You are here: Home / 2011 / Archives for November 2011

BBC News – United Nations agency ‘hacking attack’ investigated

November 30, 2011 By Leave a Comment

A group of hackers has posted more than 100 email addresses and login details which it claimed to have extracted from the United Nations.

Many of the emails involved appear to belong to members of the United Nations Development Programme (UNDP).

The group, which identified itself as Teampoison, attacked the UN’s behaviour and called it a “fraud”.

A spokeswoman for the UNDP said the agency believed “an old server which contains old data” had been targeted.

“The UNDP found [the] compromised server and took it offline,” said Sausan Ghosheh.

via BBC News – United Nations agency ‘hacking attack’ investigated.

Filed Under: Tech Bytes Tagged With: , , , , , , ,

Video: Your Android Phone Is Secretly Recording Everything You Do

November 30, 2011 By Leave a Comment

 

If you have any decently modern Android phone, everything you do is being recorded by hidden software lurking inside. It even circumvents web encryption and grabs everything—including your passwords and Google queries.

Worse: it’s the handset manufacturers and the carriers who—in the name of “making your user experience better”—install this software without any way for you to opt-out. This video, recorded by 25-year-old Android developer Trevor Eckhart, shows how it works. This is bad. Really bad.

Fast forward to 9:00 for the damning sequence.

The spying software is developed by a company called Carrier IQ. In their site, the company says they are “the only embedded analytics company to support millions of devices simultaneously, we give Wireless Carriers and Handset Manufacturers unprecedented insight into their customers’ mobile experience.”

It seems like a good goal and, indeed, most manufacturers and carriers agree: according to Eckhart, the spyware is included in most Android phones out there. Carrier IQ software is also included in Blackberry and Nokia smartphones, so it probably works exactly the same in those smartphones as well. It doesn’t even matter if your telephone was purchased free of carrier contracts. As Eckhart shows in this video, it’s always there.

The problem is that it does a lot more than log anonymous generic data. It grabs everything.

Read More: http://gizmodo.com/5863849/your-android-phone-is-secretly-recording-everything-you-do

Related articles

Related articles
Enhanced by Zemanta
Filed Under: Tech Bytes Tagged With: , , , , , ,

Bahrain Firm Seeks $1 Billion in Damages for Alleged Alcoa Bribes | Law.com

November 30, 2011 By Leave a Comment

Companies affiliated with Alcoa and controlled by a billionaire businessman paid $9.5 million in bribes to Bahrain officials and executives with a Bahrain-controlled company that overpaid for raw materials as a result, the Middle Eastern firm said in court papers.

The complaint filed late Monday in Pittsburgh federal court by Aluminum Bahrain BSC details allegations previously described more generally in a 2008 lawsuit. The company, known as Alba, said it overpaid $420 million for raw materials from 1997 to 2009 and wants $1 billion in damages.

The complaint contends that the billionaire, Victor Dahdaleh, earned at least $13.5 million in illegal commissions for alumina deals he brokered.

Dahdaleh, a dual citizen of Canada and Britain, has denied wrongdoing since he was arrested last month by Britain’s Serious Fraud Office on bribery charges related to some Australian alumina shipments between 2001 and 2005. His attorney in the lawsuit, Michael Svetkey Feldberg, did not immediately return a call for comment.

Alcoa called the complaint a “patchwork of claims” derived from vague allegations, guesses and inferences.

Alba said in the new complaint that between 1969 and 1989 it bought alumina, the raw material needed to make aluminum, from Alcoa Inc. without incident and without Dahdaleh or his companies acting as middlemen. But since 1990, Alcoa and Alcoa World Alumina inserted “Dahdaleh or the Dahdaleh-owned shell companies” into the equation, the lawsuit said.

Since then, Dahdaleh bribed Bahrain or Alba officials to ensure the metals company would continually award its alumina-supply contracts to Alcoa; overpay for alumina; and cede an equity stake to Alcoa, which nonetheless failed to buy a controlling interest in Alba, the lawsuit said.

The lawsuit contends the bribes and overpayments were funneled through shell companies owned by Dahdaleh to perpetrate the alleged fraud.

via Bahrain Firm Seeks $1 Billion in Damages for Alleged Alcoa Bribes.

Filed Under: From The News

Obtaining Disclosure of ESI From Non-Parties | NY Law Journal

November 30, 2011 By Leave a Comment

It must be hard to be a computer network professional. You’re responsible to maintain security, you have little or no control over what people send and receive from the computers you maintain, and you may be the only person with the technical knowledge and access to identify the source and availability of electronically stored information. I imagine these folks hate subpoenas, especially if they have nothing to do with their employer’s business.

In Tener v. Cremer,[FOOTNOTE 1] the plaintiff sought to compel a non-party, New York University, to respond to a subpoena that might enable the plaintiff to identify the source of a posting on “Vitals.com,” an internet opinion website that advertises itself as the place “where doctors are examined.” This appears to be one of many internet sites that solicit opinions that others may use in making consumer decisions, and the plaintiff in Tener was a board certified physician who wanted to sue the author of allegedly defamatory remarks.

The Vitals.com posting was anonymous,[FOOTNOTE 2] but the plaintiff had learned of an Internet Protocol (IP) address[FOOTNOTE 3] associated with the offending message. This IP address did not identify the author’s computer, but did lead to the server for the entire computer network maintained by NYU. Relying on this clue, the plaintiff subpoenaed the university, seeking to identify all persons using the NYU server who had accessed the internet on the date of the offensive posting, and to identify which of those computers had connected to the Vitals.com site.

It apparently was not easy for the university to comply with the plaintiff’s requests. Although only NYU personnel could obtain access to the system, the “network address translation portal” used by NYU essentially acted as a switchboard, and through this “portal,” many thousands of persons had access to outside websites. When NYU did not produce information satisfactory to the plaintiff, she moved to hold the university in contempt of court.

The university responded with an affidavit by its chief information security officer, who noted that the date of the allegedly offending comment was nearly a full year prior to the service of the subpoena, and that computers used to visit outside websites are identified in the NYU system only by a ” … text file that is automatically written over every 30 days.”

via Obtaining Disclosure of ESI From Non-Parties.

Filed Under: From The News Tagged With: , , , , , , ,

e-Discovery in The Cloud Not As Simple As You Think – Forbes

November 30, 2011 By Leave a Comment

While organizations are utilizing cloud-based solutions more and more, eDiscovery from those solutions often remains an afterthought. In many cases, there is little consideration of how information in the cloud will be placed on legal hold, or how it will be accessed, reviewed and produced in response to litigation or regulatory requests. While there seems to be a widespread assumption that information in the cloud is at an organization’s fingertips at all times with the touch of a search button, that is not necessarily the case.

A large majority of respondents to our “The Cloud and eDiscovery” survey are using cloud-based solutions, ranging from hosted email archiving to popular applications like Salesforce.com and QuickBooks. Companies are knowingly or unknowingly storing discoverable information assets in the cloud. But the real question they should be asking is, “Do we have a plan in place for eDiscovery should the need arise?”

eDiscovery Plan

Overwhelmingly, the answer is no. Only 16% of respondents indicate that an eDiscovery plan is in place for cloud-based information management solutions. Granted, only 26% actually responded that they do not have an eDiscovery plan in place, but what is truly scary is the 58% who don’t even know if a plan exists. This means that many organizations, when they face an investigation or litigation, will be left scrambling in a reactive firefight to collect information from the cloud. That will inevitably lead to higher costs and more difficulty making informed legal decisions quickly.

Any organization utilizing cloud-based solutions to store information needs to have eDiscovery plans for each one of those solutions. Such plans need to define access protocols, service-level agreements for how quickly information can be produced, documentation for chain of custody and any kind of advanced functionality (e.g., content analytics for Early Case Assessment) that will be included.

via e-Discovery in The Cloud Not As Simple As You Think – Forbes.

Filed Under: From The News Tagged With: , , , ,

Federal judge orders Google, Facebook to “de-index” 700 domain names

November 30, 2011 By Leave a Comment

In a move likely to send counterfeit product sites scrambling for new homes on the Internet, a federal judge has ordered in favor of a fashion company seeking to protect the brand.

Announced earlier today out of Nevada, Judge Kent Dawson ordered that luxury goods designer Chanel now has the legal right to seize domain names of over 700 sites that are attempting to sell counterfeit Chanel products. These domain names can be taken over by Chanel and transferred to domain registrar GoDaddy. All pages would then be redirected to an online notice of the seizure.  The federal judge also ordered that all search engines and social networks “de-index” the sites in question. Sites specifically named in the ruling include Google, Bing, Yahoo, Facebook, Twitter and Google+. None of the site owners have the right to contest the removal of the domain from search engines or contest the transfer of ownership until after the domains are seized.

via Federal judge orders Google, Facebook to “de-index” 700 domain names.

Filed Under: Tech Bytes Tagged With: , , , , ,

How Siri Could Make Collaboration Mobile – Telecom – Unified Communications/messaging – Informationweek

November 30, 2011 By Leave a Comment

What might a voice-activated collaboration client do? Siri’s current ability to make calendar entries, send text messages, and take dictation hint at the possibilities. For example, the standard way of sharing comments is Facebook’s wall metaphor–a comment stream threaded beneath an anchor topic. In the context of enterprise collaboration, the topic is likely to be a PowerPoint deck or meeting agenda. While it’s possible, although rarely pleasant, to read heavily formatted content like a slide deck on a smartphone, typing a comment is onerous, even with a client optimized for the smartphone’s small display. Wouldn’t it be nice to dictate your thoughts instead?

Of course, this text-to-speech example just hints at what innovative developers might do with a cloud-based speech-recognition engine. Siri already understands context, in that prior requests inform subsequent answers. Ask “Find me the nearest Mexican restaurant,” and Siri replies with a list based on your current location. Follow up with “No, make that pizza,” and Siri remembers both the context (restaurants) and location. Imagine if this same logical power could be applied to any application. Say you’re a sales rep and your manager has shared a spreadsheet with regional sales estimates. If you have updated figures for your territory, instead of hunting and pecking changes on the tiny touchscreen keyboard, wouldn’t it be nice to say, “Siri, change the sales estimate for the Northwest region from 750,000 to 900,000″ and have the update applied, along with a comment field indicating who made the change? Similarly, when reviewing a project manager’s task schedule on the road from your phone, wouldn’t it be nice to update it with a simple voice command? “Siri, change the completion date for software pilot testing to Feb. 9.”

Natural-language control of computer systems is not new; it’s been a staple of science fiction since Star Trek. But Siri, with its merging of client-side language processing and server-side meaning interpretation, has raised the bar on what’s possible. While talking to a laptop, with its expansive keyboard, never made much sense, talking to your phone couldn’t be more natural. Instead of having conversations with friends or colleagues, let’s just have a conversation with the device itself. Siri ushers in the era in which speech recognition doesn’t let devices just take dictation but actually engage in conversation–tell it what we want, react to the response, and modify our request–and use speech as a software UI.

The future of smartphone collaboration lies in vocal, not tactile, interaction. Siri blazes the trail.

via How Siri Could Make Collaboration Mobile – Telecom – Unified Communications/messaging – Informationweek.

Filed Under: Tech Bytes Tagged With: , , , , ,

Expand Your E-Discovery Data Collection Services Via Partnership

November 29, 2011 By Leave a Comment
Global EDD Group - Data Collection & Digital Investigation Services

Global EDD Group - Data Collection & Digital Investigation Services

Creating or maintaining a Data Collection and Digital Investigation team is a major investment for organizations of all sizes.  Beyond the initial cost of the specialized hardware and software required for this line of service is the ongoing labor cost for the trained specialists who undertake the technical tasks associated with each project.   While clients may demand data collection services in support of processing and hosting agreements, it often may not make good business sense to invest in a large or full time Data Collection and Digital Investigation team as it can be a burden on operating budgets.  As a valuable alternative, Global EDD Group provides Data Collection and Digital Investigation Services as outsourced subcontractor, enabling industry vendors to provide the services at a competitive price point without losing control of the client management or post-collection services.  Quite simply, the technicians from Global EDD Group provide services on your behalf under your direction via the Preferred Partner Program.

The Preferred Partner Program from Global EDD Group

Global EDD Group partners with service providers and law firms that are dedicated to providing their client’s with the highest quality discovery and document management services.  The Preferred Partner Program (3P) enables service providers and firms to seamlessly expand their suite of services and geographic footprint by integrating, referring or reselling Global EDD Group services.

Advantages of Partnering with Global EDD Group:

♦  Vast Experience with Complex Paper & Electronic Discovery Projects
♦  Driven to Exceed End Client Expectations
♦  Facilities in Asia, Europe & North America
♦  Mobile Collection & Processing Units
♦  Advanced Foreign Language Services
♦  Partner Retains Client / Project Management Role


Benefits of 3P:


♦  Extremely Competitive Flat Rate & Bulk Pricing Model


♦  Generous Discounts & Commissions Exceeding Industry Average


♦  Strict No Competition / No Solicitation Policy


♦  Increased Profit Margins


♦  Leverage International Strategic Alliances




Please contact us to learn more about Global EDD Group’s Preferred Partner Program.


Related articles



Enhanced by Zemanta

		

		
Filed Under: From The News  Tagged With: , , , , , , ,  

	

		


				
Does the Mighty FCPA Need Reining in? – Law Blog – WSJ

		
		
November 29, 2011  By  Leave a Comment 
		

			


After five years and billions of dollars in penalties, enforcement of the Foreign Corrupt Practices Act shows no signs of cooling. But there are many in Corporate America that think the U.S. government is stretching the anti-bribery law in ways that are hurting U.S. business.


In this story in today’s Journal, we look at a widespread debate over how the legislation is enforced, spurred in large part the U.S. Chamber of Commerce’s efforts to amend the 1977 law.


Justice Department officials reject the need for legislation changes to the FCPA and say strong enforcement of the law, which reaches foreign and U.S. companies, helps create a level playing field in business transactions by eliminating corruption from the equation. But the Chamber and lawyers who support amending the FCPA say there is still substantial confusion over what is legal and what isn’t.


The law bars companies from paying bribes to foreign officials, but the Chamber wants clarity on whether employees of companies with state ownership or control behind them qualify as such. The Justice Department has taken an expansive view, arguing, for instance, that virtually every employee a pharmaceutical company encounters in a state-run health-care system could be considered a foreign official.


via Does the Mighty FCPA Need Reining in? – Law Blog – WSJ.

		

		
Filed Under: From The News  Tagged With: , ,  

	

		


				
UPS Phishing Scam Targets Cyber Monday Shoppers

		
		
November 29, 2011  By  Leave a Comment 
		

			


As soon as you hit “confirm purchase,” the anticipation begins: when will your package arrive?


Preying on the emtionally charged experience, hackers know many of you will throw caution to the wind and click into an email that says “UPS package not delivered.”


This latest email scam has been mutating and progressing since early November, according to antispam vendor Cloudmark, with reports spiking over Thanksgiving weekend.


“We’ve seen a number of variants in this campaign (some with attachments, some with no attachments and bad links), all of them personalized to the recipient, and sent from an ever-changing list of fake UPS employees or the generic ‘UPS Customer Services,’” Cloudmark wrote in a blog post.


“The from address is faked so that it appears to come from the domain ups.com.  Many of the images are copied from legitimate UPS emails and many of the links go to the legitimate UPS site. However, clicking on the call-to-action link that says ‘Track your shipment now’ will take the unsuspecting consumer to a website that can infect the computer with a virus.”


via UPS Phishing Scam Targets Cyber Monday Shoppers.

		

		
Filed Under: Tech Bytes  Tagged With: , , , , , , ,  

	

	
« Older Posts