AT&T, Your world delivered. To the NSA.
Snipped from a BLF missive:
The Billboard Liberation Front today announced a major new advertising improvement campaign executed on behalf of clients AT&T and the National Security Agency. Focusing on billboards in the San Francisco area, this improvement action is designed to promote and celebrate the innovative collaboration of these two global communications giants.
Yes, I said the Gopher Internet. No, I donâ€™t mean little rodent things.You see, way back before these new-fangled graphical web browsers like Firefox and Internet Explorer were invented, there were two Webs. There was the world wide web, and then there was the Gopher web.
The World Wide Web has, obviously, gotten pretty popular. Youâ€™re using it right now. Itâ€™s estimated that there are more than 12 billion publicly accessible websites on the WWW today.
Gopher,meanwhile, has stagnated. According to the biggest Gopher search engine, there were less than 100 Gopher sites left in the world as of 2007. And Mozilla has announced that future versions of Firefox (starting with Firefox 4) will not even be able to display Gopher sites.
Microsoft has been fined 280.5m euros ($357m; Â£194m) by the European Commission for failing to comply with an anti-competition ruling.
The software giant will appeal against the fine which follows a long-running dispute between it and EU regulators.
Microsoft’s general counsel, Brad Smith, insisted the company had met the commission’s demands, and said it would appeal the decision.
“This is not about compliance, this is about clarity,” Mr Smith explained during a conference call.
Mr Smith said Microsoft would argue that the commission’s original demand was too vague, and that the company had since done everything it could to comply with the ruling and provide all the information that was required.
Microsoft expected to deliver the final bundle of information for use by rival software firms on 18 July, he said, well ahead of the EC’s deadline of July 24.
“Hopefully we will bring this chapter to a close in the next couple of weeks,” Mr Smith said, adding that while Microsoft was not happy about the fine, the company had seen signs of progress in resolving the dispute.
Tired of getting phone calls from the same 800-type phone number, but have no idea who’s calling? 800Notes.com, a free user-submitted reverse phone directory, lets you see who might be ringing, whether it’s a sales firm, debt collection agency, or other cloaked caller. Whether or not you find a match depends on if anybody else has reported the identity of the caller, but many of the matches have useful information, like a caller’s experience in trying to get the other end to stop calling. For those who’ve recently changed numbers or seem to attract false debt collection calls, it’s definitely worth a bookmark for when Google searching fails.
Are you happy with the results people get back when they Google your name? If not, there are easy ways to monitor and guide what information is published about you online. Two years ago Lifehacker.com covered how to have a say in what Google says about you, and more recently, and how to track down anyone online. But a rash of social media sites have arisen that give you more tools to help you manage your online reputation and become more findable. Let’s take a look…
Search engine exeLibrary demystifies the EXEs running in your Task Manager to help you get to the bottom of whether or not that cryptic process actually needs to be running (and whether or not it’s malware). Just search any process when you’re unclear of its purpose in exeLibrary, and it’ll give you a detailed description of what the process generally does in return, including how to remove it if it’s harmful. exeLibrary is a nice stop if you’re looking to trim down your running apps and Task Manager is full of processes that read like gibberish to you. You may also want to try out the HiJackThis Log File Analyzer located below the search field.
NEW YORK â€” More than $1 million of counterfeit Gucci, Prada, Fendi, Rolex and Coach goods have been seized in an early morning Chinatown raid by the Mayor’s Office of Special Enforcement.
The raid Tuesday came after a two-month investigation by city officials in the special unit, which was created in 2006 to crack down on trademark counterfeiting and other quality of life violations.
The special enforcement unit includes police, building inspectors and finance inspectors. According to a spokesman for Mayor Michael Bloomberg, investigators made dozens of undercover purchases of illegal goods, including handbags, perfume, clothing and jewelry, in an area known as the “Counterfeit Triangle.”
The area is bounded by Canal, Walker and Centre streets, and consists of 32 stalls and storefront shops.
The Digital Inspiration blog points out a Gmail trick that’s been just under the surface all along. Everyone who has an “firstname.lastname@example.org” address can also receive mail sent to “email@example.com.” What’s the big deal? Well, knowing this gives you a stronger hand when you fight against spam, bacn, and all that other not-so-important but distracting email. Try giving out one or the other addresses to important, close contacts, while using the other for all the other stuff. What uses can you think of (or have used already) for this trick? Offer up the advice in the comments.
Apache server software provides distributed (i.e., directory-level) configuration via Hypertext Access files. These .htaccess files enable the localized fine-tuning of Apacheâ€™s universal system-configuration directives, which are defined in Apacheâ€™s main configuration file. The localized .htaccess directives must operate from within a file named .htaccess. The user must have appropriate file permissions to access and/or edit the .htaccess file. Further, htaccess file permissions should never allow world write access â€” a secure permissions setting is â€œ644â€, which allows universal read access and user-only write access. Finally, .htaccess rules apply to the parent directory and all subdirectories. Thus to apply configuration rules to an entire website, place the .htaccess file in the root directory of the site.
Below is an excellent write-up/guide to creating or editing your .htaccess file. Also included are some tricks to help keep your webserver secure from potential threats.
You have probably seen signs like these from mom and pop stores who thinks they’re NOT obliged to follow the rules like everyone else. This is a very common practice, even for a franchise of a major corporate chain in college towns where college students are not aware of the policy.
“$x.xx minimum purchase with credit cards” or “$x.xx minimum purchase or there will be a $x.xx surcharge/transaction charge” or “There is a $x.xx or xx% surcharge for credit card purchase”
Did you know that Merchants…
- Can not charge you a penny extra because you used a CREDIT CARD, does not apply to PIN based DEBIT
- If they accept VISA/MC at all, they have to honor your card, even if your purchase is $0.01.
- Can REQUEST for your ID, but they CANNOT deny your purchase if you decline, except when your card is not signed
What to do if they’re taking advantage of lack of knowledge:
Firmly take position. If they rationalize (i.e. banks charge us a fee so we can do it), or appeal to popularity (everyone else does it), cite Section 9 of MasterCard code, then demand that they note your receipt about the surcharge, better yet to have it listed as as separate item on the itemized receipt. Assure them you will follow up with a chargeback.
Bills pending in the Michigan and Washington state legislatures would mandate that personal information stored in business computers be â€œencrypted.â€ Legislatures are unwise to engage in such micro-management.
Pending Michigan Senate Bill (SB) 1022 would forbid a business from storing personally identifiable information in a database unless the information is encrypted. Similarly, in Washington State, pending House Bill (HB) 2574 would mandate that a business employ encryption when storing personal information on an Internet-connected computer server.
When a legislature specifies a technology like â€œencryption,â€ it goes beyond stating a goal and requiring that the goal be met. The legislature selects the precise technical means for reaching the goal. In other words, when a legislature dictates technical measures like â€œencryption,â€ it assumes the role of a professional engineer. But state legislatures are not qualified to provide professional engineering services!
A team from Princeton University has developed ways to break disk encryption, including Bitlocker, Truecrypt, Apple encryption, and Linux encryption, if the computer is in sleep mode or sitting at a password prompt, or even if it’s just been turned off.
Morning Edition, February 21, 2008 Â· Stanford University says it will no longer charge tuition to undergraduates whose parents earn less than $100,000 a year. For students whose parents make less than $60,000, the university will also waive room and board costs.
SAN FRANCISCO, California (AP) – Google Inc. will begin storing the medical records of a few thousand people as it tests a long-awaited health service that’s likely to raise more concerns about the volume of sensitive information entrusted to the Internet search leader.
The pilot project to be announced Thursday will involve 1,500 to 10,000 patients at the Cleveland Clinic who volunteered to an electronic transfer of their personal health records so they can be retrieved through Google’s new service, which won’t be open to the general public.
Each health profile, including information about prescriptions, allergies and medical histories, will be protected by a password that’s also required to use other Google services such as e-mail and personalized search tools.
Google views its expansion into health records management as a logical extension because its search engine already processes millions of requests from people trying to find more information about an injury, illness or recommended treatment.
But the health venture also will provide more fodder for privacy watchdogs who believe Google already knows too much about the interests and habits of its users as its computers log their search requests and store their e-mail discussions.
Prodded by the criticism, Google last year introduced a new system that purges people’s search records after 18 months. In a show of its privacy commitment, Google also successfully rebuffed the U.S. Justice Department’s demand to examine millions of its users’ search requests in a court battle two years ago.
The Mountain View, California-based company hasn’t specified a timetable for unveiling the health service, which has been the source of much speculation for the past two years. Marissa Mayer, the Google executive overseeing the health project, has previously said the service would debut in 2008.
These days, data is mobile. Every day, sensitive corporate data leaves a companyâ€™s headquarters on a flash drive or an employeeâ€™s laptop. Regardless of where it is going, mobile data can be an I.T. departmentâ€™s worst nightmare.
In fact, the 2006 â€œCSI/FBI Computer Crime and Security Survey,â€ a joint effort by the San Francisco office of the FBI and the Computer Security Institute, named laptop theft as the third-largest source of financial loss in the computer security domain. This survey reports the results of 426 companies. While most security threats documented by the study decreased, losses from laptop theft have increased since 2005. â€œData protection (e.g., data classification, identification and encryption) and application software (e.g., Web application VoIP vulnerability security)â€ were cited as the â€œmost critical computer security issues in next two yearsâ€ by 73 respondents.
One of the most important computer security issues today is laptop theft. The data on a stolen laptop may be far more valuable than the device itself. For example, a stolen UC Berkeley laptop contained sensitive data about nearly 100,000 alumni. A stolen Department of Veteranâ€™s Affairs latop yielded information from up to 26.5 million veterans. There are many examples of high-profile laptop theft, and these incidents are often very costly for companies. The cost, however, isnâ€™t related to the hardware replacement, but to the loss of confidential information and customer security.
What if the owner could state that the data has not been compromised? What if the only loss resulting from a stolen laptop was purely material? This would certainly alleviate some of the risks behind mobile data. Disk encryption is one way to help solve this problem. Since the Fedoraâ„¢ Project was announced in 2003, many disk encryption technologies have been added to the Fedora platform.
When I needed to make a USB key (aka. USB pen drive, USB memory stick, whatever) bootable under Linux I found there was a number of pages on the Internet that listed the steps needed. Some of these pages required you to do some steps from DOS and/or used the syslinux command.
I did not want to boot DOS in order to get the job done. I wanted to do everything from Linux. I tried the procedures which made use of the syslinux command but I didn’t get consistent results. Sometimes my USB key was bootable and sometimes it wasn’t.
I felt there had to be a better way to do this that used the same commands one would normally use to make a standard hard drive bootable. After a bit of experimentation and testing, I came up with the procedure which follows.
The information below provides an overview of the steps you need to follow in order to create a bootable ext2 based file system partition on a USB key. It is not an exact command by command set of instructions. You are expected to have some familiarity with Linux and the commands that will be used.
This is old news but still deserves a mention. In case you haven’t been a student in awhile TurnItIn is a service for educational institutions. They make it compulsive for students to allow their paper to be submitted to Turnitin or receive a failing grade of 0.
The service, a profit entity, operates by archiving student papers to detect plagiarism and since students aren’t compensated, some feel it’s a copyright/privacy violation.
Got it through MSDN… the real release, not the beta. Everything to do with file transfer has improved substantially… Copy, delete, move.. large, small files.. all smooth now. C’mon Microsoft.. you can do it!
People will post just about anything on social networking sites. And the information can be used against them. Suddenly, those saucy pictures and intimate confessions on social networking sites can be taken down and used in evidence against you in ways never dreamed of.
In the judicial backwater of a New Jersey federal court, a case is being heard that nominally affects two families but should also make millions of Britons think twice about something they do every day: put highly personal information on Facebook, MySpace or Bebo.
An American insurance company, in defending its refusal to pay out a claim, is seeking to call in evidence personal online postings, including the contents of any MySpace or Facebook pages the litigants may have, to see if their eating disorders might have “emotional causes”. And the case is far from a lone one. Suddenly, those saucy pictures and intimate confessions on social networking sites can be taken down and used in evidence against you in ways never dreamed of.
Damballa researchers share some techniques for getting a better picture of botnets — and targeted attacks
By Kelly Jackson Higgins
Senior Editor, Dark Reading
Is that malware found on your client machine the sign of a targeted attack or a routine bot-herding run? How do you know for sure?
Botnet hunters from Damballa are using some traditional network monitoring techniques to determine the size and scope of botnets — information that can even help distinguish between a direct attack or a random bot recruitment.
â€œWe are working on ways to better [calculate] the numbers of these botnets with some accuracy,â€ says Christopher Davis, director of threat analysis for Damballa. Davis and Damballa chief scientist and co-founder David Dagon will discuss their companyâ€™s botnet research techniques at Black Hat D.C. next week.
Damballa researchers basically reverse-engineer the malware code that arrives at one of their customerâ€™s client machines, and then study how it communicates with its command and control (C&C) server. Then, using a DNS cache-inspection technique, combined with tracking the C&C serverâ€™s IP packet identifier in TCP/IP, they can take more accurate counts of the number of bots, C&C servers, and the potential scope of a particular botnet.