Monday, March 31, 2008

Sony BMG Being Sued For Using Pirated Software

Sony BMG, a company known for enforcing its intellectual property rights, is now on the other end of an Intellecutal Property related lawsuit. A French report says the complaining company, PointDev, seized some of Sonys assets which showed that pirated software appeared on four of their servers.

In Google's translation of the French report, the CEO of PointDev when questioned about the fact that this is perhaps the single of an employee retorted "I think piracy is linked to the policy of a company. If the employee has the necessary funding to buy the software they need, it will. If this is not the case, he will find alternative ways, as the work must be done in one way or another."

For the full article mentioned by Slashdot, see Zero Paid.

Thursday, March 27, 2008

Cyber Attacks against Tibetan Communities

Slashdot features a link to a SANS Internet Storm Center report about the increasing number of sophisticated and targeted cyber attacks against Tibetan non-governmental organizations (NGOs). The attacks seem related to attacks against other anti-Chinese communities like Falun Gong and Uyghurs.

For an overview of the cyber attacks against Tibetan communities, see SANS Internet Storm Center.

Wednesday, March 26, 2008

Patriot Act haunts Google Service

Slashdot references a piece in the Globe and Mail about Google's current problem with its year-old user tools being at odds with another new aspect of information technology, that of the unprecedented powers of security officials in the United States' surveillance of communications.

This conflict emerged recently in a deal Google brokered with Canada that puts Lakehead University's (Thunder Bay, Ont) use of Google's new tools in the center of a conflict between the U.S. Patriot Act, which gives authorities the means to secretly view personal data held by U.S. organizations, and Canada's privacy laws, which require organizations to protect private information.

Security experts say many organizations are only just now starting to realize the risks they take on by embracing Web-based collaborative tools hosted by a U.S. company.

See globeandmail.com for more information.

Monday, March 24, 2008

Ohio Investigating Possible Vote Machine Tampering Last Year

In a Slashdot posting last week, the criminal investigation being conducted in Franklin County Ohio shows that several voting machines listed a candidate as withdrawn from the race when, in fact, he was not. By the time the investigation identified which machines had been affected, the candidate's name was back on the ballot.

While normally, this could be dismissed as confusion or mistake on the part of the voter(s) who noticed it, in this case, the person who first noticed was the Ohio Secretary of state Jennifer Brunner.

"This is a huge problem," Brunner said. "there is great concern that not every voter has the same ballot."

A SysTest report notes that voters in other precincts also reported seeing "candidate withdrawn" on their machines.

For the complete story, see The Columbus Dispatch.

Friday, March 21, 2008

The International Cyber Cop Unit

Slashdot reports that a group of international cyber cops is ramping up plans to fight online crime across borders. The Strategic Alliance Cyber Crime Working Group, as the unit is known, is made up of high-level online law enforcement representatives from the United States, the United Kingdom, New Zealand, Australia, and Canada.

Once of the primary goals of the group is to fight cyber crime as a team by sharing intelligence, swapping tools and best practices, as well as strengthening and synchronizing their respective laws.

The group has much work ahead of it. As an example, according to the US-CHINA Economic and Security Review Commission report, Chinese military strategists write openly about exploiting vulnerabilities generated by U.S. dependence on advanced technologies and the extensive infrastructure used to conduct operations.

For the complete article, see NETWORKWORLD.

Tuesday, March 18, 2008

RFID hack could crack open 2 billion smart cards

In an article posted by Risks Digest, a student at the University of Virginia has found a way to break through the encryption code of RFID chips used in up to 2 billion smart cards used to open doors and board public transportation systems.

The student says he only needs a laptop, a scanner and a few minutes to get the cryptogrpahic key to an RFID lock and then create a duplicate card to open it.

"It turns out it's a pretty huge deal," says Ken van Wyk, principal consultant at KRv associates. "There are a lot of these things floating around out there. Using it for building locks is the biggy, especially when it's used in sensitive government facilities - and I know for a fact it's being used in sensitive government facilities."


For the full story, see Risks Digest.

Monday, March 17, 2008

Spam King Pleads Guilty in Seattle

Slashdot mentions a Seattle Times report that Robert Soloway, crowned the "spam king" by federal prosecutors for having sent millions of unwanted emails all over the world, has pleaded guilty to mail fraud and tax evasion. This is in exchange for the state dropping multiple charges of identity theft.

The most serious charge Soloway now faces deals not with spam but with non-electronic mail fraud related to his failure to live up to promises he made about his e-mail-marketing software. That charge carries up to a 20year prison sentence. The electronic-mail fraud charge is punishable for up to five years in prison.

Soloway's attorney, Richard Troberman, said the government's decision to dismiss 37 counts, including all the identity-theft cases, demonstrates that the case "turned out to be vvery different from what was originally charged. We feel that when it comes time for sentencing, we like our chances."


See complete article at The Seattle Times.

Wednesday, March 12, 2008

Google Says Spam and Virus Attacks Getting More Clever

Slashdot points to an article in eWEEK.com from last Monday where Google's Postini team released a report that its data centers recorded 57 percent more spam and virus attacks in 2007 compared to 2006.

The size of spam emails also increased considerably as spammers included images, .pdf files, documents,, spreadsheets and even multimedia files to spoof spam filters, according to the author of the report, Adam Swidler, senior solutions marketing manager for Postini.

Google acquired Postini for $625 million and has made substantial progress applying Postini messaging security assets to its own apps, e.g., Gmail.

The eWeek.com article also contains a link to the full report, a Google white paper from February in .pdf format.

Tuesday, March 11, 2008

The Advertisers are Watching You

Slashdot mentions that the New York Times is covering a story about the information Internet advertisers are collecting about you.

A new analysis of online consumer data reveals that large web companies are learning more about people from what they search for and do on the Internet. The information is then used to forecast what content and advertisements people would likely want to see.

Consumers have not yet complained much about online data collection but privacy experts say that it is because they the data collection is invisible to them.

"When you start to get into the details, it's scarier than you might suspect," said Marc Rotenberg, executive director of the Electronic Privacy Information Center, a privacy rights group. "We're recording preferences, hopes, worries and fears."

See the story in the New York Times at To Aim Ads, Web Is Keeping Closer Eye on You.

Tuesday, March 04, 2008

Identity Theft Rates Among Top Banks

A provocative report mentioned in Slashdot contains statistics on fraud and identity theft among financial institutions, phone companies and retailers over a 3-month period.

By virtue of the Freedom of Information Act, Chris Hoofnagle, a senior fellow at the Berkeley Center for Law and Technology at the University of California at Berkeley, was delivered of a disc with 88,000 complaints from January, March and September of 2006 by the Federal Trade Commission.

Hoofnagle tabulated the institutions most often cited by consumers in their fraud complaints and concedes there are limitations to his study. "It needs more information to be useful to consumers," he said. "But it should be useful for banks, who themselves are probably curious what their competitors' fraud rates are.

For more information, see the full study and The New York Times Bits Technology blog.

Monday, March 03, 2008

Prolific Spammer's Conviction Upheld

Slashdot reports that in a split (4-3) decision, a Virginia court upheld the verdict against spam king Jeremy Jaynes, ruling that Virginia's anti-spamming law does not violate free-speech rights.

Prosecutors presented evidence of 53,000 illegal e-mail messages Jaynes sent over three days in July 2003. Further, authorities believe Jaynes is responsible for spewing 10 million e-mails a day in an enterprise that grossed up to $750,000 per month.

He was charged in Virginia because the emails went through an AOL server in Loudoun County, where America Online is based. Jaynes, of Raleigh N.C., was convicted of massive distribution of junk e-mail and sentenced to nine years in prison.

For details, see PHYSORG.com.