Saturday, January 23, 2010

How do you bring swift and sure justice down on your head?

http://www.databreaches.net/?p=9570

Man Sentenced for Stealing Fed Chairman’s Identity (updated)

January 22, 2010 by admin Filed under ID Theft

Cary O’Reilly reports:

An Illinois man was sentenced to more than 16 years in prison for helping to lead an identity theft ring that counted Federal Reserve Board Chairman Ben S. Bernanke and his wife Anna among its victims.

Leonardo Darnell Zanders, 49, of Dolton, Illinois, was sentenced today by U.S. District Judge Gerald Bruce Lee [hi YA! Bob] in Alexandria, Virginia, to 200 months in prison over his role in the ring that caused about $1.5 million in losses from at least 10 financial institutions, the Justice Department said in a statement. He must also pay $1.4 million in restitution.

Read more on BusinessWeek.



How do you signal another country that you are serious (in diplomatic terms)? You get formal. If you are not serious, you are doing this for political reasons. What might they be?

http://news.cnet.com/8301-13578_3-10439959-38.html?part=rss&subj=news&tag=2547-1_3-0-20

State Dept. presses China ambassador on Google

by Declan McCullagh January 22, 2010 3:41 PM PST

The U.S. government is continuing confidential talks with China in response to the Google-hacking incident, with a State Department official meeting the Chinese ambassador in Washington, D.C. Thursday night, but it has not yet filed a formal protest.



This is more than a bad habit. Government “over classification” has been a concern for some time. If nothing else, it makes it difficult to share information with agencies or people who are not “cleared” for it.

http://www.pogowasright.org/?p=7237

Over Redaction in Audit of FBI’s Use of Illegal Exigent Letters

January 23, 2010 by Dissent Filed under Surveillance

Kurt Opsahl of EFF comments:

Earlier this week, the DOJ’s Inspector General issued a heavily redacted report about the FBI’s Communications Analysis Unit (CAU), which found “shocking” violations, including embedded telecom employees providing customer phone records in response to post-it notes.

While the underlying violations are egregious enough, the report itself is problematic because it redacts huge swaths of information that is already publicly known.

As we discussed in our last blog post, the report cryptically refers to AT&T, Verizon and MCI as Company A, B and C. Yet, the source that identified the telecoms embedded with the CAU was none other than FBI General Counsel Valerie Caproni, in sworn testimony before Congress. Moreover, information in the IG report combined with letters to Congress from the telecoms themselves shows that Company A is AT&T.

The IG report also redacts the amount paid to the telecoms when we already know they were paid $1.8 million a year, and that, in 2008, the FBI asked Congress for $5.3 million for further “funding for the telecommunications industry participation in the Telecommunications Data Collection Center (TDCC).”

Read more on EFF.



I know some parents who are doing the college thing..

http://www.pogowasright.org/?p=7235

Upromise Toolbar Betrays Privacy

January 23, 2010 by Dissent Filed under Internet

Larry Seltzer writes:

Privacy researcher and Harvard Business School Professor Ben Edelman has written a report on the practices of the Upromise Toolbar, called TurboSaver by the company.

Upromise is a membership system through which you can earn money for college savings by buying items from certain vendors through Upromise. The toolbar facilitates this in your browser and tracks user behavior.

Edelman found, by logging packets as he used the software, that the TurboSaver logs your behavior and data in excruciating detail, then transmits all that detail to a third party (Compete Inc.) for analysis. The Upromise license (click the nearby image for a full-size view of what users see) does not disclose accurately what the toolbar does.

Read more on PC Mag.

Less than 24 hours after Edelman posted his findings Upromise responded:

Upromise has announced that they moved immediately to address the privacy problems identified by Ben Edelman yesterday in their toolbar, TurboSaver.

[...]

They say they have disabled the functionality identified by Edelman and are working with Compete, the vendor who received and analyzed the data sent by the toolbar, to address the situation.



Gosh, he must be guilty of something! (Sort of the opposite of “If you're innocent, you have nothing to worry about.”)

http://www.pogowasright.org/?p=7245

Does asking for a lawyer create reasonable suspicion to search a car?

January 23, 2010 by Dissent Filed under Court, Surveillance, U.S.

When police pulled over a young driver for driving without headlights, he immediately asked for a lawyer. Was asking for a lawyer under such circumstances enough to give the police officer reasonable suspicion to search the car? That’s the question making the rounds in the legal blogosphere this week after Crime Scene KC picked up on the story. Martha Neil reports on ABA Journal:

Pulled over in 2008 by a rookie police officer for failing to use headlights at night and running a stop light, Daniel Sanders, who was then 19, asked for an attorney almost immediately, according to court documents.

Finding this suspicious, the Columbia, Mo., officer, Jessica McNabb, searched his car. In the trunk she found a body, later identified as that of Sanders’ 53-year-old mother, next to a brand-new shovel with the price tag still on it, reports the Missourian.

Initially charged with felony evidence tampering in the Boone County Circuit Court case, Sanders was subsequently accused of second-degree murder.

Now, amidst a flurry of incoming pretrial motions, his lawyer is seeking to suppress evidence from the car search, contending that McNabb lacked both probable cause and a warrant. Attorney Christopher Slusher also contends that McNabb violated his client’s constitutional rights by continuing to question Sanders after he asked for counsel, the newspaper reports.

Criminal defense attorney Scott Greenfield notes how invoking right to counsel, which is usually sage advice, seems to have backfired here in that it created suspicion for the rookie police officer, but notes:

While the basic advice remains as accurate as before, there are a few secondary points that bear stating. First, if you’ve got your dead mother in the trunk, try to obey normal traffic rules. It tends to draw less attention. Second, don’t murder your mom. It’s just wrong.

Cases like this present a truly interesting conundrum for courts and observers. Clearly, nobody is going to feel all that terrible about Sanders’ situation, being that there is no doubt as to mom being in the trunk and all. On the other hand, there is no question but that his invocation of rights cannot serve to create probable cause to search, and precludes further questioning. While the law must ultimately prevail, nobody is losing sleep over Sanders’ situation. Except maybe his lawyer.



Wouldn't a lender be negligent not to?

http://news.cnet.com/8301-13772_3-10439850-52.html?part=rss&subj=news&tag=2547-1_3-0-20

Lenders using social networks to assess applicants?



I wonder if the replace the missiles with rubber bullets?

http://www.pogowasright.org/?p=7224

UK: CCTV in the sky: police plan to use military-style spy drones

January 22, 2010 by Dissent Filed under Featured Headlines, Non-U.S., Surveillance

Paul Lewis reports:

Police in the UK are planning to use unmanned spy drones, controversially deployed in Afghanistan, for the ”routine” monitoring of antisocial motorists, protesters, agricultural thieves and fly-tippers, [I didn't know what it meant either. Consulting my 'English as a second language' reference, I find it means “illegal dumping” Bob] in a significant expansion of covert state surveillance.

The arms manufacturer BAE Systems, which produces a range of unmanned aerial vehicles (UAVs) for war zones, is adapting the military-style planes for a consortium of government agencies led by Kent police.

Documents from the South Coast Partnership, a Home Office-backed project in which Kent police and others are developing a national drone plan with BAE, have been obtained by the Guardian under the Freedom of Information Act.

Read more in the Guardian.


(Related) Not for surveillance, but for creation of an increasingly heavily armed police.

http://tech.slashdot.org/story/10/01/22/2339204/Electromagnetic-Pulse-Gun-To-Help-In-Police-Chases?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Electromagnetic Pulse Gun To Help In Police Chases

Posted by timothy on Friday January 22, @07:16PM from the hand-your-keys-to-big-brother dept.

adeelarshad82 writes

"In an attempt to put an end to dangerous, high-speed police chases, scientists at Eureka Aerospace have developed an electromagnetic pulse gun called the High Power Electromagnetic System, or HPEMS. It develops a high-intensity directed pulse of electricity designed to disable a car's microprocessor system, shutting down all of its systems. Right now the prototype seen in a video fills an entire lab, but they have plans to shrink its size to hand-held proportions. Some form of this is already featured in OnStar-equipped vehicles though the electromagnetic signal used to disable the vehicle is beamed via satellite, and doesn't cripple the in-car computer, but rather puts it into a mode that allows police to easily catch and then stop the fleeing criminal."



Computing is a commodity! QED!

http://news.cnet.com/8301-13556_3-10439681-61.html?part=rss&subj=news&tag=2547-1_3-0-20

Why cloud exchanges won't work

by Gordon Haff January 22, 2010 11:26 AM PST

As cloud computing in its various forms increasingly happens rather than just being talked about, I'm starting to hear the idea of a cloud-computing exchange floated. There are certainly things to like about the concept but I don't see it playing out in pure form anytime soon for reasons that I'll get into.

Let's start by defining what I'm talking about when I say "exchange" here. The idea is that different hosted infrastructure providers would put their unused capacity onto a spot market and buyers would bid for it. Different pricing and auction mechanisms are possible but that's not important for this discussion. The key points are: multiple suppliers, interchangeable product, and some sort of market for the capacity.



Next time I see an article mentioning that “a few backup tapes are missing” I'll think of this... (See why the e-Discovery consultants are making big bucks?)

http://hardware.slashdot.org/story/10/01/22/187243/IBM-Sets-Areal-Density-Record-for-Magnetic-Tape?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

IBM Sets Areal Density Record for Magnetic Tape

Posted by ScuttleMonkey on Friday January 22, @03:37PM from the just-push-really-hard-to-cram-more-in dept.

digitalPhant0m writes to tell us that IBM researchers have set a new world record for areal data density on linear magnetic tape, weighing in at around 29.5 billion bits per square inch. This achievement is roughly 39 times the density of current industry standard magnetic tape.

"To achieve this feat, IBM Research has developed several new critical technologies, and for the past three years worked closely with FUJIFILM to optimize its next-generation dual-coat magnetic tape based on barium ferrite (BaFe) particles. [...] These new technologies are estimated to enable cartridge capacities that could hold up to 35 trillion bytes (terabytes) of uncompressed data. This is about 44 times the capacity of today's IBM LTO Generation 4 cartridge. A capacity of 35 terabytes of data is sufficient to store the text of 35 million books, which would require 248 miles (399 km) of bookshelves."



A stinging blow to the RIAA? I don't think so.

http://yro.slashdot.org/story/10/01/22/1939256/Judge-Lowers-Jammie-Thomas-Damages-to-54000?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Judge Lowers Jammie Thomas' Damages to $54,000

Posted by ScuttleMonkey on Friday January 22, @04:21PM from the no-resolution-in-sight dept.

An anonymous reader writes

"Judge Michael Davis has slashed the amount Jammie Thomas-Rassett is said to owe Big Music from almost $2,000,000 to $54,000. 'The need for deterrence cannot justify a $2 million verdict for stealing and illegally distributing 24 songs for the sole purpose of obtaining free music. Moreover, although Plaintiffs were not required to prove their actual damages, statutory damages must still bear some relation to actual damages.' [It's good to be reminded occasionally that (for the most part) judges are sane. Bob] The full decision (PDF) is also available."


(Related) Some judges just “get it!” You gotta love a verdict in 140 characters.

http://www.pogowasright.org/?p=7222

Judge tosses Twitter libel suit

January 22, 2010 by Dissent Filed under Court, Internet

In 140 characters, the story can be told: A judge has tossed the libel suit against an Uptown tenant for her Twitter post on apartment mold.

Cook County Circuit Court Judge Diane Larsen this week threw out Horizon Realty Group’s libel suit against Amanda Bonnen, who had sent out a tweet complaining about mold in a Horizon apartment.

The judge wrote in her brief decision: “the court finds the tweet nonactionable as a matter of law.”

Read more on WBBM.



I caught a broadside from a Global Warming zealot the other day. He once was employed analyzing CO2 levels, so he is convinced we are doomed. I'm just glad to be getting out of the current Ice Age.

http://www.bespacific.com/mt/archives/023326.html

January 22, 2010

NOAA: December Global Ocean Temperature Second-Warmest on Record

News release: "The global ocean surface temperature was the second warmest on record for December, according to scientists at NOAA’s National Climatic Data Center in Asheville, N.C. Based on records going back to 1880, the monthly NCDC analysis is part of the suite of climate services NOAA provides. Scientists also reported the combined global land and ocean surface temperature was the eighth warmest on record for December. For 2009, global temperatures tied with 2006 as the fifth-warmest on record. Also, the earth’s land surface for 2009 was seventh-warmest (tied with 2003) and the ocean surface was fourth-warmest (tied with 2002 and 2004.)"

[From older but anecdotal evidence:

http://www.realclimate.org/index.php/archives/2006/11/english-vineyards-again/

The Romans wrote about growing wine grapes in Britain in the first century,” says Avery, “and then it got too cold during the Dark Ages. Ancient tax records show the Britons grew their own wine grapes in the 11th century, during the Medieval Warming, and then it got too cold during the Little Ice Age



I think of it as keeping up with the Joneses. Are my lectures on Computer Security as informative as the ones you would get at MIT? (If not, what should I steal from them?)

http://www.makeuseof.com/tag/sites-free-video-lectures-top-colleges/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Makeuseof+%28MakeUseOf.com%29

6 Really Good Sites with FREE Video Lectures from Top US Colleges

By Justin Pot on Jan. 22nd, 2010

Friday, January 22, 2010

Have I misread this? Has “engage in dialog” been transformed into “shape up, or else?” I sincerely hope not, because I don't think we have a clear understanding of what “or else” we can deliver.

http://www.nytimes.com/2010/01/22/world/asia/22diplo.html?hp

Clinton Urges Global Response to Internet Attacks

By MARK LANDLER Published: January 21, 2010

WASHINGTON — Declaring that an attack on one nation’s computer networks “can be an attack on all,” Secretary of State Hillary Rodham Clinton issued a warning on Thursday that the United States would defend itself from cyberattacks, though she left unclear the means of response.

… Her speech was the first in which a senior American official had articulated a vision for making Internet freedom a plank of American foreign policy.

… Though Mrs. Clinton said the administration would air its differences with Beijing, she said it would be in the context of a “positive, cooperative, and comprehensive relationship” — a clause added to her speech at the last minute. [In other words, we're just flapping our lips? Bob]


(Related)

http://news.cnet.com/8301-30684_3-10439049-265.html?part=rss&subj=news&tag=2547-1_3-0-20

White House puts companies on notice in China

by Tom Krazit January 21, 2010 3:03 PM PST

… "...We are urging U.S. media companies to take a proactive role in challenging foreign governments' demands for censorship and surveillance. The private sector has a shared responsibility to help safeguard free expression. And when their business dealings threaten to undermine this freedom, they need to consider what's right, not simply what's a quick profit," Clinton said in remarks Thursday at the Newseum, before an audience including members of Congress, representatives from nonprofit groups, and perhaps more than one Internet company executive forced to ponder the meaning of that paragraph.

… But with Clinton's remarks, U.S. companies are in an even more difficult place than they were when Google made its announcement last week. Will they have a harder time getting government contracts if they do business with the Chinese government? Will there be additional taxes, or even eventually fines for following censorship laws in other countries?


(Related) Doesn't this read like you caught a 12 year old with his hand in the cookie jar?

http://news.cnet.com/8301-30685_3-10439469-264.html?part=rss&subj=news&tag=2547-1_3-0-20

China warns U.S. over Web censorship stance

by Stephen Shankland January 22, 2010 4:30 AM PST

… "The U.S. has criticized China's policies to administer the Internet and insinuated that China restricts Internet freedom... This runs contrary to the facts and is harmful to China-U.S. relations," a Chinese Foreign Ministry spokesman said in a statement quoted by Reuters, the BBC, and others. (Here is a Google translation of the statement.)



Follow up: Plus ca change, plus c'est la meme chose. OR “Government is as government does” F Gump

http://www.wired.com/threatlevel/2010/01/fbi-att-verizon-violated-wiretapping-laws/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Index+3+%28Top+Stories+2%29%29

FBI, Telecoms Teamed to Breach Wiretap Laws

By Ryan Singel January 21, 2010 2:29 pm

… But in a surprise buried at the end of the 289-page report, the inspector general also reveals that the Obama administration issued a secret rule almost two weeks ago saying it was legal for the FBI to have skirted federal privacy protections.



Is this an unintended consequence of HIPAA/HITECH?

http://www.phiprivacy.net/?p=1880

Doctors fear privacy sold in HealthNet sale

By Dissent, January 22, 2010 9:10 am

Rob Varnon reports:

Doctors fighting United Health Group’s takeover of HealthNet of the Northeast are demanding an investigation to see if the privacy rights of thousands of Connecticut residents are being violated by the deal.

The Connecticut State Medical Society said Tuesday it has asked state Attorney General Richard Blumenthal to investigate whether the $510 million deal would violate patient privacy under the Health Insurance Portability and Accountability Act of 1996.

Blumenthal already is suing HealthNet under the Health Information Technology for Economic and Clinical Health Act for a massive data breach last year. HITECH authorized state attorneys general to enforce HIPAA.

Read more on newstimes.com



One major factor in evaluating security is to determine how serious management (and therefore employees) are about applying “Best Practices” and common sense to their security procedures.

http://yro.slashdot.org/story/10/01/21/179242/Facebook-Master-Password-Was-Chuck-Norris?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Facebook Master Password Was "Chuck Norris"

Posted by samzenpus on Thursday January 21, @02:56PM from the ad-nauseum-roundhouse dept.

I Don't Believe in Imaginary Property writes

"A Facebook employee has given a tell-all interview with some very interesting things about Facebook's internals. Especially interesting are all the things relating to Facebook privacy. Basically, you don't have any. Nearly everything you've ever done on the site is recorded into a database. While they fire employees for snooping, more than a few have done it. There's an internal system to let them log into anyone's profile, though they have to be able to defend their reason for doing so. And they used to have a master password that could log into any Facebook profile: 'Chuck Norris.' Bruce Schneier might be jealous of that one."



If you have discovered a security flaw, be extremely careful how you use it. A careful hacker can exploit a bug for years if some ignorant rookie doesn't draw unwanted attention. Now I've only got six good bugs left!

http://www.computerworld.com/s/article/9146820/Microsoft_confirms_17_year_old_Windows_bug

Microsoft confirms 17-year-old Windows bug

Google engineer reveals ancient flaw in all 32-bit versions of Windows

By Gregg Keizer January 21, 2010 07:00 AM ET

Computerworld - Microsoft late yesterday issued its second advisory of the last week, warning users that a 17-year-old bug in the kernel of all 32-bit versions of Windows could be used by hackers to hijack PCs.



Remember that the Internet was developed to avoid precisely this problem. You have to work hard to force failure like this.

http://news.cnet.com/8301-27080_3-10439263-245.html?part=rss&subj=news&tag=2547-1_3-0-20

Router glitch cripples California DMV network

by Elinor Mills January 21, 2010 3:43 PM PST

The California Department of Motor Vehicles department suffered a network outage on Thursday due to an equipment glitch, a state official said.

A router switch malfunctioned, said Bill Maile, spokesman for Office of Technology Services for the state of California.

"It's very rare," he said. "Our staff quickly diagnosed the problem and re-routed network traffic to restore connectivity."



For every security move there is an immediate counter move.

http://www.boingboing.net/2010/01/20/pirate-bays-vpn-goes.html

Pirate Bay's VPN goes public: Ipredator

As governments around the world consider proposals to hand surveillance powers to the entertainment industry and twitchy cops, the Pirate Bay is striking back. Its new €5/month IPRedator service is an encrypted VPN that you can use to hide your traffic (whatever it may contain) from prying eyes. The name comes from Sweden's adoption of IPRED (the "IP Rights Enforcement Directive," a punishing piece of anti-Internet legislation). I've been looking for a reliable VPN to use on public hotspots -- this might just be it.



Playing “catch up” again or do they have an agenda here?

http://www.pogowasright.org/?p=7194

Microsoft Seeks New Legal Framework For Cloud

January 22, 2010 by Dissent Filed under Featured Headlines, Internet, Legislation, U.S.

J. Nicholas Hoover reports:

Microsoft is asking Congress to pass new legislation to regulate cloud computing, Brad Smith, the company’s general counsel, announced Wednesday in an address at the Brookings Institution in Washington, D.C. Specifically, Microsoft is proposing what it calls the Cloud Computing Advancement Act, which would make changes to three major areas of Internet policy: privacy, security, and the international legal framework.

“We need government to modernize the laws, adapt them to the cloud, and adopt new measures to protect privacy and promote security,” Smith said. “There is no doubt the future holds even more opportunities than the present, but it also contains critical challenges that we must address now if we want to take full advantage of the potential of cloud computing.”

Read more in Network Computing.

See also Grant Gross’s coverage, Microsoft calls for Cloud privacy code.


(Related) Some of the Notes are spot on. These are the concerns of people who have been delivering services much like Cloud Computing for years now.

http://games.slashdot.org/story/10/01/22/0726227/Game-Developers-Note-Net-Neutrality-Concerns-To-FCC?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Game Developers Note Net Neutrality Concerns To FCC

Posted by Soulskill on Friday January 22, @02:35AM from the game-developers-are-people-too dept.

eldavojohn writes

"A list of notes from game developers (PDF) was sent in a letter to the FCC which represented a net neutrality discussion between the developers and FCC representatives. Game Politics sums it up nicely, but the surprise is that developers are concerned with latency, not bandwidth, unlike the members of many other net neutrality discussions. One concern is that each and every game developer will need to negotiate with each and every ISP to ensure their traffic achieves acceptable levels of latency for users. 'Mr. Dyl of Turbine stated that ISPs sometimes block traffic from online gaming providers, for reasons that are not clear, but they do not necessarily continue those blocks if they are contacted. He recalled Turbine having to call ISPs that had detected the high UDP traffic from Turbine, and had apparently decided to block the traffic and wait to see who complained.' It seems a lot of the net neutrality discussions have only worried about one part of the problem — Netflix, YouTube and P2P — while an equally important source of concern went unnoticed: latency in online games."

[From the Game Politics article:

Scherlis indicated that a pay-for-priority setup with ISPs would be “acceptable,” but only if “all developers could purchase prioritization on equal terms.” Bellows worried that such a setup would “restrict competition for development of QoS [Quality of Service]-dependent applications to well-financed companies or those already dominant in the sector.”



Attention website students

http://www.readwriteweb.com/archives/youtube_begins_to_support_html5.php

YouTube Begins to Support HTML5

Written by Marshall Kirkpatrick / January 20, 2010 5:35 PM

YouTube just announced that it will begin supporting HTML5 video players this evening across many of the videos on the site.

… The biggest benefit of HTML5 support is that it frees users from the need to use proprietary plug-ins like Flash player or Microsoft's Silverlight by using a simple bit of code to render video.

For more details, see these 3 great HTML5 demonstration videos we highlighted previously.



One for my lawyer friends...

http://www.killerstartups.com/Web-App-Tools/goclio-com-for-lawyers-wanting-to-hone-their-skills

GoClio.com - For Lawyers Wanting To Hone Their Skills

http://www.goclio.com/

Clio can be defined as a web-based practice management tool that will let practitioners hone their skills in a dynamic and safe setting. It is also suitable for small firms that want to train their lawyers in a cost-effective way, and the fact that Clio is a wholly browser-based application simply makes it all the more compelling for everybody. After all, it means that practices can take place from the any spot, at the time that suits everybody best. As the say on the site “Your practice is wherever you are”.



For us teachers

http://teachingcollegemath.com/?p=2027&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TeachingCollegeMath+%28Teaching+College+Math%29

How to give a (good) webinar

Thursday, January 21, 2010

Looks fishy to me (but then, there are lawyers involved)

http://www.databreaches.net/?p=9540

Proposed VISA/Heartland Data Breach Settlement May Pay Banks and Credit Unions Pennies on the Dollar – plaintiffs

January 20, 2010 by admin Filed under Breach Incidents, Financial Sector

According to Interim Co-Lead Counsel in the Class Action Lawsuit in Houston Federal Court:

Banks and credit unions that issued VISA payment cards compromised by the Heartland Payment Systems data breach, the largest data breach in history, should carefully review the proposed settlement between Heartland and VISA.

The proposed settlement has many weaknesses: (1) it may offer little compensation to payment card issuers, (2) it gives banks and credit unions little time to decide whether to participate, (3) it releases Heartland and other parties that may be liable, and (4) it is being touted for reasons that are not entirely accurate.

Notice of the proposed settlement was communicated to banks and credit unions throughout the country on January 14. Both VISA and Heartland are aggressively pushing the settlement on the eligible VISA issuers by giving them only until January 29—a total of 15 days—to decide whether to participate. Court appointed Interim Co-lead Counsel representing the proposed class of VISA issuers against Heartland in the pending class action lawsuit in Houston federal court, however, say not so fast—the proposed settlement is not as generous as Heartland and VISA want you to believe.

Read the entire press release here.


(Follow-up)

http://www.databreaches.net/?p=9546

Heartland lawsuit plaintiffs go after acquiring banks’ deep pockets

January 21, 2010 by admin Filed under Breach Incidents, Financial Sector, Of Note

The $60 million settlement offer announced by Visa and Heartland Payment Systems seems in jeopardy of falling apart as lawyers for some of the banks file a new lawsuit against Heartland’s acquiring banks and urge rejection of the settlement offer.

Jaikumar Vijayan follows-up on the press release issued yesterday by lawyers for financial institutions suing Heartland Payment Systems over the massive breach revealed in January 2009. Although Visa and Heartland announced a proposed $60 million settlement earlier this month, lead counsel for the plaintiffs says that card issuers should be hesitant about accepting the offer as it provides only “pennies on the dollar” even though KeyBank and Heartland Bank have “deep pockets” and could afford to be part of a better settlement offer for the card issuers:

The costs that banks incurred to replace each of those cards and costs stemming from fraudulent transactions far exceed the $60 million being offered by Heartland, said Cadell who is a partner at Caddell y& Chapman, a Houston-based law firm. The amount is even less than Visa’s own internal estimates which pegs financial damages to banks as a result of the breach at $140 million, Caddell said.

Visa started sending out settlement offers to individual banks and credit unions last week, Caddell said. Based on information from clients the offers appear to be ranging anywhere from around 1% of the actual damages incurred up to around 30%, he said.

[...]

Though Heartland has downplayed its ability to pay more money, its acquiring banks Key Bank has $97 billion of assets and Heartland Bank has over $1 billion of assets, he said. An acquiring bank is a bank that authorizes and accepts card transactions on behalf of a merchant or processor. In response to the proposed settlement offer, a lawsuit has been filed in Houston federal court seeking to hold KeyBank and Heartland Bank liable for damages caused by the Heartland data breach.

Read more on BankInfoSecurity.com

Over on BankInfoSecurity.com, Linda McGlasson writes more about the banks’ latest lawsuit against Heartland:

Five financial institutions have filed a class action suit alleging that two acquiring banks, Heartland Bank and Key Bank, should be included as defendants and share responsibility for damages caused by the Heartland Payment Systems data breach.

Lone Star National Bank, PBC Credit Union, O Bee Credit Union, Seaboard Federal Credit Union and Pennsylvania State Employees Credit Union filed the class action complaint in the U.S. Southern District Court in Houston, TX on Tuesday. Heartland Bank is based in St. Louis, MO, and Key Bank is based in Cleveland, OH.

Read more on BankInfoSecurity.com.



I don't want to sound trepidacious, but is this the end of privacy as we know it?

http://www.pogowasright.org/?p=7158

UN issues call for international privacy agreement

January 21, 2010 by Dissent Filed under Other

Chris Williams reports:

A UN watchdog has called for a new international agreement on privacy following a review of the expanding global array of surveillance measures and databases advanced by governments in the cause of counter-terrorism.

The special rapporteur on human rights, Martin Scheinin, said the UN should create a “a global declaration on data protection and data privacy” in response.

His report, delivered to the UN’s Human Rights Council, describes the expansion of watchlists, border checks, financial data sharing, interception of communications, biometrics and ID registers in recent years.

Read more in The Register. The full report is here.



About time! Now I have someplace to send my students!

http://www.techcrunch.com/2010/01/20/founder-institute-international/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29

Founder Institute Now International, Launches In Singapore, Paris, LA, And Denver

by Jason Kincaid on January 20, 2010

… This Spring, the startup mentorship program will be expanding to Singapore, Paris, Los Angeles, and Denver, meaning that the Founder Institute is now active in nine cities worldwide. Interested entrepreneurs can apply starting tonight, with an early application deadline of February 15 2010 and a final deadline of February 28.



We're going to change the law to make it look like we're getting tough.

http://www.phiprivacy.net/?p=1874

Pointer: More Answers About Law Amending HIPAA Rules

By Dissent, January 20, 2010 11:06 am

Donna Vanderpool, M.B.A., J.D., assistant vice president, risk management, at Professional Risk Management Services Inc. (PRMS), has an article in the January 15th issue of Psychiatric News (Volume 45, Number 2, Page 9), “More Answers About Law Amending HIPAA Rules.” The article is available free in full-text version online.

[From the article:

Individuals can recover a percentage of penalties imposed or settlement proceeds from HIPAA investigations based on their complaints.

Civil penalties for HIPAA violations have increased for covered entities and business associates to $100 to $50,000 or more per violation, with a cap of $1.5 million per calendar year for multiple identical violations. [So disclosing health records in quantities approaching TJX or Heartland costs a maximum of $1.5 Million? CHUMP CHANGE! Bob] “Violation” means disclosure of one person's information.

[Part I is available at: http://pn.psychiatryonline.org/content/45/1/9.1.full



This is another of those “I'm sure I'd understand this if I was a lawyer” decisions. Seems like the very definition of a “Class” to me.

http://www.pogowasright.org/?p=7141

Judge nixes class-actions in Microsoft WGA lawsuit

January 21, 2010 by Dissent Filed under Businesses, Court, Featured Headlines, Internet

Gregg Keizer reports:

A federal judge has killed class-action allegations in a lawsuit that accused Microsoft of misleading consumers when it fed them anti-piracy software under the auspices of a critical security update, according to court documents.

The move means that Microsoft will not be faced with millions in potential damages. Last fall, Microsoft’s lawyers argued that a class-action lawsuit could involve “tens of millions” of customers who might be owed “hundreds of millions of dollars” if the company lost the case.

A class-action would have let virtually anyone who owned a Windows XP PC in mid-2006 to join the case without having to hire an attorney.

[...]

The three-and-a-half-year-old lawsuit claims Microsoft duped customers by labeling its Windows Genuine Advantage (WGA) software a critical security update, failed to tell them that WGA collected information from their PCs, then frequently “phoned home” that data to Microsoft’s servers.

Read more on Computerworld.


(Related) Another decision I don't understand unless it's related to campaign contributions or the revolving door that we only used to see in the defense industry.

http://politics.slashdot.org/story/10/01/20/211243/Obama-DOJ-Sides-With-RIAA-Again-In-Tenenbaum?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Obama DOJ Sides With RIAA Again In Tenenbaum

Posted by timothy on Wednesday January 20, @04:04PM from the could-make-a-jaded-man-more-jaded dept.

NewYorkCountryLawyer writes

"Despite having had some time to get their act together, Obama's Department of Justice has filed yet another brief defending the RIAA's outlandish statutory damages theory — that someone who downloaded an mp3 with a 99-cent retail value, causing a maximum possible damages of 35 cents, is liable for from $750 to $150,000 for each such file downloaded, in SONY BMG Music Entertainment v. Tenenbaum. The 25- page brief (PDF) continues the DOJ's practice of

(a) ignoring the case law which holds that the Supreme Court's due process jurisprudence is applicable to statutory damages,

(b) ignoring the law review articles to like effect,

(c) ignoring the actual holding of the 1919 case they rely upon,

(d) ignoring the fact that the RIAA failed to prove 'distribution' as defined by the Copyright Act, and

(e) ignoring the actual wording and reasoning of the Supreme Court in its leading Gore and Campbell decisions.

Jon Newton of p2pnet.net attributes the Justice Department's 'oversights' to the 'eye-popping number of people [in its employ] who worked for, and/or are directly connected with, Vivendi Universal, EMI, Warner Music and Sony Music's RIAA.'"



Interesting. Looks like Hillary will be running in 2012. This is the kind of “Look, I understand your pain!” speech politician make when they are wooing constituencies. Keep an eye out for “Hillary the Hacker” bumper stickers.

http://news.cnet.com/8301-13578_3-10438324-38.html?part=rss&subj=news&tag=2547-1_3-0-20

Clinton plans to stump for global Net freedom

by Declan McCullagh and Tom Krazit January 20, 2010 3:06 PM PST

Secretary of State Hillary Rodham Clinton is preparing to deliver a major speech on Thursday elevating the importance of Internet freedom and placing the influence of the United States' diplomacy behind efforts to protect it, according to multiple people who have been briefed on the speech's contents.



Is this Google killing NetFlix? Perhaps just an easy way to monitize.

http://tech.slashdot.org/story/10/01/21/0343225/YouTube-To-Allow-Video-Rentals?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

YouTube To Allow Video Rentals

Posted by samzenpus on Thursday January 21, @05:28AM from the viral-rentals dept.

poopdeville writes

"Starting Friday, Google and YouTube will allow movie rentals. The first five films available to rent through YouTube will cost $3.99 for a 48-hour viewing period. Movie studios will be able to set their own prices, with rental viewing windows ranging from one to 90 days. YouTube will get an unspecified commission from each rental. Barclays Capital analyst Douglas Anmuch expects YouTube to generate about $700 million in revenue this year, an estimated 55 percent increase from 2009. If YouTube hits that target, it likely will turn profitable, helping to justify the $1.76 billion in stock that Google paid for the site more than three years ago."



So, how come I can't get them to do their online assignments?

http://news.slashdot.org/story/10/01/21/0323238/New-Study-Shows-Youth-Plugged-In-Most-of-The-Day?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

New Study Shows Youth Plugged In Most of The Day

Posted by samzenpus on Thursday January 21, @02:08AM from the turn-on-tune-in-drop-out dept.

An anonymous reader writes

"The amount of time youngsters are spending on the web has ballooned to proportions that exceed the average adult's full working week, according to a new study. A few years ago, the same researchers thought that teens and tweens were consuming about as much media as possible in the hours available. But now they've have found a way to pack in even more. Young people now devote an average of seven hours and 38 minutes to daily media use, or about 53 hours a week according to Kaiser Family Foundation findings released today."



For the Visual Communications students. I'm hoping they can explain this to me.

http://developers.slashdot.org/story/10/01/20/1947237/Disney-Releases-3D-Texture-Mapper-Source-Code?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Disney Releases 3D Texture Mapper Source Code

Posted by timothy on Wednesday January 20, @02:52PM from the nice-of-them dept.

dsavi writes

"Ptex, Walt Disney Animation Studio's cutting-edge 3D texture mapping library which was first used on nearly every surface in the 2008 animated feature Bolt, was released under the BSD license on Friday. Quoting the announcement on monophyl.com: 'We expect to follow Ptex with other open source projects that we hope the community will find beneficial. We will soon be launching a new Walt Disney Animation Studios Technology page under disneyanimation.com. It will include links to our open source projects as will as a library of recent publications.' This looks good for open source 3D graphics."

[From BlenderNation:

The Ptex home page is located at http://ptex.us, and the source code is hosted at http://github.com/wdas/ptex/.



Interesting on a number of levels. Think of it as an RSS feed for news video. Since I also have “Download Helper” installed on my FireFox, I can grab any of the videos if I want to. Try a search for your favorite topic!

http://www.makeuseof.com/tag/1cast-easy-access-to-world-news-headline/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Makeuseof+%28MakeUseOf.com%29

1Cast – Easy Access To World News Headlines [US Only]

By Justin Pot on Jan. 20th, 2010

… online video aggregator 1Cast offers a cross-section of videos from sources all over the world. And, like everything we profile here, it’s free to use.

Getting Started

To use 1Cast on your desktop computer just point your browser to 1Cast.com. You’ll then be presented with a variety of current world news story thumbnails.

Click any of these stories to watch them. It’s that simple. Because 1Cast gets content from a wide variety of sources, you never know which source the video you get will come from – though it will be clearly labeled once the video loads. If you don’t like the way the first source covers the story, you can simply skip to the next.



For my Computer Security students. A guide for hackers. One of many FINAL EXAM tests: If I can guess your password on the last day of class, YOU FLUNK!

http://it.slashdot.org/story/10/01/21/1313235/Analysis-of-32-Million-Breached-Passwords?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Analysis of 32 Million Breached Passwords

Posted by CmdrTaco on Thursday January 21, @08:42AM from the trust-no-1 dept.

An anonymous reader writes

"Imperva released a study analyzing 32 million passwords exposed in the Rockyou.com breach. The data provides a unique glimpse into the way that users select passwords and an opportunity to evaluate the true strength of these as a security mechanism. In the past, password studies have focused mostly on surveys. Never before has there been such a high volume of real-world passwords to examine."

Most interesting to me was that in the sample, less than 4% used any non alpha-numerics in their #$#%'ing passwords.

[From the article:

The report identifies the most commonly used passwords:

1. 123456
2. 12345
3. 123456789
4. Password
5. iloveyou
6. princess
7. rockyou
8. 1234567
9. 12345678
10. abc123


Wednesday, January 20, 2010

Good morning students! Welcome to Computer Security 101. The class project this quarter is: GET THE UNIVERSITY BACK ONLINE! (Last quarter's project was INFECT THE UNIVERSITY'S COMPUTERS!)

http://www.databreaches.net/?p=9528

UK: Computer virus shuts down Exeter University system

January 20, 2010 by admin Filed under Malware

From ThisisExeter:

The entire computer network at Exeter University had to be closed down after a it was hit by a virus attack.

Hundreds of computers were taken off-line and lecturers were forced to give up their hi-tech teaching and return to using chalk and blackboards. [Oh, the horror! Bob]

It meant that there was no access to email, internet and internet-based systems, and even the telephone network was affected.

The computer virus, which has not yet been identified, struck on Monday. As soon as it was spotted the university network was shut down to prevent it spreading.

[From the article:

University spokesman Stuart Franklin said there was no doubt the university had been hit by the virus deliberately but he had no idea why it was targeted.

… Mr Franklin said the police had not been involved as no “smoking gun” had been found to identify where the virus had come from.

[Does it strike anyone else that these statements seem to contradict each other? We know it was a deliberate attack, but we aren't calling the police because we don't know where it came from? Bob]



Silly, when there are several already in existence.

http://www.pogowasright.org/?p=7124

EPIC, Privacy Groups Oppose Facebook “Beacon” Settlement

January 20, 2010 by Dissent Filed under Court, Featured Headlines, Internet

From EPIC.org:

EPIC and other privacy groups sent a letter to the federal judge overseeing a class-action settlement against Facebook in California, opposing the settlement as unfair and unreasonable. As proposed, the settlement does not provide any benefit for Facebook users whose private data was illegally exposed by Facebook “Beacon.” Instead, the deal would create a new “privacy foundation” subject to Facebook’s influence. Fair settlements typically provide compensation to class members or a remedy that addresses the underlying harm, which in this case was a violation of federal privacy law. The letter from EPIC proposes alternatives that would enable stronger privacy safeguards for Facebook users in the future. For more information, see EPIC Facebook Privacy, EPIC Harris v. Blockbuster.



If the daughter was specifically excluded, I can see this. My concern would be “Yes we knew your child was suicidal, but we didn't want to tell you because then we'd have to fill out a bunch of forms.”

http://www.phiprivacy.net/?p=1864

Loose Lips’ Can Get HIPAA Covered Entities in Trouble, Now That Verbal Gaffes Must be Reported to HHS

By Dissent, January 19, 2010 12:58 pm

Reprinted from REPORT ON PATIENT PRIVACY, the industry’s most practical source of news on HIPAA patient privacy provisions.

The caseworker probably thought she was doing the right thing by sharing with the patient’s daughter that the woman had become increasingly paranoid. But when the daughter confronted the mother with knowledge of her decline, the mother was rightfully outraged — the daughter was not authorized to receive protected health information about her.

The mother filed a complaint with the hospital where she was an outpatient. And the privacy officer must now report this incident to the Office for Civil Rights, under the breach notification requirements contained in the HITECH Act provisions of the Recovery Act.

Read more on AISHealth.com.



A organization's “culture” is extreme;y difficult to change.

http://www.phiprivacy.net/?p=1866

Patient Data Safety Rules Widely Disregarded, Unenforced

By Dissent, January 19, 2010 2:55 pm

Joe Eaton reports:

As the federal government prepares to spend up to $27 billion in stimulus funds to promote electronic medical records, a health technology industry survey suggests that a number of hospitals, health clinics, and insurance firms are violating federal security rules on patient data and putting sensitive health information at risk.

The November survey by the health technology trade association Healthcare Information and Management Systems Society (HIMSS) found that one in four of the 196 health organizations that responded do not conduct a formal risk analysis to identify security gaps in electronic patient data .

[...]

no organization has ever been punished for violations of HIPAA’s data risk analysis provision, which is overseen by the Department of Health and Human Services (HHS). Since 1996, the agency has received approximately ten complaints that noted possible failure to perform risk analysis or risk management, according to Susan McAndrew, deputy director for health information privacy at HHS’s Office for Civil Rights; the civil rights office took over enforcement of HIPAA data security rules last July from the Centers for Medicare and Medicaid Services. None of the cases has resulted in penalties, which potentially range from $100 to $50,000 for a single violation and up to $1.5 million a year for multiple violations.

Read more on the Center for Public Integrity.



You can't buy advertising like this. (Or maybe you can, with nearly $2 billion in boxoffice so far.)

http://yro.slashdot.org/story/10/01/19/2241229/2-D-emAvatarem-To-Be-Pulled-From-Theaters-In-China?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

2-D Avatar To Be Pulled From Theaters In China

Posted by kdawson on Tuesday January 19, @05:43PM from the hard-to-be-blue dept.

SimonTheSoundMan notes that Avatar is being pulled from screens in China for being too successful, and too provocative in its anti-authoritarian message. (The 3-D and IMAX versions will remain.)

"The communist nation's state-run movie distributor China Film Group is unexpectedly yanking the James Cameron-directed blockbuster Avatar from 1,628 2-D screens this week in favor of a biography of the ancient philosopher Confucius starring Chow-Yun Fat. ... According to a report in the Hong Kong newspaper Apple Daily, the move was made at the urging of propaganda officials who are concerned that Avatar is taking too much market share from Chinese films and drawing unwanted attention to the sensitive issue of forced evictions."



Convergence? Or does someone on the court play online games? Anyone want to join me in developing my entrepreneurial “Grow your DotCom” game? It requires players to buy money for the Central Banker (me). I plan to sell it to colleges and since it will do all the work for teachers, it should be a hit. (and I plan to pay all my bills with In-Game currency!)

http://games.slashdot.org/story/10/01/19/1653240/Virtual-Currency-Becomes-Real-In-South-Korea?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Virtual Currency Becomes Real In South Korea

Posted by Soulskill on Tuesday January 19, @01:29PM from the license-to-print-money dept.

garylian writes

"Massively is reporting that the South Korean Supreme Court has stated that virtual currency is the equivalent of real-world money. For those of you who might not be drawing the link, the core there is that selling in-game currency for real money is essentially just an exchange of currency and perfectly legal in South Korea. This could have sweeping implications for RMT operations the world over, not to mention free-to-play games and... well, online games in general. The official story is available online from JoongAng Daily."



Is any of this new?

http://www.bespacific.com/mt/archives/023291.html

January 19, 2010

Survey Says 44% Of Google News Visitors Scan Headlines, Don’t Click Through

TechCrunch - Research firm Outsell has published its third annual News Users’ report [fee only], which is based on a survey about the online and offline news preferences of 2,787 US news consumers. The Outsell report unsurprisingly predicts ongoing, steep drops in US newspapers’ print circulation as consumers continue to head online for news consumption and sharing, forecasting 3.5 percent annual declines in both daily and Sunday circulation by 2012. Interestingly enough, the research also talks of what is referred to as the “dramatic effect” aggregators like Google and Yahoo have had on print and online readership... “Though Google is driving some traffic to newspapers, it’s also taking a significant share away. A full 44 percent of visitors to Google News scan headlines without accessing newspapers’ individual sites.” [Compared to what? First, I don't read all the articles in a newspaper – never did. Second, I'm rarely doing the kind of research that requires me to read National Enquirer articles. (I could go on, but you get the idea) Bob]



Wait! Let me put my MBA hat on here. You want to pay CBS to convert their fragile/degrading film to a digital format so that if they ever figure out how to make money from these shows they are still available, and they turned you down, why?

http://yro.slashdot.org/story/10/01/20/0037202/CBS-Refuses-To-Preserve-Jack-Benny-Footage?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

CBS Refuses To Preserve Jack Benny Footage

Posted by kdawson on Tuesday January 19, @09:07PM from the thirty-nine-forever dept.

goosman writes

"The president of the International Jack Benny Fan Club had the opportunity to review some holdings of the CBS vaults while assisting them with some transfers. In the vaults she found 25 shows on film that were unreleased, but in the public domain. The IJBFC offered to pay for the digitization and preservation of these shows; they got a letter of enthusiastic support from the Benny estate. CBS has so far refused to allow this preservation to happen."

BoingBoing and TechDirt have both covered this act of cultural destruction.



Clearly, this is a research effort that needs to be expanded. We could add Buffalo, Elk, Mule Deer, etc. and attract tourists to Colorado! (Then we could feed them to the Mountain Lions, Bears, Wolves and Coyotes!)

http://www.bespacific.com/mt/archives/023301.html

January 19, 2010

Owls, Otters, Monkeys and Lions Near You.com

"Designed for animal lovers with very specific tastes, we've just added the following sites to the WildlifeNearYou family:



Does anyone memorize any more?

http://www.makeuseof.com/dir/memorizenow-memorizing-long-passages/

MemorizeNow: Helps Memorizing Long Passages Of Texts

www.memorizenow.com



Some free, some subscription.

http://www.makeuseof.com/dir/thefutureschannel-online-educational-videos/

TheFuturesChannel: Source for Online Educational Videos

www.thefutureschannel.com

Similar websites: WatchKnow, Lectr, AcademicEarth and MBAvid.



Something for my students! (And lots of instructors I know)

http://news.cnet.com/8301-13860_3-10437410-56.html?part=rss&subj=news&tag=2547-1_3-0-20

Microsoft turns finding Office commands into game

by Ina Fried January 19, 2010 3:07 PM PST

I'm not sure it's exactly the approach I would take, but Redmond has decided to make a game out of what I find to be one of the most significant annoyances in Microsoft's Office--finding the command one is looking for.

Introduced on Tuesday, "Ribbon Hero" is aimed at turning into a game the often frustrating task of finding commands on Office's Ribbon toolbar, which debuted as part of Office 2007.

… Ribbon Hero requires Office 2007 or the Office 2010 beta and works with either 32-bit or 64-bit versions of Windows Vista or Windows 7. It works from within Word Excel and PowerPoint.

[From the Ribbon Hero link:

For additional challenges and the opportunity to earn more points, download Office 2010 Beta.



Thanks to Gary Alexander (Researcher of cool stuff) I will be in class, but some of you may find this both interesting and doable.

https://www2.gotomeeting.com/register/744394546

Black Hat Webcast Series - Security Starts at the Beginning – Part 1

Date: Thursday, January 21, 2010 Time: 1:00 pm PT/4:00 pm ET Duration: 120 minutes w/ Q&A

Sponsored by Microsoft Corp.



AT LAST! Defend yourself against Klingons! I won't repost the plans here, far too dangerous.

http://www.comicsalliance.com/2010/01/18/make-your-own-star-trek-phaser/

01.18.10 By: Laura Hudson

Make Your Own Star Trek Phaser