The weekly newsletter for Fed2 by ibgames

EARTHDATE: December 9, 2007

Official News page 12


WINDING DOWN

An idiosyncratic look at, and comment on, the week's net and technology news
by Alan Lenton

I'm baaaack (again). Lotsa news this week - some of it good and some of it bad. Actually it depends on your point of view. For identity theft criminals it promises to be a bumper Xmas. The victims, however, may well have a different take on things.

This is the last but one issue this year, since I will be away at Xmas. You probably won't notice because of the plethora of useless gifts you get for the festive season. However, for those geeks amongst you who want to maintain their svelte mien in spite of all the irresistible food, I'd recommend a peek at the item 'Laptop + pedal power = fitness' in the Scanner section!

And now for something completely different (or not, as the case may be)...


Roundup: Whose data is it, anyway?

Last issue started with a story about the UK Customs and Revenue losing the personal data of half the UK's population - 25 million people. Just how seriously they don't take this issue is shown by the fact that the reward they've offered is a paltry 20,000 UK pounds (about US$40K). Given that the value of the missing records could be anything up to 1.5 billion UK pounds (US$3 billion), the press had a field day pillorying the Customs and Revenue.

Unfortunately, they're all missing the point. These are digital records on two disks. Their recovery is essentially irrelevant, since they can easily be copied with no possible audit trail! The obvious thing would be to copy them and then arrange for the disks to be 'found'. The government then trumpets its success at recovering them, all the victims relax, the perps wait a year or so, and then the thefts begin.

In the meantime the Customs and Revenue has admitted to other failures - including a sack of confidential waste literally falling off the back of a lorry!

Oh! And remember the boss of Customs and Revenue, Paul Gray, who resigned over the whole affair? He's baaaack. The government has given him a new job in nothing less than the Cabinet Office working on special projects. The reports don't say what 'special project' he is working on, but knowing the way 'New Labour' thinks, my best guess would be that they have him figuring out how to lose the other half of the population's data so that they can't be accused of discriminating against people with children!

It turns out that the Revenue and Customs aren't the only ones who ship disks full of personal data around the country. Last September the Department of Works and Pensions lost a disk with the personal financial details of 40,000 people on it. A drop in the ocean compared to the Revenue loss, but bad enough in its own right. One has to wonder what other losses have gone unreported since CD burners became standard fittings on PCs.

Those of you reading this in North American can stop feeling smug, since both the US and Canada also have data breaches in the news this week. For instance, Oak Ridge National Laboratory, proud owners of the second fastest super-computer in the world, managed to get themselves hacked over the last few weeks. It looks like the hackers got away with the personal details of thousands of visitors. You'd think with all that computing power available they would know a thing or two about computer security!

Then there was the case of the senior database administrator in a consumer reporting agency in Florida. He flogged off a cool 8.4 million account records to a data broker for just under US$600K. Sounds like a bargain price to me.

And TJX - remember TJX, they lost 100 million credit card transactions - have coughed up US$41 million to cover the bank's Visa losses. Sounds to me like TJX are getting off very lightly, considering how sloppy they were.

And so to Canada... (Just while I remember, I have a standing arrangement with my Canadian readers to remind US readers that Canada is not part of the US!) This week it emerged that Passport Canada, the web site of the Canadian Passport Office, can be persuaded to give information about other people, by the simple and well known hack of altering the URL in your browser's address bar. Passport officials showed their ignorance by describing the exploit as 'an isolated anomaly'. Oh yeah?

Finally, going back to the US we have a personal data disaster in the making at the execrable Facebook site. Facebook's Beacon feature is tracking its users actions - online purchases and stated preferences for certain brands - and turning them into recommendations that might influence the buying habits of their friends. Looks to me like all Facebook subscribers know what they are getting for Xmas as their partners make the purchase. Perhaps the Facebook slogan should be 'Crass Marketing are Us'.

http://www.theregister.co.uk/2007/12/06/hmrc_systemic_failures/
http://business.timesonline.co.uk/tol/business/industry_sectors/technology/article2933509.ece
http://www.channelregister.co.uk/2007/12/04/admin_steals_consumer_records/
http://www.msnbc.msn.com/id/21942570/
http://www.channelregister.co.uk/2007/12/03/tjx_settlement_agreement/
http://www.physorg.com/news116188594.html
http://www.theregister.co.uk/2007/12/04/canadian_passport_site_breach/
http://news.independent.co.uk/sci_tech/article3191510.ece
http://www.theregister.co.uk/2007/12/04/hmrc_boss_new_job/
http://www.timesonline.co.uk/tol/news/uk/crime/article2983759.ece


Shorts:

This was the week that Microsoft decided to kill off Santa! Yes really. Microsoft had added a 'Santa bot' to its MSN Messenger service, which anyone could talk to. Unfortunately, someone had left in some rather adult oriented features. I suspect that they were used during the programmer's testing. Since this newsletter has to get through some very stern filters I'm not going to repeat it here, but you can read all about it at the URLs, should your curiosity get the better of you. You can't try it on MSN any more, because after several abortive attempts to fix the problem, Microsoft decided to kill the mischievous bot.

Nice idea, shame about coding.

http://www.theregister.co.uk/2007/12/03/santa_filth_outrage/
http://www.theregister.co.uk/2007/12/06/microsoft_santa_lies/
http://www.theregister.co.uk/2007/12/04/microsoft_kills_santa/

It appears that the Motion Picture Ass of America (MPAA) have been violating copyright in their latest wheeze - a 'piracy' busting toolkit for universities. The Ubuntu Linux based toolkit had been sitting on their web site for a month when an eagle eyed developer pointed out to them that under the software's GPL license, the source code must also be made available, which it wasn't. Attempts to get the MPAA to fix this problem failed, so the developer was forced to resort to issuing the MPAA's ISP with a DMCA take down notice. The offending toolkit has now been removed. I guess the MPAA are yet another of these 'do as I say, not as I do' organisations.

http://mjg59.livejournal.com/78590.html

Not exactly a round up, but here are a few collected Microsoft snippets from this week.

First off Microsoft has suddenly woken up to the fact that the Linux based 'One Laptop per Child' project is taking off and the machines are starting to be distributed. Unfortunately, the machine can't run Windows. So what are Microsoft doing? They're asking the project to change the hardware design so that their bloated operating system can run on the machines. This could well qualify for the 'Barefaced cheek of the Year Award'.

Perhaps Microsofties would be better employed working on patching the security holes in the various Windows systems. They've got another seven patches due out this week, and its just been pointed out that the encryption on their wireless keyboards is ludicrously easy to break. Who needs trojan software when all you need is a radio receiver!

Finally, I'd draw people's attention to the first URL under this para, which is an interesting analysis of what has happened to Windows Vista during the last year. This month marks the first anniversary of Vista's release to businesses, so it's an apposite time for a review.

http://www.regdeveloper.co.uk/2007/11/30/vista_birthday/
http://itnews.com.au/News/66442,microsoft-wants-ne-laptop-per-child-system-to-
run-windows-xp.aspx

http://www.theregister.co.uk/2007/12/06/microsoft_announces_7_patches_for_december/

Bad news for players of the EVE-Online multiplayer game this week. The game's authors issued a major patch to the client, Trinity, which included an optional DX9 graphics patch to improve the visual quality. Sadly, the patch overwrites the Windows XP C:\boot.ini with the EVE client config file. So, what happens next time you try to boot up? The machine is completely bricked.

http://games.slashdot.org/article.pl?sid=07/12/06/1312254

Good news for music fans. It may be that this Xmas will be the tipping point for forcing the music business to make digital downloads in MP3 format. The writing has been on the wall for some time, with EMI and Universal already providing MP3, but this Xmas sees two new events.

First is a year long promotion from Pepsi and Amazon which will provide millions of free MP3 songs to those who collect the appropriate Pepsi bottle tops. The second, not so immediately significant, but with serious long term implications, is the news that Wall-Mart has warned WMG and Sony BMG that it will pull music files in the Windows Media Audio format from wallmart.com if the labels don't provide the music in MP3 format.

Currently Wall-Mart may only have 2% of the download market, but it has 22% of the CD market, and most observers believe the digital share will go up over the next few years.

I wonder what Microsoft thinks about the upcoming demise of its digitally restricted format?

http://www.billboard.biz/bbbiz/content_display/industry/e3i6efb69eb2243cb842be35f0eab40082d

Want to know how politics really works? Then take a look at the URL for this para, describing the horse trading over the EU's hi-tec Galileo sat nav project. If they made a TV show of it, no one would watch because it was too far fetched!

http://www.theregister.co.uk/2007/12/03/galileo_funding_agreed/

Now here's a tale of real Xmas cheer from Dublin in Ireland. It seems that an enterprising crook, since nicknamed 'Beer Hunter', drove his heavy goods vehicle tractor (that's the cab and motor bit at the front of an articulated truck) into the yard of Guinness's St James Gate brewery , hitched it up to a fully laden trailer, and drove out again. The haul was in excess of 40,000 pints of Guinness, Budweiser and Carlsberg. There'll be a very merry Xmas in at least one corner of Ireland this year!

http://www.theregister.co.uk/2007/11/30/guinness_theft/


Scanner: Other Stories

ISO Resignation highlights Microsoft stuffing committees
http://www.jtc1sc34.org/repository/0940.htm

Unusual Data Disaster Horror Stories
http://www.computerworld.com/action/article.do?command=viewArticleBasic&
taxonomyName=storage&articleId=9051298&taxonomyId=19&intsrc=kc_top

High Earning Spammers Face Tougher Sentences
http://www.networkworld.com/community/node/22659

California Testers Find Flaws In Voting Machines
http://arstechnica.com/news.ars/post/20071205-security-testing-uncovers-severe-
security-flaws-in-ess-voting-machines.html

An Acerbic Look At the Future of Reading
http://diveintomark.org/archives/2007/11/19/the-future-of-reading

Publishers Seek Change in Search Result Content
http://www.washingtonpost.com/wp-dyn/content/article/2007/11/29/AR2007112902207.html

Laptop + pedal power = fitness
http://www.reghardware.co.uk/2007/12/03/intel_competition_pedal_laptop_madrid/

Open Source Hardware Gift Guide
http://blog.makezine.com/archive/2007/12/open_source_hardware_gift.html


Acknowledgements

Thanks to readers Barb, Fi, and Lois for drawing my attention to material used in this issue. Please send suggestions for stories to alan@ibgames.com and include the words Winding Down in the subject line, unless you want your deathless prose gobbled up by my voratious Spamato spam filter...

Alan Lenton
alan@ibgames.com
9 December 2007

Alan Lenton is an on-line games designer, programmer and sociologist. His web site is at http://www.ibgames.net/alan.

Past issues of Winding Down can be found at http://www.ibgames.net/alan/winding/index.html


Fed2 Star index Previous issues Fed 2 home page