Group items tagged

Should responsibility for defending against cyberattacks be moved from the Dept. of Homeland Security to the military? Air Force Gen. Kevin Chilton suggested as much at a Congressional hearing where he warned of U.S. vulnerability to cyberwarfar "across the spectrum." Such attacks "potentially threaten not only our military networks, but also our critical national networks," Chilton told a House Armed Services subcommittee, the Washington Post reported. As head of Strategic Command, the general isn't responsibel for defending civilian networks, just government computers. [Stratcom's responsibility is] "to operate and defend the military networks only and be prepared to attack in cyberspace when directed. I think the broader question is, who should best do this for the other parts of America, where we worry about defending power grids, our financial institutions, our telecommunications, our transportation networks, the networks that support them." Well, that's where the 60-day interagency overview of cybersecurity comes in. At the end of that, Chilton said, responsibility for protecting private sector networks may well fit under Stratcom's duties. So what impact in having the military at the center of cybersecurity? Importantly, it brings offensive ops into the defense game. And where the military is involved, can NSA be far behind? No. Operational control over both [offensive and defensive ops], Chilton said, has been delegated to Lt. Gen. Keith B. Alexander, the head of the National Security Agency. … NSA, according to Chilton, already has a role in information security, and the agency's support "has been instrumental in our efforts to operate and particularly to defend our networks," he said. Combining oversight of cyber defense and offense made sense, Chilton said, "because they're so interconnected. . . . As you consider offensive operations, you want to make sure your defense are up."

Social networking phenomenon Facebook has beaten out arch-rival and former market leader MySpace by most measures of popularity, except the one that pays the bills. While Facebook has outpaced MySpace in bringing in members - it has 175 million active users at the latest count, compared with around 130 million for MySpace - it has struggled make money from them. While MySpace is closing in on $1 billion in revenues, Facebook generated less than $300 million in sales last year, reports say. Indeed, Facebook's efforts to drum up revenue have led to it repeatedly becoming the target of some of the biggest online privacy protests on the Web. Its most recent fight earlier this month followed Facebook's attempt to redefine its own rules and assert ownership over anything its members posted on the site. The company has since backed off and is rethinking its policies. Why hasn't Facebook benefited from the vaunted "network effect" that makes such services more valuable the more its adds members and connections between them? After all, Facebook is spreading quickly in nearly 100 languages, while MySpace has focused on the United States and five other markets where Web advertising flourishes. The answer may lie in the origins of the five-year-old site started by then Harvard University student Mark Zuckerberg. Its appeal at the outset was that it was a place where users could share tidbits of their personal lives with selected friends and acquaintances. This blurred the distinction between a private space and a public one. MySpace is more explicitly a public place where friends hang out in the equivalent of a cafe or a club and the aim is often to meet new people. Most of all, MySpace is a place to share music with other fans.

A company that monitors P2P networks says it found details about the president's helicopter, Marine One, on a computer in Tehran. Pittsburgh station WPXI reports. Bob Boback, CEO of Tiversa, said, "We found a file containing entire blueprints and avionics package for Marine One. … What appears to be a defense contractor in Bethesda, MD had a file sharing program on one of their systems that also contained highly sensitive blueprints for Marine One," Boback said. Retired Gen. Wesley Clark, an adviser to Tiversa, added: We found where this information came from. We know exactly what computer it came from. I'm sure that person is embarrassed and may even lose their job, but we know where it came from and we know where it went. It's no accident the information wound up in Iran, the company said. Countries like Iran, Pakistan, Yemen, Qatar and China are "actively searching for information that is disclosed in this fashion because it is a great source of intelligence," Boback said. Rep. Jason Altmire said he will ask Congress to investigate the risk to national security of this sort of exposure. Cnet's Charles Cooper interviewed the Tiversa's Sam Hopkins (Cooper says he's the CEO but the original report said Boback is CEO; the company website doesn't list executives), who said someone at the company was running a Gnutella client - possible a buggy one. Hopkins said it's hardly an unusual occurence - although presumably the usual breaches aren't so closely connected to the President. Everybody uses (P2P). Everybody. We see classified information leaking all the time. When the Iraq war got started, we knew what U.S. troops were doing because G.I.'s who wanted to listen to music would install software on secure computers and it got compromised. … We see information flying out there to Iran, China, Syria, Qatar-you name it. There's so much out there that sometimes we can't keep up with it. Bottom line: P2P is the big

Do you know where your electronic health information is tonight? Here's a reader challenge: I'll pay $10 to the first adult who has had at least five encounters with the private-sector healthcare system in the past 10 years to come up with a complete map of where all his or her electronic health records have traveled, who has seen them and where they are now.

"Scott Fortnum had put in almost a full day of work at his Markham, Ont., office when he decided to "check in" on Foursquare, a location-based social network where users log the names and co-ordinates of the places they visit with a time stamp. The 44-year-old's check-in was marked with a small coral balloon on an embedded Google Map and instantly viewable by the 12 friends he lists on Foursquare - and millions of others. His check-in found its way onto pleaserobme.com, a recently launched website with a mischievous mandate: "listing all those empty homes out there." With March break approaching, many impending vacationers are installing automatic timers on their lights and putting their newspaper subscriptions on hold to deter burglars. Many are also posting on Twitter about when they're leaving and touting their week-long getaway to Jamaica on Facebook - unwittingly letting the online world know exactly when they're away. Mr. Fortnum's check-in appeared this way on Please Rob Me: @sfortnum left home and checked in 30 minutes ago: I'm at ALS Canada (3000 Steeles Ave. E. #200, DVP & Steeles, Toronto.) http://4sq.com/4MmX51 Many Foursquare users such as Mr. Fortnum cross-post their check-ins to Twitter, where they are easy to find through the search function. With some simple coding, Please Rob Me's creators are able to collect those millions of public tweets on their site in real time, highlighting one of the many security concerns that springs from broadcasting one's whereabouts online. Frank Groeneveld, one of the three students from the Netherlands who designed Please Rob Me, says he co-created the site to give members of social networks a wake-up call."

Finally a site that might make someone a profit!

As more and more teens get their hands on mobile phones there is an increasing number of problems which can result. First is "Cyberbulling" where someone uses text messages, emails, and phone calls to hound and slander another teen. The next one, which has been in the news a lot lately, is "sexting". This is where sexually explicit texts and photos are sent from one teen to another or to a group. Both situations can put parents in the awful position of being forced to help their child to defend charges in court. In some counties prosecutors have begun using child pornography laws to prosecute teenagers who send sexually explicit photos to one another. That's why a new program you can put on your child's phone may be the answer. Security Shield Parental Control Edition works with Symbian, Windows Mobile, and BlackBerry phones. Once setup, parents can then see a log of text messages send by their child as well as calls placed and received. Reports are available through a website. The software is being offered for US$30 a year and that subscription also includes automatic software updates.

www.killdo.de.gg Most quality online stores. Know whether you are a trusted online retailer in the world. Whatever we can buy very good quality. and do not hesitate. Everything is very high quality. Including clothes, accessories, bags, cups. Highly recommended. This is one of the trusted online store in the world. View now www.retrostyler.com

Locaccino is the only location-sharing system that gives you precision control over who can see your location. While most location-based systems only allow you to list which of your contacts should or shouldn't be able to see your location, our privacy settings allow you to create rules as simple or complex as you want them to be! Our technology allows you to easily define the times when you want to share your locations. Locaccino lets you create groups for your friends to simplify your location preferences. With Locaccino, allowing your co-workers to see your location from 8AM - 5PM is a snap. Locaccino also allows you to specify where you can be located. Using a Google maps interface, you can define regions where you do and don't want other people to be able to find you. Locaccino Location Sensing Our software will sense your location without even requiring GPS! By leveraging the wifi network of Skyhook Wireless, a nearby location will be found for you. The Locaccino software you'll download will do all the work. We Protect Your Privacy We are the only location-based system with privacy researchers actively working to make sure that your data is kept safe. Our Privacy Policy explains in detail exactly how we store and process all of your data. We want you to know that your location information is saved anonymously and we will never sell any of your personal data.

An Italian judge on Wednesday gave the go-ahead to a case in which Google (GOOG) could be held responsible for content it hosts but does not produce. The case centers on a 2006 video of four Italian youths taunting a child with Down syndrome. In the video, one of the youths incorrectly claims to be part of a small Down syndrome advocacy group called Vivi Down. The video was uploaded to the Google Video site, where it stayed for two months. Prosecutors have filed charges against five Google executives, saying they were in violation of Italian privacy laws and of contributing to the defamation of Vivi Down. At the heart of the case are two main questions: Should sites such as Google Video be held responsible for the content they host? And should such non-brick-and-mortar New Economy companies be subject to the laws in countries where they are not based? "The outcome of this will be to determine how big companies like Google should be expected to act," said Raffaele Zallone, a former chief counsel for IBM's Italian offices and the attorney representing a woman seeking damages in a secondary case tacked onto the main charges. FIND MORE STORIES IN: Italy | Google Inc | International Bus. Machines | Milan | New Economy Zallone, along with Milan prosecutors, the city's ombudsman and an attorney for Vivi Down, the advocacy group, say Google should have become aware of the offending video sooner and removed it sooner. Guglielmo Pisapia, Google's lead attorney in the case, denies any wrongdoing and says Google could not have acted differently. "Google did not produce the video, and when they received an official complaint, they removed it within five hours," said Pisapia, a former member of the Italian parliament. "If the argument is that they should have evaluated the video before it was posted, then that is a dangerous precedent." Oliviero Rossi, an author and commentator on technology issues, says unusual cases that push the limits of the law as this one does are

Bruce Schneier is the chief security technology officer at BT and a celebrated writer and speaker on privacy, cryptography and security issues. Welcome to the future, where everything about you is saved. A future where your actions are recorded, your movements are tracked, and your conversations are no longer ephemeral. A future brought to you not by some 1984-like dystopia, but by the natural tendencies of computers to produce data. Data is the pollution of the information age. It's a natural byproduct of every computer-mediated interaction. It stays around forever, unless it's disposed of. It is valuable when reused, but it must be done carefully. Otherwise, its after effects are toxic. And just as 100 years ago people ignored pollution in our rush to build the Industrial Age, today we're ignoring data in our rush to build the Information Age. Increasingly, you leave a trail of digital footprints throughout your day. Once you walked into a bookstore and bought a book with cash. Now you visit Amazon, and all of your browsing and purchases are recorded. You used to buy a train ticket with coins; now your electronic fare card is tied to your bank account. Your store affinity cards give you discounts; merchants use the data on them to reveal detailed purchasing patterns.

Top House and Senate Democrats are working on legislation that would prevent online marketers from sharing Web-surfing information unless Internet users allowed them to. That's according to House Communications, Technology and the Internet Subcommittee chairman Rick Boucher (D.-Va.), who told Multichannel News that such a bill was in the works and was one of his top legislative priorities. The issue of online behavioral marketing has gained traction recently, spurred by privacy concerns and by media companies' need to find new ways for advertisers to reach aggregated audiences at a time of fragmented viewing and multiplying delivery platforms. Boucher's predecessor atop the committee, Rep. Edward Markey (D-Mass.), held a hearing last fall on the issue and helped quash a test by ad-tracking company NebuAd and cable operator Charter Communications. In an interview, Boucher said he was teaming with Reps. Cliff Stearns (R-Fla.), ranking member of his subcommittee, and Joe Barton (R-Texas), ranking full committee member, on a bill that would apply "across the board" to behavioral advertising and data collection by Web sites. "The goal would be to give the Internet user a sense that information about him that is collected by Web sites is well understood by the user, so he has an opportunity to know what is collected," Boucher said. "He would then have an opportunity to act in a way that prevents that Web site using that information to market him personally, and an even broader opportunity to prevent the transfer of that information about him to third parties." Boucher envisions a combination of opt-in and opt-out requirements. "Opt-in would apply where the information is conveyed to third parties," he said, while "opt out would apply where the Web site that collects the information is using that information directly to market the customers from whom it is collected." Center for Digital Democracy executive director Jeff Chester was please

WASHINGTON -- Few tech policy debates are plumped up with more rhetoric than those concerning Net neutrality and privacy restrictions for advertisers. It should be a noisy year at the Federal Communications Commission. Here at the Cable Show, the annual conference hosted by the National Cable and Telecommunications Association, advisors to the three current commissioners outlined some of the simmering issues that are likely to boil up at the FCC this year, and those two are on the short list. Rick Chessen, acting chief of staff for interim FCC Chairman Michael Copps, said the agency could move toward adding to its Internet policy statement a fifth principle that would explicitly bar ISPs from discriminating against certain traffic on their networks. "The principle would be one of nondiscrimination, but you would recognize the need for reasonable network management," Chessen said. The FCC's broadband principles comprised the policy document that was at the center of last year's action against Comcast, where the agency found that the cable giant had unfairly blocked peer-to-peer traffic on its network without notifying its subscribers it was doing so. The new principle Chessen suggested would seek to clarify the agency's stance against the selective blocking of traffic. Comcast is challenging last year's ruling in a court case where the outcome could broadly shape how Congress proceed with Net neutrality policy. Rosemary Harold, the legal advisor to Republican Commissioner Robert McDowell, said her boss is more cautious than the two Democrats on the matter.

It was the annual crunch time between Thanksgiving and the new year, and Nuala O'Connor Kelly had just sent to the printer the first-ever report to Congress by a chief privacy officer. This was it, the historic reporta 40-page description of what O'Connor Kelly had been doing during her first year as the first CPO of the U.S. Department of Homeland Security. Like addressing concerns about DHS's policies with privacy officers from other countries. Examining the department's growing use of biometrics. And reading irate e-mails from the public about controversial initiatives like the Transportation Security Administration's passenger screening program. If O'Connor Kelly was nervous about the grilling she was likely to get once members of Congress got their mitts on her report, she wasn't letting on. "It's actually a great moment for the [privacy] office to sit back and take stock of where we are now and where we're going for the next two, three, four, five years," says O'Connor Kelly, dashing from one meeting to the next with one of her staff members. At the time, O'Connor Kelly was the only federal government CPO whose position was mandated by law and who was required to file an annual report to Congress. But this seemed on the brink of change. Congress's consolidated 2005 appropriations bill, signed by President Bush in December, contains a provision thatdepending on how the White House's Office of Management and Budget interprets itwould create a handful or more of CPOs at federal agencies.

Do you know what your data did last night? Almost none of more than 27 million people who took the RealAge quiz realized that their personal health data was sold to drug companies, who in turned used that information for targeted e-mail marketing campaigns. There's a basic consumer protection principle at work here, and it's the concept of "unfair and deceptive" trade practices. Basically, a company shouldn't be able to say one thing and do another: sell used goods as new, lie on ingredients lists, advertise prices that aren't generally available, claim features that don't exist, and so on. RealAge's privacy policy doesn't mention anything about selling data to drug companies, but buried in its 2,400 words, it does say that "we will share your personal data with third parties to fulfill the services that you have asked us to provide to you." They maintain that when you join the website, you consent to receiving pharmaceutical company spam. But since that isn't spelled out, it's not really informed consent. That's deceptive. Cloud computing is another technology where users entrust their data to service providers. Salesforce.com, Gmail, and Google Docs are examples; your data isn't on your computer -- it's out in the "cloud" somewhere -- and you access it from your web browser. Cloud computing has significant benefits for customers and huge profit potential for providers. It's one of the fastest growing IT market segments -- 69% of Americans now use some sort of cloud computing services -- but the business is rife with shady, if not outright deceptive, advertising.

Will there be one major catastrophe, or just smaller disasters? Panelists discuss what security issues we should be watching out for, where the threat might come from, and the difficulties in predicting the unpredictable. Panelists include: Whitfield Diffie, vice president and chief security officer for Sun Microsystems; Ronald Rivest, Viterbi Professor of Electrical Engineering and Computer Science at MIT; Adi Shamir, professor of computer science at the Weizmann Institute of Science in Israel; and Bruce Schneier, chief security technology officer for BT Counterpane. Moderating the panel is Ari Juels, chief scientist and director of RSA Laboratories.

Data classification is a cornerstone of good privacy & security management. If you can measure it, you can manage it, right? First you have to know where it is.

Why classify data? Classifying data can help make data more accessible (or less accessible) to the users in your environment who need it. For example, suppose the Human Resources department created a folder on the file server within their department called Litigation. In this folder they place files that are needed for any litigation the company is associated with. The permissions on the folder are configured so that HR employees can edit the contents of the folder and add documents. Senior management can read the documents in the litigation folder, and the HR manager can remove documents that are no longer needed. The question is, how is it determined that a document is no longer needed and how do we apply these criteria to existing files in such a way that minimizes user interaction with them? The new classification feature in Windows Server 2008 R2 makes it possible to automatically assign classification information to files on file servers and apply policy to them based on that information. Classification in Windows Server 2008 R2 consists of several elements: properties, rules, and a policy segment including reporting and file management. Properties are the fields that you wish to assign a value for, and the rules are the criteria that set these values. There are other methods of classification available as well, including applications and scripts. More detailed examination of the methods of configuring the File Classification Infrastructure will follow in a future post. For the above example, a rule would be used to label a set of files in the Litigation folder. Adding a label such as Litigation-Case Number X (where X is the number of the case) can allow easy organization of files for each litigation case. When the classification rule is run against the specified folder, all files meeting the rule conditions would be classified with an appropriate label. You could use an expiration date here, but doing that might require reclassification of files if the ex

Perhaps Mark Z is surprised that people actually read terms of service. Arrogant twit. He's a multi-millionaire who cares about the little people (stage direction: Mark Z looks sincerely into web cam as he wipes away tear with hundred dollar bill). Perhaps the Tweens don't understand what social networking sites really sell; looks like some grown ups started asking where all their personal information is going and when it might inconveniently show up in some ad campaign.

A couple of weeks ago, we revised our terms of use hoping to clarify some parts for our users. Over the past couple of days, we received a lot of questions and comments about the changes and what they mean for people and their information. Based on this feedback, we have decided to return to our previous terms of use while we resolve the issues that people have raised. Many of us at Facebook spent most of today discussing how best to move forward. One approach would have been to quickly amend the new terms with new language to clarify our positions further. Another approach was simply to revert to our old terms while we begin working on our next version. As we thought through this, we reached out to respected organizations to get their input. Going forward, we've decided to take a new approach towards developing our terms. We concluded that returning to our previous terms was the right thing for now. As I said yesterday, we think that a lot of the language in our terms is overly formal and protective so we don't plan to leave it there for long. More than 175 million people use Facebook. If it were a country, it would be the sixth most populated country in the world. Our terms aren't just a document that protect our rights; it's the governing document for how the service is used by everyone across the world. Given its importance, we need to make sure the terms reflect the principles and values of the people using the service. Our next version will be a substantial revision from where we are now. It will reflect the principles I described yesterday around how people share and control their information, and it will be written clearly in language everyone can understand. Since this will be the governing document that we'll all live by, Facebook users will have a lot of input in crafting these terms. You have my commitment that we'll do all of these things, but in order to do them right it will take a little bit of time. We expect to complete this in the next few we

You can't ignore the presence and usage of all the myriad forms of instant messaging, social networking and blogging. The millennial generation won't thrive in companies where Facebook is banned or texting is frowned upon. They think and work so differently from their baby boomer managers that generational clashes are inevitable. The Security Executive Council and CXO Media, producer of CSO Perspectives and CSO magazine, are partnering to probe attitudes toward collaborative technologies like IM and social networking. By participating you will receive a research report based on this survey. Definition of web 2.0 apps: The term "Web 2.0" describes the changing trends in the use of World Wide Web technology and web design that aim to enhance creativity, communications, secure information sharing, collaboration and functionality of the web. Web 2.0 concepts have led to the development and evolution of web culture communities and hosted services, such as social-networking sites, video sharing sites, wikis, blogs, and folksonomies. (Wikipedia)

"There's a known weakness in browsers which we wrote about in the book. Every time we talked with someone about it, they'd ask us why we didn't start a company that took advantage of the loophole, and the answer was, well, it's creepy. The loophole basically lets you see where else your visitors have been on the Internet. Well, it's now out in the open, in two forms: Beencounter, and Haveyourfriendsbeenthere. To be perfectly clear, the site won't show you everything your visitors surf-just whether or not they've been to a set of sites you define. Here's how it works:"

"Faced with increasing pressure from Washington, the Interactive Advertising Bureau launched a public service campaign on Thursday aimed at educating consumers about behavioral targeting. The online campaign, created pro bono by WPP's Schematic, features rich media banner ads with copy like "Advertising is creepy" and "Hey, this banner can tell where you live. Mind if we come over and sell you stuff?" More than one dozen publishers -- including Microsoft, Google's YouTube, and AOL -- have committed to donate a combined 500 million impressions for the initiative. The campaign comes as policymakers are questioning whether data collection by marketers violates consumers' privacy. Rep. Rick Boucher (D-Va.) has said he plans to introduce a bill that could require Web companies to notify users about online ad targeting, and in some circumstances, obtain their explicit consent. In addition, the Federal Trade Commission has criticized the industry for using dense privacy policies to inform people about behavioral targeting, or tracking people online and sending them ads based on sites visited. In a meeting with reporters Thursday morning, IAB President and CEO Randall Rothenberg said one goal of the campaign is to address regulators' concerns that consumers don't understand behavioral advertising. "