You are not logged in [login] | [register]
RSS MAD is both an RSS feed archive and online feed reader.
You can browse our categories, search for a feed, or if you already have a URL, use our online feed reader.
Simply start browsing the site, and if you find some feeds you like, register to view them on your own personalized page!
you are here: home » news & media » tech
Searching 185202 articles in 8938 feeds.
Do you like RSS MAD? Why not spread the news and tell a friend about it - it's as easy as filling out this form!
added: Wed, 30th November 2005 | 303 views | 0x in favourites
feed url: http://www.PrivacyDigest.com/xml/rss.xml
Follows news that can impact your privacy. Covers Laws, Technology, software, companies and more.
Data security: What the law requires of IT - Via InfoWorld | Analysis | 2008-08-18 | By Thomas J. Smedinghoff :
IT's legal duty to secure sensitive data is complex and continuously evolving. Here's how to avoid the legal ramifications of a data breach
For most IT organizations, securing corporate data against compromise is priority No. 1. Girding the enterprise against breaches is a constant, thankless task requiring foresight, vigilance, and much in the way of IT expenditures. Keep up with the latest threats, or find your company in the headlines -- and your job on the line.
Such is the shift in attitude toward security in IT. In the Wild West, when Jesse James and Butch Cassidy robbed banks, we felt sorry for the banks and hunted down the outlaws. Today, when someone breaks into a company's computer system, our response is totally different: We blame the company for failing to provide adequate security.
Codifying this shift is a complex blend of laws and regulations enacted to protect the confidentiality and integrity of valuable personal data and the individuals who might be harmed by a breach. Not complying with these mandates can result in grave legal consequences should your organization suffer a breach. read more »
Survey: IT staff would steal secrets if laid off - Via ITworld(Computerworld UK) :
Most IT staff would steal sensitive company information, including CEO's passwords and customer details, if they were laid off, according to a new survey from Cyber-Ark.
A staggering 88 percent of IT administrators admitted they would take corporate secrets, if they were suddenly made redundant. The target information included CEO passwords, customer database, research and development plans, financial reports, M&A plans and the company's list of privileged passwords.
The research also revealed that, of that 88 percent, a third would take the privilege password list to gain access to valuable documents such as financial reports, accounts, salaries and other privileged information. read more »
Surveillance Society Sparks Psychosis - Via Threat Level:
If you think someone is watching you, you're probably right. But this doesn't mean you're not also crazy, according to psychiatrists who say that our surveillance and reality TV society is spawning a new kind of psychosis. They're calling it the Truman Show delusion.
Psychiatrists in the U.S. and Britain say they're seeing a growing number of psychotic patients who are paranoid that cameras are watching their every move.
Not sure why they might think this.
Others fear the World Wide Web is monitoring their lives or being used to transmit photographs or personal information.
The psychiatrists say such patients are often mirroring -- albeit, to an extreme -- what is occurring in the environment around them. read more »
Dan Kaminsky on DNS, BGP and an Emerging Theme - Via Threat Level:
This year saw several presentations on a number of core vulnerabilities in the internet's architecture, which have served to highlight the folly of believing that anything on the internet is secure these days.
Did anyone ever believe that anyway?
Now Dan Kaminsky, who discovered a fundamental flaw in the Domain Name System earlier this year, has written a post on his blog that puts these security vulnerabilities into context -- including the Debian Non-Random Number Generator issue, the SNMPv3 bug and the BGP issue. He looks at how some of these vulnerabilities could be combined for effective attacks and also addresses the likelihood that a BGP attack, as demonstrated by Anton Kapela and Alex Pilosov at the DefCon hacker conference earlier this month, could succeed without being observed. read more »
EFF Urges Copyright Office to Fix Digital Music Mess, but Carefully - Via EFF.org Updates:
In comments filed today, EFF joined with other public interest and consumer groups in urging the Copyright Office to clarify the process for licensing digital music services, but to steer clear of larger digital copyright controversies. The comments were filed in a rulemaking involving the Section 115 compulsory license for "digital phonorecord deliveries" (DPDs) that has been dragging on since 2001 (read the July 16, 2008 "notice of proposed rulemaking" for a summary of the tortured history of the proceeding). read more »
CDT Submits Comments in Music Licensing Rulemaking - Via Center for Democracy and Technology:
In comments submitted today to the Copyright Office, CDT, EFF, Public Knowledge, and four other groups expressed support for the goal of providing greater licensing clarity to digital music services. That clarity could assist in the continued growth of the lawful online music market. The comments warned, however, that this goal could be undermined by rules that unnecessarily address controversial questions with important implications outside the music licensing context, such as the legal status of "buffer copies." CDT and its allies instead argued for a narrowly-tailored rule that would serve as a "safe harbor" covering any copies created in the course of providing a digital music service.
(Read Original Article - Via Center for Democracy and Technology.) read more »
AT&T thanks the Blue Dog Democrats with a lavish party - Via Salon: Glenn Greenwald:
(updated below (with video added) - Update II)
Last night in Denver, at the Mile High Station -- next to Invesco Stadium, where Barack Obama will address a crowd of 30,000 people on Thursday night -- AT&T threw a lavish, private party for Blue Dog House Democrats, virtually all of whom blindly support whatever legislation the telecom industry demands and who also, specifically, led the way this July in immunizing AT&T and other telecoms from the consequences for their illegal participation in the Bush administration's warrantless spying program. Matt Stoller has one of the listings for the party here.
Armed with full-scale Convention press credentials issued by the DNC, I went -- along with Firedoglake's Jane Hamsher, John Amato, Stoller and others -- in order to cover the event, interview the attendees, and videotape the festivities. There was a wall of private security deployed around the building, and after asking where the press entrance was, we were told by the security officials, after they consulted with event organizers, that the press was barred from the event, and that only those with invitations could enter read more »
Google, EFF Applaud Veoh DMCA Ruling - Via Threat Level:
Online video sharing service Veoh scored a major victor in a copyright case when a federal judge dismissed a lawsuit brought by a gay porn distributor claiming the upstart's site facilitated the infringement of its copyrighted works.
The case, brought by IO Group, is similar to lawsuits by other rights holders against YouTube, MySpace, MP3tunes and others. The allegations are basically the same: they claim the sites facilitate wanton copyright infringement.
But this is the first lawsuit to be concluded at the trial-court level, and the outcome favored the file sharing site.
In dismissing the case Wednesday, U.S. Magistrate Howard Lloyd of San Jose ruled (.pdf) that San Diego-based Veoh -- financially backed by Time Warner and Michael Eisner – complied with the 1998 Digital Millennium Copyright Act's so-called safe harbor provisions.
While the first-of-its-kind decision is not binding on other courts, YouTube chief counsel, Zahavah Levine, said "it is great to see the court confirm that the DMCA protects services like Youtube that follow the law and respect copyrights." read more »
Computers Seized from Berkeley Activist Space - Via EFF.org Updates:
Yesterday, the FBI, UC Berkeley police, and Alameda County Sheriff's deputies conducted a raid on the Long Haul Infoshop, a community space that is home to a number of leftist and anarchist groups, including a newspaper and a radio station. Armed with a warrant (PDF), authorities entered and quickly removed every computer in the Long Haul space.
According to the Associated Press, a UC Berkeley spokesman said that the raid was part of an investigation into threatening e-mails tracked to computers there. Among the computers seized were computers belonging to the Slingshot newspaper, and the Berkeley Daily Planet reports that police "got [Berkeley Liberation Radio's] hard drive."
Even with a warrant, the authorities may have acted in violation of federal law when they seized the computers. read more »
Do RIAA Snoops Need P.I. Licenses? - Via Threat Level:
By now, we all know how the Recording Industry Association of America nabs alleged file sharers, more than 20,000 lawsuits and counting: Hired snoops from MediaSentry -- aka SafeNet -- log onto Kazaa, Limewire or other file sharing programs, peer into open share folders, take screenshots, download a few files and obtain the offending IP addresses.
But in a few states -- Michigan, Texas, Florida, New York, Massachusetts, Oregon and Arizona -- the RIAA's investigators have come under attack by state governments or RIAA defendants. Reason: They are not licensed private investigators in their respective states. Michigan recently told MediaSentry it needed a license (.pdf) to continue practicing.
But demanding a private investigator's license doesn't make such sense for computer forensic work, according to the American Bar Association. In a recent report, the country's largest legal lobbying group urges the states to jettison the idea of, or licensing requirement for computer forensic specialists, especially since most state licensing boards don't demand education in such work. read more »
Revealed: The Internet's Biggest Security Hole - Via Threat Level:
Two security researchers have demonstrated a new technique to stealthily intercept internet traffic on a scale previously presumed to be unavailable to anyone outside of intelligence agencies like the National Security Agency.
The tactic exploits the internet routing protocol BGP (Border Gateway Protocol) to let an attacker surreptitiously monitor unencrypted internet traffic anywhere in the world, and even modify it before it reaches its destination.
The demonstration is only the latest attack to highlight fundamental security weaknesses in some of the internet's core protocols. Those protocols were largely developed in the 1970s with the assumption that every node on the then-nascent network would be trustworthy. The world was reminded of the quaintness of that assumption in July, when researcher Dan Kaminsky disclosed a serious vulnerability in the DNS system. Experts say the new demonstration targets a potentially larger weakness. read more »
More on BGP Attacks -- Updated - Via Threat Level:
There was a lot of additional information I wanted to include in my article about intercepting internet traffic through the Border Gateway Protocol (BGP), but there wasn't space to include it. So I'll put it in this separate post.
First of all, you can read how Anton Kapela and Alex Pilosov conducted their interception of the DefCon network traffic in the slides from their talk (.ppt). Their DefCon presentation, by the way, was an unscheduled, last-minute talk that occurred at the end of the last day of the DefCon conference, so it hadn't appeared on the conference schedule. I asked Kapela to read any comments that readers post to these two BGP posts so he can respond to any questions readers may have about how he and Pilosov conducted their attack.
As I mention in my article, BGP hijacking isn't new. It happens frequently, though generally the hijack is unintentional and it results in a denial-of-service attack or outage, as was the case earlier this year when Pakistan Telecom inadvertently hijacked YouTube traffic. read more »
British Bank Bans Man's Password - Via Threat Level:
A customer of the British bank Lloyds TSB discovered the bank had changed his account password because someone on staff apparently couldn't take a joke.
Steve Jetley had created the password "Lloyds is pants" after he had a dispute with the bank over free travel insurance that was supposed to come with the account.
But when he tried to access his account over the phone, a call center representative told him the password didn't match what was in his file. The password had been changed to "no it's not." read more »
Required Reading for "User-Generated Content" Sites: Io Group v. Veoh - Via EFF.org Updates:
In an important ruling handed down yesterday, a federal district court threw out a copyright infringement suit brought by adult video producer Io Group against Veoh, concluding that the video hosting site qualifies for the DMCA safe harbor. The ruling should be required reading for the executives of every "Web 2.0" business that relies on "user-generated content."
Veoh, like YouTube, is a streaming video site that hosts videos uploaded by users. Io Group sued Veoh in 2006 after finding clips from 10 of its copyrighted adult films on the Veoh site. So far, this is a familiar story -- user-generated content site gets sued by copyright owner for naughty uploading habits of users (see, e.g., lawsuits against MySpace, iMeem, YouTube, Redlasso, Hi5, Multiply, Stage6, MP3tunes, Scribd, Usenet.com, Bolt, and Grouper). But this is the first case to get to a final ruling, and it's a total victory for Veoh. read more »
ITRC: Breaches Blast ’07 Record - Via PogoWasRIght - Privacy News Headlines:
With slightly more than four months left to go for 2008, the Identity Theft Resource Center (ITRC) has sent out a press release saying that it has already compiled 449 breaches– more than its total for all of 2007.
As they note, the 449 is an underestimate of the actual number of reported breaches, due in part to ITRC’s system of reporting breaches that affect multiple businesses as one incident.
.... More important than the individual numbers, perhaps, are the details of a breach, something that is often lacking or glossed over in reports. As one example, when third party benefits administrator Administrative Systems, Inc., disclosed that its office had been burgled in December 2007, it did not reveal the total number of clients affected, nor the total number of individuals whose unencrypted data were on the stolen computer. Given that just one of the dozens of clients informed this site that it had to notify 250,000 of its customers, the numbers for that breach might be staggering. read more »
Accidental Ad Blocker - Via Post I.T. - A Technology Blog From The Washington Post - (washingtonpost.com):
Privacy advocates think the next version of Internet Explorer, the program that connects most of us to the Web, is a step in the right direction.
Advertisers? Well, they're not so sure.
The advertising industry is bracing for trouble from the next version of Microsoft's Internet Explorer, details of which were announced today, because it will offer a feature that blocks some ads and other content from third-parties that shows up on Web pages.
"It has the potential to undermine the economies of the Internet," said Mike Zaneis, vice president of the Interactive Advertising Bureau. read more »
Huge Security Flaw In IPhone 2.0.2: Huge iPhone Security Flaw Puts All Private Information at Risk - Via :
There's a huge security problem in the latest iPhone 2.0.2: if you have your JesusPhone password protected, using a very simple trick gives anyone full access to your cellphone private information in Mail, SMS, Contacts, and even Safari. The two-step trick is even simpler to the one used in the past to gain access to the phone to install unlocking cards or jailbreak. Fortunately, there's a way to avoid this obvious security breach until Apple fixes it. read more »
Terror watchlist "upgrade" is "imploding," legislator says - Via Ars Technica :
The database used to produce the government's terror watch lists is "crippled by technical flaws," according to the chairman of a House technology oversight subcommittee—and the system designed to replace it may be even worse.
In a letter to the inspector general at the Office of the Director of National Intelligence last week, Rep. Brad Miller (D-NC) complained that the National Counterterrorism Center's "Railhead" initiative, designed to upgrade the government's master database of suspected terrorists, "if actually deployed will leave our country more vulnerable than the existing yet flawed system in operation today."
Miller, who chairs the Investigations and Oversight Subcommittee of the House Science and Technology Committee, cited "severe technical troubles, poor contractor management, and weak government oversight," which he said had brought the Railhead program to the "verge of collapse." read more »
Road Tolls Hacked - Via MIT's Technology Review:
A researcher claims that toll transponders can be cloned, allowing drivers to pass for free.
Drivers using the automated FasTrak toll system on roads and bridges in California's Bay Area could be vulnerable to fraud, according to a computer security firm in Oakland, CA.
Despite previous reassurances about the security of the system, Nate Lawson of Root Labs claims that the unique identity numbers used to identify the FasTrak wireless transponders carried in cars can be copied or overwritten with relative ease.
This means that fraudsters could clone transponders, says Lawson, by copying the ID of another driver onto their device. As a result, they could travel for free while others unwittingly foot the bill. "It's trivial to clone a device," Lawson says. "In fact, I have several clones with my own ID already."
Lawson says that this also raises the possibility of using the FasTrak system to create false alibis, by overwriting one's own ID onto another driver's device before committing a crime. The toll system's logs would appear to show the perpetrator driving at another location when the crime was being committed, he says. read more »
Preliminary Congressional Investigation Finds Watch Lists Plagued with Systemic Flaws - Via ACLU - Privacy:
ACLU calls for lists to be scrapped and for DHS to approach airline security in reasonable and effective manner
FOR IMMEDIATE RELEASE
Contact: (202) 675-2312, media@dcaclu.org or (212) 549-2646, media@aclu.org
WASHINGTON, DC – In response to today’s Wall Street Journal article on the flaws found in the terrorist watch lists by a preliminary congressional investigation, the American Civil Liberties Union calls on all presidential candidates, as well as current President Bush, to pledge to put a moratorium on the use of the lists unless major overhauls are made. The investigation found the current database system beleaguered with flaws and technological hurdles. Not only that, but the program being designed to replace the current database is facing similar systemic difficulties, while the contractors hired for its creation are struggling to move toward completion. read more »
Best Western: 1 hotel, 1 log-on, 10 customers - Via PogoWasRIght - Privacy News Headlines:
The following is an updated statement from Best Western, via email. Thanks to ITRC for sending us a copy.
This statement is intended to provide further detail on the largelyerroneous story originated by The Sunday Herald newspaper in Scotland,concerning the breach of Best Western's Central Reservations System.
We can confirm that on August 21, 2008, three separate attempts weremade via a single log-on ID to access the same data from a single hotel.The hotel in question is the 107-room Best Western Hotel am SchlossKopenick in Berlin, Germany, where a Trojan horse virus was detected bythe hotel's anti-virus software. The compromised log-in ID permittedaccess to reservations data for that property only. The log-in ID wasimmediately terminated, and the computer in question has been removedfrom use.
We can also confirm that we have been able to narrow down the number ofcustomers affected by this breach to ten. We are currently contactingthose customers and offering assistance as needed. read more »
Breakdown in security led to compromise of SSNs - Via PogoWasRIght - Privacy News Headlines:
Promotion selection lists containing the names and Social Security numbers of more than 50,000 active-component noncommissioned officers were compromised earlier this year and in 2005, according to officials familiar with an ongoing Army investigation.
The 2008 sergeant first class list that was compiled by a board that met in February initially was the subject of the probe. The public version of that 8,620-name list was released by Human Resources Command March 20. read more »
Should Companies Share Criminal Blame In ID Theft? - Via Slashdot:
snydeq writes "Deep End's Paul Venezia criticizes the lack of criminal charges for corporate negligence in data breaches in the wake of last week's Best Western breach, which exposed the personal data of 8 million customers. 'The responsibilities attached to retaining sensitive personal identity information should include criminal charges against the company responsible for a leak, in addition to the party that receives the information,' Venezia writes. 'Until the penalties for giving away sensitive information in this manner include heavy fines and possibly even jail time for those responsible for securing that information, we'll see this problem occur again and again.' read more »
Limits Needed On DHS Border Crossing and Driver Information Databases - Via Center for Democracy and Technology:
In comments filed with the Department of Homeland Security today, CDT highlighted privacy concerns implicated by DHS' new system of databases to record personal information and border crossing history. CDT called on DHS to reduce the 15-year period for retaining records of the date, time and place an American re-enters the United States at the land borders, and to limit the vast array of "routine uses" for which that data can be shared with other government agencies, foreign governments, and the public. In related comments, CDT urged DHS to work with states and other issuers of new "enhanced drivers licenses" to provide the department with access only to personal information about drivers crossing the border rather than information about all those holding EDLs, and to ensure that states do not create their own records of drivers' border crossing activities.
(Read Original Article - Via Center for Democracy and Technology.) read more »
Airport Fast Pass Lets Redskins Fans Cut Security Line - Via Threat Level:
A fast-pass airline security company is now expanding its services to get football fans into their seats faster -- a breakthrough that opens the possibility of fast-pass lanes in every segment of society.
Starting this season, Washington Redskins fans can apply for a $100 pass that lets them jump to the front of the security line at 19 airports around the country -- and get them into Redskins football games ahead of their fellow tailgaters.
Flo, a Registered Traveler company behind the offer, is also working with the Baltimore Ravens to offer the same services starting in 2009.
Registered Travelers who can provide a valid social security number and government identification card are given a special card with their iris biometric embedded in it. Flo competes with Verified Identity Pass, which offers the Clear pass -- which recently suffered an embarrassing loss of a unencrypted laptop used to enroll members.
But the cards use a common standard, and members of one can use the other's lanes. read more »
EFF and ACLU of Northern California to ISPs and Content Owners: Do Your Part to Protect Political Speech - Via EFF.org Updates:
On blogs, personal and political websites, and through user generated content sites, ordinary citizens in extraordinary numbers are recreating a public sphere and reinvigorating the democratic debate at the core of our political system. 46% of Americans have already used the Internet in connection with the political campaign- more than during all of 2004.1 User-generated content is playing a particularly integral role, with 35% of Americans watching online videos and 10% using social networking sites to engage in political activity. 2
An overwhelming number of political discussions are taking place in publicly-accessible but privately-owned, online town squares. Which means that this important political speech depends on service providers, users, and content owners all doing their part to safeguard free speech.
Unfortunately, political speech has been threatened repeatedly by claims that controversial material violates a site’s terms of use or infringes copyrights or trademark rights. Here are just a few recent examples: read more »
Judge restricts online reporting of case - 25 Aug 2008 - NZ Herald: New Zealand National news - Via NZ Herald: New Zealand National news:
A judge has today taken the unprecedented step of banning news websites from naming two men charged with murder while allowing newspapers, radio stations and TV networks to reveal who they are.
Judge David Harvey said online media could not use the names, or publish images of the accused, to prevent the public searching for the information when the case comes to trial.
He said he was "concerned about someone Googling someone's name and being able to access it later".
He was also "concerned about the viral effect of digital publication".
Judge Harvey ruled in Manukau District Court that it was OK to report the names and publish the images in print tomorrow or on tonight's 6pm television news but not on news websites. read more »
David Isenberg - Network Neutrality is Not Enough - Via IT Conversations:
During past few years we have witnessed a drastic reduction in competition for network services in the US. David Isenberg, author of the essay "The Rise of the Stupid Network", a paper that shook the telecom world in 1997 and continues to have an impact today, puts the blame squarely on decisions made in Washington DC. This short but pointed talk discusses how this trend is likely to stifle future innovation if it isn't stopped, and what can be done about it.
Boston Court's Meddling With 'Full Disclosure' Is Unwelcome - Via Wired News: Security Blanket:
In eerily similar cases in the Netherlands and the United States, courts have recently grappled with the computer-security norm of "full disclosure," asking whether researchers should be permitted to disclose details of a fare-card vulnerability that allows people to ride the subway for free.
The "Oyster card" used on the London Tube was at issue in the Dutch case, and a similar fare card used on the Boston "T" was the center of the U.S. case. The Dutch court got it right, and the American court, in Boston, got it wrong from the start -- despite facing an open-and-shut case of First Amendment prior restraint.
The U.S. court has since seen the error of its ways -- but the damage is done. The MIT security researchers who were prepared to discuss their Boston findings at the DefCon security conference were prevented from giving their talk. read more »
» more
» more
Is RSS MAD missing something? Tell us about new feeds here.