The most valuable supply of worthlessness on the web
(via LifeHacker)
I read an article recently that said identity theft is significantly lower than most reported numbers indicate. I wish I could find that to link to it. Perhaps I can find it later and make mention of it. Regardless, there is an article over at The Consumerist about what you should do if you are one of the folks who does get your identity stolen.
[tags]Identity theft[/tags]
(via Bruce Schneier’s security blog)
As the headling says, a suit has been filed against Compaq (now HP) for false advertising. Michael Crooker is suing Compaq for advertising a feature called DriveLock, purported to make the hard drive unreadable without the proper password. After Mr. Crooker had his apartment searched by the bureau of Alcohol, Tobacco, and Firearms (ATF), his laptop was taken. Later, data from the hard drive was used in a later search of his e-mail account.
He bought it in September 2002, expressly because it had a feature called DriveLock, which freezes up the hard drive if you don´t have the proper password.
The computer´s manual claims that ¨if one were to lose his Master Password and his User Password, then the hard drive is useless and the data cannot be resurrected even by Compaq´s headquarters staff,¨ Crooker wrote in the suit.
. . .
The FBI had broken through DriveLock and accessed his e-mails (both deleted and not) as well as lists of websites he´d visited and other information. The only files they couldn´t read were ones he´d encrypted using Wexcrypt, a software program freely available on the Internet.
I’ll let you make your own decision about whether or not normal people should have access to security software of this type. I will say I view personal access to cryptography software to be as important as personal access to firearms. You, of course, don’t have to share my view, but if you don’t, I’d be interested in hearing why in the comments.
[tags]DriveLock, Cryptography[/tags]
(via Bruce Schneier’s blog)
I know that neither of my visitors likely share my fascination with computer and physical security, but I still like to share interesting stories I read about security problems. This one, in particular, caught my eye because I’ve pointed out the same potential problem numerous times in real life (yes, I actually interact with people not online at times). Here is the full story from the link:
An investigation is being conducted into a security breach at Dublin Airport last week.
A female member of the airport search unit is undergoing re-training after the incident in which a Department of Transport inspector passed unchecked through security screening.
It is understood that the department official was waved through security checks having flashed an official badge. The inspector immediately notified airport authorities of a failure in vetting procedures. Only gardai are permitted to pass unchecked through security.
Informed sources said the incident which took place last Tuesday was a ‘‘procedural’’ breach.
Flash a badge that looks like the right one, and through you go without screening.
I’ve worked places where security requirements are such that all employees must pass through metal detectors and have all packages hand inspected. All employees except the security guards, that is. I’ve worked places where security requirements are such that all contract employees must pass through a metal detector and have bags passed through an X-Ray machine, but company employees don’t have to submit to any inspection.
In each of these cases, consider who the most likely culprits are in cases of stolen equipment or prohibited items making their way inside the security perimiter. But if you state the obvious answer, you’ll be accused of having a bad attitude because you are in the former groups instead of the latter.
So, continuing with the above article, this is a failure where someone in charge of screening allowed someone who upon cursory inspection appeared to pass the “allowed to enter without screening” requirements, and was therefore allowed to enter without screening. This risk can be reduced somewhat with better inspections than cursory, but it can be reduced even more by getting rid of that exception. Of course, this won’t happen, because too many those in charge of physical security prefer to consider their groups outside the need for physical security checks. Isn’t it ironic?
[tags]Security failures[/tags]
(via boingboing)
Sensationalist headlines just sound good to me some times. For this write-up, the title refers to the fact that Sony pays its recording artists royalties on iTunes downloads as if the download were a sale of music. This means lower royalty payments. However, when a consumer downloads a tune from iTunes, Sony has a license agreement that restricts the user’s rights, basically stating that the download is a licensing of content, not a sale of goods.
NEW YORK – Rock bands Cheap Trick and The Allman Brothers Band are suing Sony Music, claiming they are being shortchanged on royalties for songs downloaded legally over the Internet.
. . .
According to the suit, the record company is treating digital downloads like traditional record sales, rather than licensed music, triggering a different royalty deal.
Under that old rubrik, the record company deducts fees for the kind of extra costs they used to incur when records were pressed on vinyl, including packaging charges, restocking costs and losses due to breakage.
Tracks sold over the Internet usually go for about 99 cents. About 70 cents of the sale price goes to Sony. The bands are getting about 4 1/2 cents per song, according to the suit, rather than the approximately 30 cents they claim is rightfully theirs.
Something smells fishy here. Anyone know what that is?
[tags]Sony, iTunes, Screw the consumer[/tags]
I hadn’t even heard of this until I read about it on Mark Russinovich’s SysInternals blog, but apparently Winternals Software is suing Geek Squad and Best Buy for admitted and ongoing illegal use of the Administrator’s Pak from Winternals.
From the story, my understanding is that Best Buy and Geek Squad have been illegally using the Administrator’s Pak software for providing system recovery services to Best Buy customers. After doing this illegally for a while, Best Buy approached Winternals Software about licensing the software. After a few months of negotiations and free training at Best Buys’ corporate headquarters, Best Buy made the decision to not license the software. Oddly, though, Best Buy and Geek Squad continued (and presumably continue) to use the software. So, a lawsuit has now be filed.
As outlined in our Complaint and Motion for Temporary Restraining Order (which can be found, along with all other legal documents filed in the case, at http://www.winternals.com/legal/), Best Buy and Geek Squad initially contacted us and said that a license was needed to come into compliance. Rather than focus on the degree to which Best Buy and Geek Squad had previously engaged in the unauthorized copying and use of our products, we entered negotiations for a software license and to establish a long-term business relationship. To educate their employees on the software and facilitate these negotiations, we even held a training session at our expense on the Administrator’s Pak at their facilities in Minneapolis and offered an eminently reasonable software license for all Geek Squad employees. While surprised that they ultimately decided against a license, we were willing to go our separate way with the hope that they would someday change their mind.
However, after receiving information that Geek Squad employees continued to use ERD Commander frequently in repairing customers’ computers we decided to investigate the situation on our own.
[tags]Best Buy, Winternals Software, Administrator’s Pak, Software Piracy[/tags]
(via boingboing)
In the unending quest to stomp-out illegal filesharing, the RIAA has now sued a family that does not own a computer. Clearly, the RIAA *must* be correct, right? I mean, there’s never before been a lawsuit about illegal file sharing against someone who didn’t commit a crime, has there?
“I don’t understand this,” Walls said. “How can they sue us when we don’t even have a computer?”
Walls also noted that his family has only resided at their current address “for less than a year.” He wondered if a prior tenant of the home had Internet access, then moved, leaving his family to be targeted instead.
However, the RIAA’s lawsuit maintains that Carma Walls, through the use of a file-sharing program, has infringed on the copyrights for the following songs: “Who Will Save Your Soul,” Jewel; “Far Behind,” Candlebox; “Still the Same,” Bob Seger; “I Won’t Forget You,” Poison; “Open Arms,” Journey; “Unpretty,” TLC; No Scrubs,” TLC; and “Saving All My Love for You,” Whitney Houston.
[tags]RIAA, P2P[/tags]
Comcast, in this case, but Verizon, Sprint, all the baby Bells, the power and water companies, and so many others do this crap that it’s really no surprise to us on the receiving end that people get upset with the hassle of get service from companies which are supposed to be in the service industry. This lady’s tale at The Consumerist is quite a bit more extreme than what most people suffer through, but I doubt it’s so out there that many people are surprised.
I had cable and internet reinstalled back in March (I’m going through a divorce and I had to have a new account set up). It took a month to get a DVR and it hasn’t worked since I got it. In total, I have set up six appointments, five of which they have totally not shown up for. They are absolutely making me crazy.
My first appointment was from 2:00 – 5:00 on a Thursday. Took a half day off from work. Had a call at 5:30 that the technician was running late, and when he hadn’t shown up at 7:30 I called them. They apologized and rescheduled for that Saturday from 8:00 – 11:00.
After almost half a dozen more missed appointments, she gets to this.
That night it started crashing again. Last week, every single tv show I tried to watch crashed out. So I called AGAIN. And set up an appointment AGAIN, for this past Friday. I was going out of town for Easter, and really didn’t want to wait another week for a weekend appointment, so I decided to take a full day off Friday rather than a half day to fit in the appointment. It was scheduled for 11:00 – 2:00. Nothing. Finally at 3:00 I had to leave for my trip.
At 3:30 I got a call that the tech was in front of my house. I had to tell them I was about forty miles from my house at that point, so what the hell could I do about it? I rescheduled AGAIN for Tuesday (today), and they actually had a night appointment available, so I took that.
Amazingly, it’s not over. But you have to read the full article to find out how much she has suffered through.
[tags]Consumer service woes, service companies suck[/tags]
(via The Consumerist)
You may be saying “Why should I care?” right now. Well, there are a number of folks calling for a boycott of Starforce. Starforce is a copy protection system used by a number of recent games. It installs new device drivers onto your system to enforce its protection system.
I don’t know the truth of the claims, but here is what I’ve read about Starforce. There is talk that Starforce actually damages hardware in addition to slowing down systems on which it is installed. Starforce is installed without notification or requesting user permission when you install a protected game. It is not removed when you uninstall the game. The company that makes Starforce seems to threaten to sue people who speak ill of the product. The company also apparently assumes everyone who wants to make a backup copy of a game, a legally protected right, is a criminal or “hacker” to boot:
“According to our research those of users [sic] that do run into compatibility problems are beginner-level-hackers that try to go around our protection system.”
Yes, you are a criminal if you want to have some modicum of control over your computer. And since Starforce runs at ring-level 0 (the deepest level of the OS), any instability in the software will crash your system.
So, all this information just to build-up to the win for gamers that is the announcement that Ubisoft is dropping Starforce protection from all Ubisoft games.
“Right now, Ubisoft has decided to use an alternative copy protection system to Starforce for upcoming releases and we are investigating other possible steps at this time.”
…When we asked why they were dropping the company Ubisoft representatives said, “Ubisoft takes its customer concerns very seriously and is investigating the complaints about alleged problems with Starforce’s software. Ubisoft’s goal is to find solutions for its customers if there are problems with Ubisoft products.”
Hurray for the good guys.
[tags]Starforce, Ubisoft, consumer win[/tags]
(via boingboing)
Just like the former head of the RIAA (Recording Industry Association of America) found out that DRM causes problems for perfectly legal uses of digital content, this copyright supporter found out that sometimes the content providers can take away your legally stored digital content if they decide they don’t want you to have it.
The problem is, we have been using the PVR to record 2 years worth of a Spanish language curriculum that is broadcast over an educational channel, and we’ve been using this content to teach our son Spanish. Now the curriculum is gone. It’s not like I’m just inconvenienced in not being able to watch my “24” episodes. An educational curriculum is lost.
For those who aren’t familiar with Mr. Giovanetti’s work, he’s a frequent and pugnacious commentator on intellectual property issues, and an avowed supporter of the DMCA and digital rights management technologies. He’s a frequent critic of “IP skeptics” and “commonists” who argue that copyright law–and the technological measures designed to protect copyright–have gone overboard.
Today he discovered that sometimes, technological measures designed to deter piracy are a pain in the ass for ordinary consumers–like him.
And because of the way the DMCA and other laws which favor businesses over consumers are written, his legal recourse is nil. Oops. That’s where you realize the dog you’re feeding just bit your hand.
[tags]Copyright, copyfight[/tags]
(via boingboing)
I just can’t get away from that style of headline. Sensationalism makes for catchier headlines, I guess.
This article at Wired talks about a secret data collection/siphon room AT&T uses in San Francisco (and purportedly other sites) to get traffic so the NSA can eavesdrop on America citizens.
AT&T is seeking the return of technical documents presented in a lawsuit that allegedly detail how the telecom giant helped the government set up a massive internet wiretap operation in its San Francisco facilities.
In papers filed late Monday, AT&T argued that confidential technical documents provided by an ex-AT&T technician to the Electronic Frontier Foundation shouldn’t be used as evidence in the case and should be returned.
The documents, which the EFF filed under a temporary seal last Wednesday, purportedly detail how AT&T diverts internet traffic to the National Security Agency via a secret room in San Francisco and allege that such rooms exist in other AT&T switching centers.
I keep ranting about this horrible violation of our civil rights, because I still believe that a President violating a law established in 1978 specifically to limit the government’s spying on Americans matters. I have nothing to hide. I lose nothing tangible if I am spied on without a warrant. But losing freedom matters to me. I don’t do a good job working to protect my freedom, but when I can say something against an illegal removal of my freedoms, I feel I have to tell others. The 1978 Foreign Intelligence Surveillance Act (FISA) starts with:
(1) Notwithstanding any other law, the President, through the Attorney General, may authorize electronic surveillance without a court order under this subchapter to acquire foreign intelligence information for periods of up to one year if the Attorney General certifies in writing under oath thatâ€â€
(A) the electronic surveillance is solely directed atâ€â€
(i) the acquisition of the contents of communications transmitted by means of communications used exclusively between or among foreign powers, as defined in section 1801 (a)(1), (2), or (3) of this title; or
(ii) the acquisition of technical intelligence, other than the spoken communications of individuals, from property or premises under the open and exclusive control of a foreign power, as defined in section 1801 (a)(1), (2), or (3) of this title;
(B) there is no substantial likelihood that the surveillance will acquire the contents of any communication to which a United States person is a party; and
(C) the proposed minimization procedures with respect to such surveillance meet the definition of minimization procedures under section 1801 (h) of this title; and
if the Attorney General reports such minimization procedures and any changes thereto to the House Permanent Select Committee on Intelligence and the Senate Select Committee on Intelligence at least thirty days prior to their effective date, unless the Attorney General determines immediate action is required and notifies the committees immediately of such minimization procedures and the reason for their becoming effective immediately.
The really important part there is part (B) specifically limiting warrentless eavesdropping when it would intercept communications involving an American citizen. President Lyndon B Johnson and President Nixon got in trouble for eavesdropping on US citizens, and these violations of citizens’ rights were part of the motivators for FISA.
Why are so many people suddenly willing to let the government illegaly eavesdrop on us again? It wasn’t OK when President Clinton broke the law by lying under oath. It certainly shouldn’t be OK for President Bush to break the law by illegally eavesdropping on Americans, no matter how good *HE* thinks it is for the country and no matter who is on the other end. If he wants to do that, he needs to work on getting the law changed, not just ignoring it.
And companies need to quit helping our government break the law. To bring this back to the original topic – shame on AT&T for feeding the NSA this traffic.
[tags]President above the law, Citizen’s Right violations[/tags]
This is an old story in Internet time, but I marked it in my RSS reader (Bloglines) some time ago, intending to post it, and then never came back and put it on the site. Tonight, I rectify that. That said, here’s the story (brought over from an original post by the EFF).
Back during the MGM vs. Grokster case (where the music industry went after a popular peer to peer filesharing network), the recording industry’s lawyer said to the Supreme Court:
“The record companies, my clients, have said, for some time now, and it’s been on their website for some time now, that it’s perfectly lawful to take a CD that you’ve purchased, upload it onto your computer, put it onto your iPod.”
That seems fairly clear to me. I read it as saying that the record companies believe we, as consumers, are legally allowed to rip CDs down to mp3/ogg/wma/whatever format to put on our portable music players for our own use. Not to give to others. Not to share with strangers. But for personal use, it’s legal. If I’m wrong, someone please let me know.
The reason for posting this story is the followup commentary from the music industry. Recently, the following tidbit came from the recording industry during the DMCA rule-making procedures:
“Nor does the fact that permission to make a copy in particular circumstances is often or even routinely granted, necessarily establish that the copying is a fair use when the copyright owner withholds that authorization. In this regard, the statement attributed to counsel for copyright owners in the MGM v. Grokster case is simply a statement about authorization, not about fair use.”
That says, basically, that sure the recording industry has said in the past that you as a consumer are allowed to rip to your preferred format for portable playback device use later, but now the recording industry no longer thinks that’s OK, so you are not allowed to do it any more. Priceless, I say. There’s a reason I don’t like to buy CDs any more, but I can’t quite express why. Anyone have any guesses?
[tags]RIAA, Record companies hate consumers[/tags]
(via Bruce Schneier’s blog)
More about the security problem (hint: mostly, people are the problem). Humorous and sad at the same time.
Qantas chairman Margaret Jackson revealed at a Beijing Conference this week that she was briefly suspected of being a terrorist by a TSA screener during a visit last year to the United States.
. . .
See, Jackson is a woman — which, according to the wunderkind who screened her baggage and found detailed plans of new aircraft, makes it hard to believe she is also chairman of a major international airline.
“The guy said ‘Why have you got all of this?’,” Jackson told the conference, speaking of the screener’s discovery of seating diagrams in her baggage. “And I said, ‘I’m the chairman of an airline, I’m the chairman of Qantas’. “And this black guy, who was like eight foot tall, said, ‘but you’re a woman.'”
Jackson finally proved her identity to the guard… in part, by writing a note to him on her Qantas letterhead stating “Dear Bill, this is from the chairman of Qantas, who is a woman.”
See – everybody profiles. It’s not a bad thing, although sometimes it’s done poorly.
[tags]Quantas, Security, Oops[/tags]