such attacks: < - > http://thinkprogress.org/politics/2011/10/27/348678/corporate-hacking-firm-that-targeted-thinkprogress-now-markets-services-against-politically-motivated-attacks/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Oct 28 07:33:43 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 28 Oct 2011 08:33:43 -0400 Subject: [Infowarrior] - TSA Possible Suicide Bomber Indicators Poster Message-ID: <92C61DD7-236A-4F72-B70D-68D7E0CDEA88@infowarrior.org> An FOUO TSA poster on possible suicide bombers -- Sorry, but many of these 'indicators' apply to anyone moving thru an airport post-9/11. But then again, we're all considered possible terrorists in the New Normal, right? - rick Source: http://publicintelligence.net/ufouo-tsa-possible-suicide-bomber-indicators-poster/ The following indicators may identify possible suicide bombers. NOTE: An individual displaying a single indicator may represent legitimate activity; an individual displaying multiple indicators would be considered suspicious. ? Clothing is out of sync with weather, location, or suspect?s appearance (e.g. long coat in hot weather; loose clothing to hide bulges) ? Displays excessive sweating, mumbling, fidgeting, or conversely, being unusually calm and detached ? Eyes are focused/Appears to be in a trance ? Hands are kept in pockets ? Pats upper body as if checking something ? Has pale face from recent shaving ? Walks deliberately, does not run ? Exhibits an unnatural gait and posture ? Unresponsive to commands, salutations ? Emits strange chemical odors ? Hands and arms may have chemical burns/bleaching from handling or mixing chemicals to make explosives --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Oct 28 08:42:04 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 28 Oct 2011 09:42:04 -0400 Subject: [Infowarrior] - OT: Official Star Wars Halloween MP3 Message-ID: <198BF4A2-F911-4B5D-87EC-24B9BA0096C2@infowarrior.org> Apart from the corny General Grievous, the SFX in this official MP3 would be pretty fun to have looped in your garage or under your front doorstep. :) -- rick Vampires, werewolves and zombies are fine and all, but if you really want to spook house guests and little gremlins that ring your doorbell for candy, add a few rancor and wampa growls into the mix! http://starwarsblog.starwars.com/index.php/2011/10/25/spooky-star-wars-sounds/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Oct 28 17:46:30 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 28 Oct 2011 18:46:30 -0400 Subject: [Infowarrior] - =?windows-1252?q?TSA=92s_power_grope?= Message-ID: EDITORIAL: TSA?s power grope Rogue agency reaches out and touches people outside airports 15 Comments and 30 Reactions|ShareTweet|Email|Print| The Washington Times Wednesday, October 26, 2011 http://www.washingtontimes.com/news/2011/oct/26/tsas-power-grope/print/ The Transportation Security Administration (TSA) has always intended to expand beyond the confines of airport terminals. Its agents have been conducting more and more surprise groping sessions for women, children and the elderly in locations that have nothing to do with aviation. It's all part of TSA's Visible Intermodal Prevention and Response (VIPR) program, which drew additional scrutiny following an Oct. 18 blitz in Tennessee. As part of a "statewide safety operation," TSA employees fondled travelers at bus terminals in Nashville and Knoxville, hunting for "security threats." Truckers were harassed at four Volunteer State highway locations between the hours of 10 a.m. and 2 p.m. - prime time for terrorism, apparently. Brian Gamble, a Florida firefighter, caught one of these intrusive VIPR operations on video after he got off a train in Savannah, Ga., earlier this year. "They had the scanners and everything there," Mr. Gamble told The Washington Times. "They had them pull up their shirts, patted them down, wanded them. There were a couple ladies in our group getting searched. ... It's kinda ridiculous when you're coming off a train - it doesn't make any sense." Expect a lot more touching in the months ahead. "TSA conducted more than 8,000 VIPR operations in the past 12 months, including more than 3,700 operations in mass-transit and passenger-railroad venues," boasted TSA Administrator John S. Pistole in June testimony before the Senate. His 2012 budget calls for expanding VIPR by 50 percent. That means more searches, but it doesn't mean more safety. As the Government Accountability Office (GAO) noted, "TSA had measured the progress of its VIPR program in terms of the number of VIPR operations conducted, but had not yet developed measures or targets to report on the effectiveness of the operations themselves." That's a nice way to say that TSA is acting for action's sake. By nature, the government bureaucratic leviathan constantly seeks to expand itself, regardless of need. It is the duty of elected leaders to keep this impulse in check. Sadly, however, aside from a handful of members, a timid Congress lets TSA go wild out of fear of being blamed should a Madrid-style attack happen on our shores. The faith that this blue-gloved federal force would be able to detect and prevent a catastrophe from happening is misplaced. TSA has yet to catch a single terrorist. We don't need obscene screening methods at airports, and we certainly don't need them on our highways or bus stops. TSA needs to be wrestled under control. ? Copyright 2011 The Washington Times, LLC. Click here for reprint permission. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Oct 28 17:47:53 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 28 Oct 2011 18:47:53 -0400 Subject: [Infowarrior] - The Non-Existent 'Cyber War' Is Nothing More Than A Push For More Government Control Message-ID: <0793FEE9-FD92-47DD-AF06-85FD5649F393@infowarrior.org> The Non-Existent 'Cyber War' Is Nothing More Than A Push For More Government Control from the using-your-tax-dollars-against-you dept Reason's recent post, "Cyber War: Still Not a Thing," addresses the claims of various politicians that America is under constant attack from hackers and other cyber criminals. While various DDoS attacks on prominent government websites would seem to indicate a larger problem, the real issue here is the use of "war" rhetoric to remove all sense of proportion, thus greasing the wheel for overreaching legislation. Ever since Vietnam, the U.S. government has shown an odd propensity for dragging us into unpopular (and unwinnable) wars. Between the protracted Iraq "War" (nearly a decade at this point), our involvement in Afghanistan and our intervention in Libya , Americans are finding that the old concept of "war" doesn't really fit what's going on here. Back on the home front, various unwinnable wars continue to suck down tax dollars and erode civil rights. The War on Drugs. The War on Terror. The political system is no longer interested in mere skirmishes or "police actions." Everything is a capital-W "War." A multitude of problems arise from couching these situations in catastrophic and adversarial terms. Declaring "war" on drugs has brought the battle to the home front and turned our law enforcement into an ad hoc military force. The slightest of violations is met with excessive force. There are dozens of stories of people whose houses have been invaded by SWAT teams armed with automatic weapons. Uninvolved children have been thrust into violent situations by the perceived wrongdoing of their parents. When a person possessing a couple of ounces of marijuana is treated like a Colombian drug lord, the system is being abused. Using the word "war" automatically defines your opponent as violent, no matter how untrue that designation is. Declaring the nation to be in the midst of a "cyberwar" allows law enforcement and government security agencies to escalate their response to perceived threats. Every reaction becomes an overreaction. No matter what your opinion of Anonymous and like-minded hackers might be, it's pretty safe to say that most of us do not consider them to be a violent threat. All previous indications point to this being handled just as badly as any previous "war." The point will come when people are overrun in their own homes by armed tactical units in response to actions like DDoS attacks which, as Reason points out, are usually "undirected protests" with "no tactical objective." Truly innocent citizens will be swept up in this as well, considering the number of computers out there that have been "zombified" and pressed into service as part of a botnet. Immigration and Customs Enforcement (ICE) has already demonstrated that it needs nothing more than an IP address to mobilize. In times of war, corners are cut and rights are treated as privileges. When the enemy is invisible and the list of possible suspects grows exponentially with each broadening of the definition of "hacking," the "war" becomes a convenient excuse for law enforcement fishing expeditions and violent tactical reactions. California has already decided police can search your phone without a warrant and the list of municipalities willing to expand police power with warrantless searches and abuse of "probable cause" continues to grow. The ugliest part of this whole "war" concept is that underneath all the tough talk and tougher action is a good old fashioned money grab. Reason cites Sen. Barbara Mikulski's quote, "We are at war, we are being attacked, and we are being hacked," while pointing out that Maryland is home to the U.S. Cyber Command Headquarters. A Baltimore Sun piece digs deeper into this money grab: < - big snip - > http://www.techdirt.com/articles/20111023/02413916479/non-existent-cyber-war-is-nothing-more-than-push-more-government-control.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Oct 28 17:52:08 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 28 Oct 2011 18:52:08 -0400 Subject: [Infowarrior] - SOPA: Hollywood Finally Gets A Chance to Break the Internet Message-ID: <737F23F1-321A-4B02-AA4E-B649CCEF5C16@infowarrior.org> https://www.eff.org/deeplinks/2011/10/sopa-hollywood-finally-gets-chance-break-internet October 28, 2011 - 1:33pm | By Corynne McSherry SOPA: Hollywood Finally Gets A Chance to Break the Internet As promised, here?s the first installment of our closer review of the massive piece of job-killing Internet regulation that is the Stop Online Piracy Act. We?ll start with how it could impact Twitter, Tumblr, and the next innovative social network, cloud computing, or web hosting service that some smart kid is designing in her garage right now. Let?s make one thing clear from the get-go: despite all the talk about this bill being directed only toward ?rogue? foreign sites, there is no question that it targets US companies as well. The bill sets up a system to punish sites allegedly ?dedicated to the theft of US property.? How do you get that label? Doesn?t take much: Some portion of your site (even a single page) must ? be directed toward the US, and either ? allegedly ?engage in, enable or facilitate? infringement or ? allegedly be taking or have taken steps to ?avoid confirming a high probability? of infringement. If an IP rightsholder (vaguely defined ? could be Justin Bieber worried about his publicity rights) thinks you meet the criteria and that it is in some way harmed, it can send a notice claiming as much to the payment processors (Visa, Mastercard, Paypal etc.) and ad services you rely on. Once they get it, they have 5 days to choke off your financial support. Of course, the payment processors and ad networks won?t be able to fine-tune their response so that only the allegedly infringing portion of your site is affected, which means your whole site will be under assault. And, it makes no difference that no judge has found you guilty of anything or that the DMCA safe harbors would shelter your conduct if the matter ever went to court. Indeed, services that have been specifically found legal, like Rapidshare, could be economically strangled via SOPA. You can file a counter-notice, but you?ve only got 5 days to do it (good luck getting solid legal advice in time) and the payment processors and ad networks have no obligation to respect it in any event. That?s because there are vigilante provisions that grant them immunity for choking off a site if they have a ?reasonable belief? that some portion of the site enables infringement. At a minimum, this means that any service that hosts user generated content is going to be under enormous pressure to actively monitor and filter that content. That?s a huge burden, and worse for services that are just getting started ? the YouTubes of tomorrow that are generating jobs today. And no matter what they do, we?re going to see a flurry of notices anyway ? as we?ve learned from the DMCA takedown process, content owners are more than happy to send bogus complaints. What happened to Wikileaks via voluntary censorship will now be systematized and streamlined ? as long as someone, somewhere, thinks they?ve got an IP right that?s being harmed. In essence, Hollywood is tired of those pesky laws that help protect innovation, economic growth, and creativity rather than outmoded business models. So they are trying to rewrite the rules, regulate the Internet, and damn the consequences for the rest of us. Watch this space for more analysis, but don?t wait to act. This bill cannot be fixed; it must be killed. The bill?s sponsors (and their corporate backers) want to push this thing through quickly, before ordinary citizens get wind of the harm it is going to cause. If you don?t want to let big media control the future of innovation and online expression, act now, and urge everyone you know to do the same. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Oct 29 10:08:35 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 29 Oct 2011 11:08:35 -0400 Subject: [Infowarrior] - =?windows-1252?q?Wall_Street_Isn=27t_Winning_=96_?= =?windows-1252?q?It=27s_Cheating?= Message-ID: <124B4DA5-3364-4A2F-811D-AD5AFD3CA401@infowarrior.org> Wall Street Isn't Winning ? It's Cheating by: Matt Taibbi http://www.rollingstone.com/politics/blogs/taibblog/owss-beef-wall-street-isnt-winning-its-cheating-20111025?print=true --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Oct 30 09:56:42 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 30 Oct 2011 10:56:42 -0400 Subject: [Infowarrior] - China orders crackdown on 'vulgar' TV shows Message-ID: <931E7402-2392-4CFE-9840-69864E82E988@infowarrior.org> Reality bites: China orders crackdown on 'vulgar' TV shows State broadcasting watchdog orders curb on dating shows and talent contests in favour of 'morality building' output ? Tania Branigan in Beijing ? guardian.co.uk, Tuesday 25 October 2011 12.59 EDT http://www.guardian.co.uk/world/2011/oct/25/china-crackdown-on-vulgar-tv Sick of tacky reality shows with egotistic wannabes? Tired of formulaic talent contests for shameless show-offs? If you feel the prime time schedules are packed with lowest common denominator viewing, you are not alone. Chinese officials share your pain and have ordered a curb on popular entertainment shows. Out go sexy dating shows and lurid programmes on crime. In come art appreciation, astronomy and weekly "morality building shows". The new edict from the state broadcasting watchdog is expected to come into force on 1 January. Provincial channels will be allowed to show no more than two entertainment shows in the "golden time" between 7.30pm and 10pm, according to a report on the Chinese NetEase website. Particular types of programmes, such as dating shows, will be strictly limited; no more than 10 talent contests will be permitted nationwide per year, and each must be of a different kind. "The State Administration of Radio Film and Television also encourages [broadcasters] to produce harmonious, healthy and mainstream programmes, such as culture and art appreciation, history, geography and astronomy, and [those addressing] public welfare," the report added. Each channel will be obliged to broadcast a "morality building" programme each week. The number of Taiwanese performers will also be limited because of Taiwanese controls on mainland performers, the report said. No one at SARFT was available for comment, but an industry source confirmed the order and said the import of foreign formats was also likely to be limited. Chinese versions of Strictly Come Dancing, Top Gear and America's Got Talent have all proved popular in recent years. TV bosses have already axed the hugely popular Super Girl singing contest, promising to replace it with programmes focused on housework and public safety. Some believe that officials are seeking to protect state broadcaster CCTV as it loses viewers to slicker, livelier provincial upstarts such as Hunan and Jiangsu Television. According to the NetEase report, the rules do not apply to CCTV1, although that may be because its output is already more staid than that of its rivals. Mark Natkin, managing director of Beijing-based Marbridge Consulting, said he had heard of similar edicts being sent to film companies."People were told by SARFT that they needed to do less entertainment content and improve the balance, with more wholesome content or content conveying messages endorsed by government organs," said Natkin, who focuses on media and telecoms. "The way we heard it framed was that people feel increasingly that Chinese society has no moral compass. Contributing to the problem is the fact that the news and wholesome programming are getting drowned out by excessive entertainment programming with a commercial focus. "[Official concerns] are that left entirely to the market, there are no limits to the levels that programme producers will sink to as they try to attract new audiences and good ratings." Dating show You Are The One became last year's runaway hit, spawning a legion of copycats ? and concerns that it was encouraging the increasing materialism of China's young people. When one contestant told a potential match that "I would rather cry in the back of a BMW than laugh on your bicycle," the remark became notorious. Officials stepped in and the programme reduced its focus on the contestants' occupations and assets, instead drawing attention to their devotion to family duty. Authorities have also encouraged talent shows to include migrant workers as well as middle-class wannabes, in a bid to promote inclusiveness. But attempts to raise the moral standards of broadcasting in the past have often resulted in a decline in viewers. Bill Bishop, an independent internet analyst based in Beijing, said video-sharing sites hosting foreign reality shows may receive a boost in traffic, and suggested that authorities might seek to curb this. "If they are neutering traditional television, you have to wonder why they are not going to do something about online [access] ? at the moment there's all the stuff that doesn't get broadcast," he said. Officials vowed to curb "vulgar" and "low-brow" reality programming four years ago, seeing off series such as Angels Love Beauty, where women competed to win plastic surgery. Reducing viewers' appetite for such shows may be difficult, however. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Oct 31 17:24:28 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 31 Oct 2011 18:24:28 -0400 Subject: [Infowarrior] - MF Global (was) Leveraged 80 to 1 Message-ID: <414ED4E8-D3D9-48E5-83FE-0FCF888F071F@infowarrior.org> (By contrast, IIRC Lehman Bros was 30:1 or maybe 40:1 before it went under in '08 -- rick) Corzine Had MF Global Leveraged 80 to 1 10/31/2011 @ 5:27PM It isn?t 2008- but Jon Corzine, former Goldman Sachs boss-man, former US Senator and Governor of New Jersey, was running risks like it still was 2008. That?s the gist of MF Global?s failure. It owned $41 billion in assets, against which it apparently had $39 billion in debt? and as protection against that mountain equity capital that did a fast shrinking act from a pretty puny $500 million plus $325 million of supposedly investment grade debt. We will have to find out the smarmy truth about why the bond offering hinted at Corzine?s possible departure at the very moment he was promising to make his dream of another Goldman come true. < - > http://www.forbes.com/sites/robertlenzner/2011/10/31/corzine-had-mf-global-leveraged-80-to-1/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Oct 31 21:13:06 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 31 Oct 2011 22:13:06 -0400 Subject: [Infowarrior] - Regulators Investigating MF Global for Missing Money Message-ID: <7A3F729E-6127-4BA9-A0C7-AF0BAA6818BB@infowarrior.org> October 31, 2011, 6:57 pm Legal/Regulatory Regulators Investigating MF Global for Missing Money By BEN PROTESS, MICHAEL J. DE LA MERCED and SUSANNE CRAIG 9:55 p.m. | Updated http://dealbook.nytimes.com/2011/10/31/regulators-investigating-mf-global/?hp Federal regulators have discovered that hundreds of millions of dollars in customer money has gone missing from MF Global in recent days, prompting an investigation into the brokerage firm, which is run by Jon S. Corzine, the former New Jersey governor, several people briefed on the matter said on Monday. The recognition that money was missing scuttled at the 11th hour an agreement to sell a major part of MF Global to a rival brokerage firm. MF Global had staked its survival on completing the deal. Instead, the New York-based firm filed for bankruptcy on Monday. Regulators are examining whether MF Global diverted some customer funds to support its own trades as the firm teetered on the brink of collapse. The discovery that money could not be located might simply reflect sloppy internal controls at MF Global. It is still unclear where the money went. At first, as much as $950 million was believed to be missing, but as the firm sorted through its bankruptcy, that figure fell to less than $700 million by late Monday, the people briefed on the matter said. Additional funds are expected to trickle in over the coming days. But the investigation, which is in its earliest stages, may uncover something more intentional and troubling. In any case, the unaccounted-for cash could violate a fundamental tenet of Wall Street regulation: Customers? funds must be kept separate from company money. One of the basic duties of any brokerage firm is to keep track of customer accounts on a daily basis. Neither MF Global nor Mr. Corzine has been accused of any wrongdoing. Lawyers for MF Global did not respond to requests for comment. Now, the inquiry threatens to tarnish further the reputation of Mr. Corzine, the former Goldman Sachs executive who had sought to revive his Wall Street career last year just a few months after being defeated for re-election as New Jersey?s governor. When he arrived at MF Global ? after more than a decade in politics, including serving as a Democratic United States senator from New Jersey ? Mr. Corzine sought to bolster profits by increasing the number of bets the firm made using its own capital. It was a strategy born of his own experience at Goldman, where he rose through the ranks by building out the investment bank?s formidable United States government bond trading arm. One of his hallmark traits, according to the 1999 book ?Goldman Sachs: The Culture of Success,? by Lisa Endlich, was his willingness to tolerate losses if the theory behind the trades was well thought out. He made a similar wager at MF Global in buying up big holdings of debt from Spain, Italy, Portugal, Belgium and Ireland at a discount. Once Europe had solved its fiscal problems, those bonds would be very profitable. But when that bet came to light in a regulatory filing, it set off alarms on Wall Street. While the bonds themselves have lost little value and mature in less than a year, MF Global was seen as having taken on an enormous amount of risk with little room for error given its size. The collapse of MF Global underscores the extent of investor anxiety over Europe?s debt crisis. Other financial institutions have been buffeted in recent months because of their holdings of debt issued by weak European countries. The concerns about MF Global?s exposure to Europe prompted two ratings agencies to cut their ratings on the firm to junk last week. The firm played down the effect of the ratings, saying, ?We believe that it bears no implications for our clients or the strategic direction of MF Global.? Even by Sunday evening, MF Global thought it had averted its demise after a disastrous week. Over five days, the firm lost more than 67 percent of its market value and was downgraded to junk status, which prompted investor desertions and raised borrowing costs. Mr. Corzine and his advisers frantically called nearly every major Wall Street player, hoping to sell at least some of the firm in a bid for survival. On Friday, the asset manager BlackRock was hired to help MF Global wind down its balance sheet, which included efforts to sell its holdings of European debt. BlackRock was able to value the portfolio, but did not have time to find a buyer for it given the other obstacles MF Global faced, according to people close to the talks. By Saturday, Jefferies & Company became the lead bidder to buy large portions of MF Global, before backing out late in the day. On Sunday, a rival firm, Interactive Brokers, emerged as the new favorite. But the Connecticut-based firm coveted only MF Global?s futures and securities customers. While MF Global was resigned to putting its parent company into bankruptcy, Interactive Brokers was also willing to help prop up other MF Global units, including a British affiliate. By late Sunday evening, an embattled MF Global had all but signed a deal with Interactive Brokers. The acquisition would have mirrored what Lehman Brothers did in 2008, when its parent filed for bankruptcy but Barclays of Britain bought some of its assets. But in the middle of the night, as Interactive Brokers investigated MF Global?s customer accounts, the potential buyer discovered a serious obstacle: Some of the customer money was missing, according to people close to the discussions. The realization alarmed Interactive Brokers, which then abandoned the deal. Later on Monday, when explaining to regulators why the deal had fallen apart, MF Global disclosed the concerns over the missing money, according to a joint statement issued by the Commodity Futures Trading Commission and the Securities and Exchange Commission. Regulators, however, first suspected a potential shortfall days ago as they gathered at MF Global?s Midtown Manhattan headquarters, the people briefed on the matter said. It is not uncommon for some funds to be unaccounted for when a financial firm fails, but the magnitude in the case of MF Global was unnerving. For now, there is confusion surrounding the missing MF Global funds. It is likely, one person briefed on the matter said, that some of the money may be ?stuck in the system? as banks holding the customer funds hesitated last week to send MF Global the money. But the firm has yet to produce evidence that all of the $600 million or $700 million outstanding is deposited with the banks, according to the people briefed on the matter. Regulators are looking into whether the customer funds were misallocated. With the deal with Interactive Brokers dashed, MF Global was hanging in limbo for several hours before it filed for bankruptcy. The Federal Reserve Bank of New York and a number of exchanges said they had suspended MF Global from doing new business with them. It was not the first time regulators expressed concerns about MF Global. MF Global confirmed on Monday that the Commodity Futures Trading Commission and the S.E.C. ? had ?expressed their grave concerns? about the firm?s viability. By midmorning on Monday, the firm filed for bankruptcy. Azam Ahmed contributed reporting. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it.