Slashdot Mirror

HairyNevus writes "The Washington Post has an article detailing Google's request for international privacy standards. Google is taking this matter all the way to the U.N., arguing that a hodge-podge of privacy law unnecessarily burdens Internet-based companies while also failing to protect consumers. Although Google is currently under investigation by the EU for its privacy practices, the company claims it has been a crusader for protecting consumer privacy. Google's privacy counsel Peter Fleischer called America's privacy laws 'too complex and too much of a patchwork,' and the European Union's laws 'too bureaucratic and inflexible.' The alternative? Something closer to the Asia-Pacific Economic Cooperation's framework which 'balances very carefully information privacy with business needs and commercial interests', according to Fleischer."

An anonymous reader writes "The Associated Press is reporting that microchip implants have induced cancer in laboratory animals and dogs. A series of research articles spanning more than a decade found that mice and rats injected with glass-encapsulated RFID transponders developed malignant, fast-growing, lethal cancers in up to 1% to 10% of cases. The tumors originated in the tissue surrounding the microchips and often grew to completely surround the devices. To date, about 2,000 RFID devices have been implanted in humans worldwide, according to VeriChip Corp." We recently discussed the California ban on companies requiring such implants.

lottameez recommends an article in the Washington Post about recent research into the persistence of myths. In short: once a myth has been put out there (e.g., "Saddam Hussein plotted the 9/11 attacks"), denying it can paradoxically reinforce its staying power. Ignoring it doesn't work either — a claim that is unchallenged gains the ring of truth. Over time, "negation tags" fall out of memory: "Saddam didn't plan 9/11" becomes "Saddam planned 9/11." From the article: "The conventional response to myths and urban legends is to counter bad information with accurate information. But the new psychological studies show that denials and clarifications, for all their intuitive appeal, can paradoxically contribute to the resiliency of popular myths... The research is painting a broad new understanding of how the mind works. Contrary to the conventional notion that people absorb information in a deliberate manner, the studies show that the brain uses subconscious 'rules of thumb' that can bias it into thinking that false information is true. Clever manipulators can take advantage of this tendency."

eldavojohn writes "Despite demand for more oversight from the states, the Department of Justice has found that Microsoft's antitrust compliance plan is right on track. These specific investigations centered around Vista's compliance with Google's concerns surrounding search tools for the desktop. From the article: 'Preliminary testing shows the new version, which will let Vista users set a competing search program as their default and see it in the Windows Start menu, works as expected. The changes will be available in Service Pack 1, a package of upgrades and fixes expected in the first quarter of 2008, the department said. The department also said in its report that it is looking into differences between original technical documentation and rewritten versions from Microsoft, and that it is testing fixes Microsoft made to some software.'"

quizzicus writes "The Washington Post writes today about a sensitive White House document detailing how to screen for, silence, and remove protesters who show up at the President's public appearances. Obtained by an ACLU subpoena in the Rank v. Jenkins case, the Presidential Advance Manual (PDF) is dated October 2002. It lays out strategies such as searching audience members at the door for hidden protest material, strategically placing 'rally squads' throughout the crowd to intercept and shout down hecklers, and forcefully removing dissenters who cannot be squelched. The manual advises, however, that staff should 'decide if the solution would cause more negative publicity than if the demonstrators were simply left alone.'"

An anonymous reader sends us to the www.xakep.ru forum where a poster claims that the worldwide Skype crash was caused by Russian hackers (in Russian). The claim is that they found a local buffer overflow vulnerability caused by sending a long string to the Skype authorization server. You can try Google's beta Russian-to-English translation, but the interesting part is the exploit code, and that's more readable in the original. The Washington Post reports that Skype has denied this rumor.

The NSA wants automatic surveillance capabilities in telephone switches. But once such capabilities are built in, others could use them to intercept communications. Within 10 years this could render the US vulnerable to attacks from terrorist groups across the globe, as well as from the military establishments of other nations. "Such threats are not theoretical: In April 2004, phones belonging to members of the Greek government, including the prime minister, were spied on with wiretapping software that was misused."

During the hours that Congress was debating codifying the Bush administration's wiretapping by revising the FISA law, the Department of Justice was raiding the home of former Justice official Thomas M. Tamm to identify the person who first brought the illicit program to light: "The agents seized Tamm's desktop computer, two of his children's laptops and a cache of personal files... the raid was related to a Justice criminal probe into who leaked details of the warrantless eavesdropping program to the news media... James X. Dempsey of the Center for Democracy and Technology said the raid was 'amazing' and shows the administration's misplaced priorities: using FBI agents to track down leakers instead of processing intel warrants to close the [purported surveillance] gaps."

PizzaFace writes "It's Jhannet's 19th birthday, so her boyfriend borrows a camcorder to memorialize the occasion, and they head to the mall. They goof around, recording each other in the food court, then decide to catch the Transformers matinee, which started a few minutes earlier. During a big action scene, Jhannet takes the camcorder and records a 20-second clip to show her little brother. A few minutes later, cops who were called by the manager come in with flashlights, arrest Jhannet, confiscate the camcorder, and, at the behest of Regal Cinemas, charge her with film piracy. 'I was terrified,' said Jhannet. 'I was crying. I've never been in trouble before.' If convicted, she could be sentenced to a year in prison and a $2,500 fine. The police say they lack discretion because Regal Cinemas chose to prosecute: 'They were the victim in this case, and they felt strongly enough about it.' The National Association of Theater Owners supports Regal's 'zero-tolerance' prosecution standard: 'We cannot educate theater managers to be judges and juries in what is acceptable. Theater managers cannot distinguish between good and bad stealing.'"

Pcol writes "In the July 20 issue of the Washington Post, columnist Al Kamen reports that the BBC has translated a story headlined 'spying squirrels,' published in the Iranian newspaper Resalat on the use of trained animals to conduct espionage against their country: 'A few weeks ago, 14 squirrels equipped with espionage systems of foreign intelligence services were captured by [Iranian] intelligence forces along the country's borders. These trained squirrels, each of which weighed just over 700 grams, were released on the borders of the country for intelligence and espionage purposes.' According the story the squirrels had 'GPS devices, bugging instruments and advanced cameras' in their bodies. 'Given the fast speed and the special physical features of these animals, they provide special capabilities for spying operations. Once the animals return to their place of origin, the intelligence gathered by them is then offloaded. . . .' Iranian police officials captured the squirrels before they could carry out their assignments."

cyberdelicat writes to let us know about a Swiss security firm called WabiSabiLabi that is causing waves with its open auction for zero-day security vulnerabilities. While WSLabi claims they will thoroughly vet both buyers and sellers of vulnerabilities, many researchers are skeptical about how effectively they can do this. The Washington Post article mentions the guy who almost opened a similar auction site several years back, to be called Zero-Bay, but pulled the plug at the last minute. SearchSecutiry notes that some security researchers are now referring to WSLabi as "zerobay" as they undermine the auction site by reproducing and publishing vulnerabilities as soon as they appear for sale.

jmcharry writes "From the Washington Post: 'Attention, all aliens. Come on down. Because, seriously, this is your crowd. About 50,000 of your closest admirers are expected this weekend for the Roswell UFO Festival, celebrating the 60th anniversary of the nearby crash landing of a flying saucer — and, naturally, the ensuing government cover-up.'"

Bushido Hacks writes "The Washington Post reports that the Federal Trade Commission has fumbled the Network Neutrality Act, again, as of this past week. However, the FTC defended its actions saying that their decision was not a give-in to the big telecom and cable companies. Instead, the FTC report urges caution on Network Neutrality Regulation. While this news is disappointing, the FTC's decision appears to be thought out and a message to remind people to not let the subject of Net Neutrality be abandoned by the general public so corporations could undermine the interest of consumers. We discussed the row this created, but with constant stalling tactics being employed here how long will it be before net neutrality opponents craft their own legislation?"

tom_evil notes a story up on Infoshop.org about a parody site and the lack of a sense of humor in a large multinational. "One day after the Yes Men made a joke announcement of ExxonMobil's plans to turn billions of climate-change victims into a brand-new fuel called Vivoleum, the Yes Men's upstream internet service provider shut down Vivoleum.com and cut off the Yes Men's email service, in reaction to a complaint whose source they will not identify. 'Since parody is protected under US law, Exxon must think that people seeing the site will think Vivoleum's a real Exxon product, not just a parody,' said Yes Man Mike Bonanno. Exxon's policies do already contribute to 150,000 climate-change related deaths each year,' added Yes Man Andy Bichlbaum. 'So maybe it really is credible. What a resource!'"

ElvaWSJ writes "In preparation for its exclusive launch of the cellphone industry's most anticipated device, AT&T is pulling out all the stops. It is adding about 2,000 temporary employees to cope with the influx of shoppers in the first few months. And it is planning for enhanced security to control the potentially large crowds and avoid theft of the phones, which will go for a steep $499 or $599, depending on memory capacity. Some sales agents expect to see people camping outside the night before. 'Apple, which plans to start selling the phone in all of its 162 retail stores on June 29, did not disclose any plans around training or staffing for the launch. Apple will also start selling the phone online on the launch date, but AT&T will first launch only in its stores ... AT&T, which is requiring iPhone shoppers to sign up for a 2-year contract, has not yet revealed the service fees it will charge iPhone customers.'"

*SECADM writes "Learning from Microsoft's error, Google is building a lobbying power house in Washington." From the Washington Post article: Two years ago, Google was on the verge of making that Microsoft-like error. Davidson, then a 37-year-old former deputy director of the Center for Democracy & Technology, was the search-engine company's sole staff lobbyist in Washington. As recently as last year, Google co-founder Sergey Brin had trouble getting meetings with members of Congress. To change that, Google went on a hiring spree and now has 12 lobbyists and lobbying-related professionals on staff here — more than double the size of the standard corporate lobbying office — and is continuing to add people.

Spamicles alerts us to a report just issued (PDF) by the House Committee on Oversight and Government Reform. At least 88 White House officials used Republican National Committee email accounts for government business. The RNC has destroyed at least some of the emails from 51 of those officials. Law requires emails sent by officials to be stored or recorded. There is evidence that White House lawyers and the (current) Attorney General knew of this but did not act to stop it. From the article: "These e-mail accounts were used by White House officials for official purposes, such as communicating with federal agencies about federal appointments and policies... Given the heavy reliance by White House officials on RNC e-mail accounts, the high rank of the White House officials involved, and the large quantity of missing e-mails, the potential violation of the Presidential Records Act may be extensive."

The Xoxo Reader writes "Reuters reports that two women at Yale Law School have filed suit for defamation and infliction of emotional distress against an administrator and 28 anonymous posters on AutoAdmit (a.k.a. Xoxohth), a popular law student discussion site. Experts are watching to see if the suit will unmask the posters, who are identified in the complaint only by their pseudonyms. Since AutoAdmit's administrators have previously said that they do not retain IP logs of posters, identifying the defendants may test the limits of the legal system and anonymity on the Internet. So far, one method tried was to post the summons on the message board itself and ask the defendants to step forward. The controversy leading to this lawsuit was previously discussed on Slashdot."

truthsearch writes with a link to a Washington Post article about an eyebrow raising internal FBI audit recently released to the public. The document finds that, contrary to a document release back in March, the FBI frequently overstepped its bounds in collecting data on US citizens. The article states that the organization may have violated laws or agency rules 'more than 1,000 times'. "The new audit covers just 10 percent of the bureau's national security investigations since 2002. The vast majority of the new violations were instances in which telephone companies and Internet providers gave agents phone and e-mail records the agents did not request and were not authorized to collect. But two dozen of the newly-discovered violations involved agents' requests for information that U.S. law did not allow them to have."

Matthew Skala writes "The BBC reports that Yahoo! has rejected a shareholder proposal to adopt an anti-censorship policy, as well as one to set up a human rights committee to review the impact of Yahoo!'s operations in places like China. The interesting proposals are numbers 6 and 7 in the proxy statement available through EDGAR. This news comes on the heels of jailed Chinese reporter Shi Tao, suing Yahoo! for its involvement in his conviction, and Google's rejection of a similar proposal. The anti-censorship proposal was submitted by the same groups (several New York City pension funds) as the Google proposal. The proxy statement also includes the Board's recommendations — "strongly oppose[ing]" both proposals — with explanations of their reasoning."

wikkedwoman wrote with a link to a Washington Post story about the use of satellite imagery to detect atrocities around the world. The story details Amnesty International's efforts to identify areas in the world that may have been subject to man-made disasters. By comparing and contrasting imagery captured over time, researchers can produce hard evidence to present to a hard-to-please international community. "Tonight, [Amnesty Researcher Jeremy] Nelson begins his work by making a copy of the [older] shot in the right-hand screen and pasting it directly over the [newer] one on the left. Then he makes the top one nearly transparent. A river that cuts through the scene becomes a marker to help him line up the two. Now he can easily flip back and forth to look for changes. Sudanese huts tend to follow a similar pattern: a solid base ring with a steep, thatched roof. In the earlier image, they show up as small circles, with a slight shading to the dome, depending on the direction of the sun. Nelson draws a small, green circle slightly larger than the area of the average hut and makes several dozen copies of it ... When he finishes, he moves the 2007 shot to the top and begins the analysis again ... parts of this region were burned so thoroughly that there's nothing left but a large black scar. If you didn't know that huts were there before, you'd have no idea they were now gone. 'Whoever did this did a good job,' he says quietly. 'Thorough, at least.'"

The Washington Post is reporting on a finding by London-based group Privacy International. In a new report, they find that Google has some of the worst privacy-protection practices anywhere on the web, giving them the lowest possible grade. "While a number of other Internet companies have troubling policies, none comes as close to Google to 'achieving status as an endemic threat to privacy,' Privacy International said in an explanation of its findings. In a statement from one of its lawyers, Google said it aggressively protects its users' privacy and stands behind its track record. In its most conspicuous defense of user privacy, Google last year successfully fought a U.S. Justice Department subpoena demanding to review millions of search requests."

The 700 MHz spectrum could give birth to the much-anticipated third pipe, but phone and cable lobbyists are currently pressuring the FCC to sell companies like AT&T and Verizon our airwaves — in a flawed auction process — so they can hoard this valuable spectrum and stifle competitive alternatives to their networks. Google and other would-be providers are not taking it lying down. They want the FCC to mandate that whoever wins the auction be required to sell access to those airwaves, at wholesale prices, to anyone wanting to provide broadband Internet service. They also want anonymous auctions to prevent the giant incumbents from manipulating the results against small players (as they have done in the past).

Via Ars Technica, an article on the Washington Post site reports that the folks at Walter Reed hospital in DC are finding that videogames make excellent therapy sessions for soldiers wounded in the Iraq conflict. In addition to the obvious medical benefits of refining motor control via controllers, the entertainment allows soldiers to reconnect to experiences they may have had prior to their combat experiences. "Video games are all over Walter Reed. They're used for therapy or entertainment, or both. Alcibar doesn't have any hand injuries, but he's been trying to persuade some of his physical therapists to make Guitar Hero available to those who do. It would probably help some soldiers rebuild their hand strength and dexterity. And it's another excuse to play."

An anonymous reader writes "Many makers of extensions or add-ons for Firefox are introducing ways for bad guys to hijack the Web browser, new research suggests. A great many add-ons are updated over insecure (non https://) connections, providing an avenue for attackers to replace the extension with an evil update. Google's add-ons are particularly vulnerable, because they update automatically without notifying the user. From the story: '[I]f an attacker were to hijack a public Wi-Fi hot spot at a coffeehouse or bookstore — a fairly trivial attack given the myriad free, point-and-click hacking tools available today — he could also intercept this update process and replace a Firefox add-on with a malicious one.'" Here is security researcher Chris Soghoian's description of the vulnerability and a video of a simulated takeover.

Dekortage writes "The Washington Post is reporting on recent neuroscience research indicating that the brain is pre-wired to enjoy altruism — placing the interests of others ahead of one's own. In studies, '[G]enerosity activated a primitive part of the brain that usually lights up in response to food or sex... Altruism, the experiment suggested, was not a superior moral faculty that suppresses basic selfish urges but rather was basic to the brain, hard-wired and pleasurable.' Such research 'has opened up a new window on what it means to be good,' although many philosophers over recorded history have suggested similar things."

Pcol writes "The Washington Post is running a story on the design process for the Pentagon building and why it ended up with its unusual shape. In July 1941 with World War II looming, a small group of army officers met to consider a secret plan to provide a permanent home for War Department headquarters containing 4 million square feet of office space and housing 40,000 people. The building that Brig. Gen. Brehon Burke Somervell, head of the Army's Construction Division, wanted to build was too large to fit within the confines of Washington DC and would have to be located across the Potomac River in Arlington. "We want 500,000 square feet ready in six months, and the whole thing ready in a year," the general said adding that he wanted a design on his desk by Monday morning. The easiest solution, a tall building, was out because of pre-war restrictions on steel usage and the desire not to ruin Washington's skyline. The tract selected had a asymmetrical pentagon shape bound on five sides by roads or other divisions so the building was designed to conform to the tract of land. Then with objections that the new building would block views from Arlington National Cemetery, the location was moved almost one-half mile south. The building would no longer be constructed on the five-sided Arlington Farm site yet the team continued with plans for a pentagon at the new location. In the rush to complete the project, there was simply no time to change the design."

Pcol writes "The Washington Post is running a story on the design process for the Pentagon building and why it ended up with its unusual shape. In July 1941 with World War II looming, a small group of army officers met to consider a secret plan to provide a permanent home for War Department headquarters containing 4 million square feet of office space and housing 40,000 people. The building that Brig. Gen. Brehon Burke Somervell, head of the Army's Construction Division, wanted to build was too large to fit within the confines of Washington DC and would have to be located across the Potomac River in Arlington. "We want 500,000 square feet ready in six months, and the whole thing ready in a year," the general said adding that he wanted a design on his desk by Monday morning. The easiest solution, a tall building, was out because of pre-war restrictions on steel usage and the desire not to ruin Washington's skyline. The tract selected had a asymmetrical pentagon shape bound on five sides by roads or other divisions so the building was designed to conform to the tract of land. Then with objections that the new building would block views from Arlington National Cemetery, the location was moved almost one-half mile south. The building would no longer be constructed on the five-sided Arlington Farm site yet the team continued with plans for a pentagon at the new location. In the rush to complete the project, there was simply no time to change the design."

An anonymous reader writes "Connecticut's Attorney General Richard Blumenthal has accused Best Buy of overcharging its customers. His accusation is that customers see one price on Best Buy's website, in stores salespeople would show them a different internal site from a kiosk. Best Buy denies the charges. 'Previously, the company confirmed that store employees have access to an internal Web site that looks nearly identical to the public BestBuy.com site, but the company's policy is always to offer customers the lowest quoted price unless it's specifically identified as a deal available only to online shoppers. Jerry Farrell Jr., Connecticut's consumer protection commissioner, said the lawsuit should be a warning to companies to be more transparent in their business practices.'"

Gary W. Longsine writes "The Washington Post writes about a Venture Capitalist and blogger, Fred Wilson, who recently declared 'e-mail bankruptcy', wiping out his inbox and starting over because he couldn't keep up. Spam is cited as one reason. There have been several public incidents, some cited in the article, where the flow of email is just too much to keep up. 'If there is a downside to completely turning a back on e-mail, it's not one many former users notice. Stanford computer science professor Donald E. Knuth started using e-mail in 1975 and stopped using it 15 years later. Knuth said he prefers to concentrate on writing books rather than be distracted by the steady stream of communication.' Is email just too hectic a communication form for some people? Is email dead?"

mikesd81 writes "The Washington Post has an article about a team of American and Irish researchers that have discovered that some female sharks can reproduce without having sex, the first time that scientists have found the unusual capacity in such an ancient vertebrate species. Their report concludes that sharks can reproduce asexually through the process known as parthenogenesis (the growth and development of an embryo or seed without fertilization by a male). Scientists started investigating after a female hammerhead shark was mysteriously born at Omaha's Henry Doorly Zoo in a tank that housed 3 female sharks. It was originally thought one had stored sperm from a male shark before fertilizing an egg. However, baby shark's genetic makeup perfectly matched one of the females in the tank, with no sign of a male parent."

theodp writes "Last month, Washington high school junior Sofia Rubenstein used 6,807 text messages, which, at a rate of 15 cents apiece for most of them, pushed her family's Verizon Wireless bill over $1,100. She and other teens are finding themselves in hot water after their families get blindsided with huge phone bills thanks to hefty a la carte text messaging charges." Use of SMS in the US doubled from 2005 to 2006.

coondoggie writes to tell us the Washington Post is reporting that new legislation in a numbers of states and the District of Columbia allows consumers to place a "security freeze" on their credit files. "For the millions of consumers who receive notice each year that their personal or financial data was lost or stolen, a preemptive security freeze can offer peace of mind. It blocks businesses and potential fraudsters from gaining access to a consumer's credit report and score and from granting new lines of credit in the consumer's name. In many states, consumers who want to remove the freeze can use a special identification number to unlock access to their credit file."

HarryCaul writes "Soldiers are finding themselves becoming more and more attached to their robotic helpers. During one test of a mine clearing robot, 'every time it found a mine, blew it up and lost a limb, it picked itself up and readjusted to move forward on its remaining legs, continuing to clear a path through the minefield.' The man in charge halted the test, though - 'He just could not stand the pathos of watching the burned, scarred and crippled machine drag itself forward on its last leg. This test, he charged, was inhumane.' Sometimes the soldiers even take their metallic companions fishing. Is there more sympathy for Robot Rights than previously suspected?"

gwoodrow writes "We've all heard the 'fired because of MySpace' stories, where a simple blog or picture gets someone canned. But now one of the targets is fighting back. (The offending picture in this case was a snap from Halloween 2005 of the student in a pirate outfit drinking from a cup.)" From the article: "Teacher in training Stacy Snyder was denied her education degree on the eve of graduation when Millersville University apparently found pictures on her MySpace page 'promoting underage drinking.' As a result, the 27-year-old mother of two had her teaching certificate withheld and was granted an English degree instead. In response, Snyder has filed a Federal lawsuit against the Pennsylvania university asking for her education diploma and certificate along with $75,000 in damages."

An anonymous reader writes "AOL.com users may think they have up to sixteen characters to use as a password, but they'd be wrong, thanks to this security artifact detailed by The Washington Post's Security Fix blog: "Well, it turns out that when someone signs up for an AOL.com account, the user appears to be allowed to enter up to a 16-character password. AOL's system, however, doesn't read past the first eight characters." This means that a user who uses "password123" or any other obvious eight-character password with random numbers on the end is in effect using just that lame eight-character password."

I was surfing through my usual tech sites for the latest news when I came across an article on Wired News. It turns out Steve Case is not alone in the quest to fix the health care system. I guess I don't get what the big attraction for these guys are.... I know the US's health care system is messed up, but I'm not sure technology can fix all of the aches, pains and dysfunction in our current system. I don't get why they don't just join a major company's board or start a hip/trendy start-up....

An anonymous reader writes "It looks like the bad guys are gaming Google's sponsored links to spread their junk to people who click on the ads with unpatched versions of Internet Explorer. Attackers apparently bought the rights to several high profile search terms, including searches that would return results for the Better Business Bureau, among others. The story notes this was bound to happen, given the way Google structures sponsored links: "The bad guys behind the attack appeared to capitalize on an odd feature of Google's sponsored links. Normally, when a viewer hovers over a hyperlink, the name of the site that the computer user is about to access appears in the bottom left corner of the browser window. But hovering over Google's sponsored links shows nothing in that area. That blank space potentially gives bad guys another way to hide where visitors will be taken first.""

TheCybernator writes "Apple today released software updates to plug more than two dozen security holes in its Mac OS X operating system and other software. The free patches are available via the Mac's built-in Software Update feature or directly from Apple's Web site. All told, today's batch fixes some 25 distinct security vulnerabilities, including a dangerous flaw present in the AirPort wireless devices built into a number of Apple computers, including the eMac, the iBook, iMac, Powerbook G3 and G4, and the Power Mac G4. Apple said computers with its AirPort Extreme wireless cards are not affected. Earlier this month, Apple released a software update to fix a vulnerability in its wireless router, the AirPort Extreme Base Station. That update and instructions on how to apply it are available at the link."

pin_gween writes "The Washington Post reports on the probable abuse of the National Student Loan Data System. The database was created in 1993 to help determine which students are eligible for financial aid. Students' Social Security numbers, e-mail addresses, phone numbers, birth dates, and loan balances are in the database. It contains 60 million student records and is covered by federal privacy laws. Advocates worry that businesses are trolling for marketing data they can use to bombard students with mass mailings or other solicitations. The department has spent over $650,000 in the past four years protecting the data. However, some senior education officials are advocating a temporary shutdown of access to the database until tighter security measures can be put in place."

An anonymous reader writes "Twenty-four federal departments and agencies earned a collective grade of C-minus last year for their performance in meeting computer and network security requirements, according to marks handed out by a key congressional oversight committee today. The government-wide grade is up slightly from the 2005, when it earned an overall grade of D+. Eight agencies earned A grades, while as many warranted failing marks. '..the Department of Defense led a group of eight agencies that received failing marks for computer security. Also receiving that dubious distinction were the departments of Agriculture, Commerce, Education, Interior, State and Treasury, as well as the Nuclear Regulatory Commission. The Department of Homeland Security earned a D, although its overall performance improved since 2005. The Department of Veterans Affairs did not provide enough data to earn a grade. In 2005, it received an F.'"

kidcharles writes "The Washington Post reports that in the midst of an investigation by the U.S. Congress into the firing of eight U.S. Attorneys by the Department of Justice, numerous White House e-mails have been lost. Among them are communications from presidential adviser Karl Rove. Parallels are being drawn with the infamous '18 minutes' missing from the Nixon Watergate tapes. Also at issue is the use of Republican National Committee e-mail domains (such as gwb43.com and georgewbush.com) rather than the official White House domain. This is a violation of the Presidential Records Act."

Reader gyges writes in to tell us that the Washington Post has picked up a piece he wrote about cut-and-paste plagiarism: "Plagiarism today is heavily invested with morality surrounding intellectual honesty. That is laudable. But truly distinguishing plagiarism is a matter of intent. Did I mean to copy, was it accidental (a trick of memory), was it polygenesis[?] ... Young people today are simply too far ahead of anything schools might do to curb their recycling efforts. Beyond simply selling used term papers online, Web sites such as StudentofFortune.com allow students to post specific questions and pay for answers." The author argues that in the era we're entering, schools need to rely far less on term papers in assessing students.

fistfullast33l writes "In another case of a government official creating a 'unique' interpretation of science, TPM Muckraker reports on Julie MacDonald, deputy assistant secretary for fish and wildlife and parks in the Department of the Interior in Washington. The Department's Inspector General issued a report today documenting evidence that MacDonald not only overrode opinions of department scientists to benefit lobbyists, and political interests, but also that she shared internal documents with said lobbyists and a friend in an unnamed online roleplaying game. My favorite episode: 'At one point, according to Fish and Wildlife Service Director H. Dale Hall, MacDonald tangled with field personnel over designating habitat for the endangered Southwestern willow flycatcher, a bird whose range is from Arizona to New Mexico and Southern California. When scientists wrote that the bird had a nesting range of 2.1 miles, MacDonald told field personnel to change the number to 1.8 miles. Hall, a wildlife biologist who told the IG he had had a running battle with MacDonald, said she did not want the range to extend to California because her husband had a family ranch there.'"

An anonymous reader writes "The Register takes a look at spam touting everything from Viagra to phishing sites being sent from Fortune 1000 networks. Oracle was found to have a machine pushing out a PayPal phishing scam, and BestBuy had a system sending thousands of spams a month. The Washington Post's Security Fix blog also is tracking this story, finding stock spam being pumped from ExxonMobile and from American Electric Power, among others. Another machine at IndyMac Bank was the source of spam touting generic prescription drugs. From the story: '...an IT engineer with American Electric Power, said the stock spam came from a bot-infected computer belonging to a contractor at one of its power generator plants.'"

eldavojohn writes "The United States' Department of Energy is stating that corn based fuel is not the future. From the article, "I'm not going to predict what the price of corn is going to do, but I will tell you the future of biofuels is not based on corn," U.S. Deputy Energy Secretary Clay Sell said in an interview. Output of U.S. ethanol, which is mostly made from corn, is expected to jump in 2007 from 5.6 billion gallons per year to 8 billion gpy, as nearly 80 bio-refineries sprout up. In related news, Fidel Castro is blasting the production of corn fuel as a blatant waste of food that would otherwise feed 3 billion people who will die of hunger."

jazzbazzfazz writes "It seems that some students in Virginia are not happy with the anti-plagiarism service Turnitin. The company checks prose submitted by its customers for signs that it has been copied in whole or part by comparing it to a large database of works that it maintains. Trouble is, it also adds the submitted prose to its files and stores it for use by the company in future scans, which the students feel is illegal use of their copyrighted materials. I think they've got an excellent case, especially since they seem to have prepared for this eventuality: they're A-students, never been accused of plagiarism, and they formally copyrighted their papers prior to their submission to Turnitin."

An anonymous reader writes "Google responded to the opinion piece in the Washington Post by a Viacom Lawyer with a letter to the editor titled 'An End Run on Copyright Law.' Their strong wording sends a very concrete message: 'Viacom is attempting to rewrite established copyright law through a baseless lawsuit. In February, after negotiations broke down, Viacom requested that YouTube take down more than 100,000 videos. We did so immediately, working through a weekend. Viacom later withdrew some of those requests, apparently realizing that those videos were not infringing, after all. Though Viacom seems unable to determine what constitutes infringing content, its lawyers believe that we should have the responsibility and ability to do it for them. Fortunately, the law is clear, and on our side.'"

An anonymous reader writes "The SANS Software Security Institute, in conjunction with organizations such as Siemens, Symantec, Juniper, OWASP, and Virginia Tech, has announced a program for testing whether programmers know how to write secure code. The Secure Programming Skills Assessment is split into separate language families (C/C++, Java/J2EE, Perl/PHP, and ASP/.NET). Director of research Alan Paller says 'This assessment and certification program will help programmers learn what they don't know, and help organizations identify programmers who have solid security skills.' The pilot exam will be held in Washington DC in August, followed by a global rollout."

Slashdot regular contributor Bennett Haselton writes "The reports of Sinbad's death become greatly exaggerated. A Wikipedia contributor is unmasked as a fraud, raising questions about why he wasn't called out earlier. NBC airs a piece about how anybody can edit any article on Wikipedia, and errors creep in as a result. (Duh.) But what's most frustrating about all these controversies surrounding Wikipedia is that news reports describe these incidents as if they are a permanent, unsolvable problem with any type of community-built encyclopedia, when in fact there seems to be a straightforward solution." More words follow. Just click the link.

In its simplest form, couldn't a person's academic credentials be verified by sending a confirmation link to their .edu e-mail? (Which could be identified as a faculty address either by a domain name like "faculty.schoolname.edu", or by a Web page in the faculty section of the school's Web site identifying the person's e-mail address?) And then once the user's bona fides have been verified in this or some other way, couldn't they put their seal of approval on any article whose contents need to be considered reliable, or that readers want to cite as an authoritative source? In this way, with only a few minutes of effort and without changing a single word of the article, its value is increased many times -- surely one of the best possible trade-offs in terms of effort versus reward. (As for the question of "What experts would do this?", the answer is, presumably the same people who contribute to sites like Wikipedia currently. If their motives are altruistic in the first place, hopefully they would be willing to take this extra step if they knew it would increase the article's usefulness.)

Something like this model is planned by the operators of Citizendium.org, a Wikipedia alternative (I balk at using the word "rival" although it is inevitable that people will see them that way). The last time I wrote about Citizendium, some thought it sounded like such a valentine to the project that they wondered if I was a shill; actually, sometimes a project just comes along that aligns almost exactly with what I would have done if I could have re-done a popular project like Wikipedia with a few design changes, and when that happens, I just say so. Some others may have wondered if I was sucking up for a board position or something. No, that would be, like, work. But I think they have some good ideas that will make them a more useful alternative in some cases, unless Wikipedia copies back some of their ideas in order to serve both needs at once, which would also be a good thing.

Consider the two major issues on which Citizendium is planning to take a different approach from Wikipedia: (1) user verification, and (2) putting published articles into an "approved" state under the stewardship of a credentialed editor, who has to sign off on any future changes to the article. The issue of user verification can be further divided into two sub-issues: (a) verifying users for the purpose of ascertaining their credentials, and (b) verifying users for the purpose of limiting the amount of vandalism committed by new users under pseudonyms. (While editorial control on Citizendium means that it is not possible to vandalize the public-facing version of an article after it has gone into an "approved" state, users can still vandalize an article while it is a "work in progress" being built up towards the first milestone where it can be approved. Citizendium founder Larry Sanger says that such vandals are surprisingly, pathetically motivated even though their work is only seen by a small audience.)

On the first issue, the one of verifying user credentials, I think the verification of .edu addresses especially would be a cheap and easy way to increase the value of every article that that user writes, or signs off on. I don't think, however, it's necessary to go as far as Citizendium is currently planning on going, by requiring real names and biographies of all users. My thinking is that if an article is synthesized by 100 monkeys with typewriters but the finished product is giving the blessing of a credentialed professor of physics, it's pretty much just as reliable as if the professor had written it themselves. And if the same article gets the blessing of multiple credentialed experts, it could justifiably be considered more reliable than many printed sources written by a single author. The point is that the credentials that matter, are those of the people who stake their reputation on the accuracy of the article, not necessarily those of the people who contribute to it. So on this front, I think that while Wikipedia asks too little of users' backgrounds, Citizendium's current plan would ask too much, because as long as you have the credentials of one person who has signed off on an article, collecting non-verifiable bios of the article's other contributors doesn't actually gain anything.

The other side of verifying credentials is the use of credentials to prevent vandalism. In this situation it's not necessary to verify that the user actually is who they say they are; the system only needs to ensure that the same user is not signing up over and over again after previous accounts get banned for abuse. (You could ban users by IP address, but tools like Tor make it easy for users to connect from what appears to be a different IP address every time.) A blog post from Citizendium founder Larry Sanger lists three possible approaches instead: (a) requiring existing user X to vouch for new user Z before Z can join; (b) requiring new user Z to provide a link to a "credible" Web page establishing their identity; or (c) requiring new user Z to provide a link to a "credible" Web page of some person X who can vouch for Z's identity. I don't know how quickly a system could grow by referrals only -- after all, I was surprised that GMail took off so quickly during the period when you could only join with an "invite" from an existing user. Then again, GMail was giving away something for free that almost everyone could use, so most people who wanted it, would find themselves closely linked to someone else who had it. Citizendium, on the other hand, asks not what they can do for you but what you can do for them, and so might not achieve enough penetration to spread by referrals only.

I suggested that one alternative would be to send a postcard to each new user's physical address with a unique six-digit number, which they would have to enter in order to complete their registration, in order to verify that new users really were unique. The problem here, apart from the privacy concerns, is the delay that users would incur before their registration was complete, which would take away the "instant gratification" that they could get from starting to contribute right away. (You could let users edit before their address is verified, but that would just enable the same person to keep re-creating new accounts with unique but fake addresses, and use them to commit vandalism before the account was found out.)

Another idea would be that for new users, their first, say, three edits would go into a queue to be reviewed by verified users, and once the first three edits have been approved, the user is able to make edits in real time. (Since anybody would be able to review a new user's edits to make sure they were not spam, the new user's edits could be reviewed very quickly, since any Citizendium volunteer who was online, could review the latest entries in the edit queue and approve them.) It's true that a user could game this system by, for example, submitting three minor improvements, and then using their unblocked account to vandalize articles while they're being worked on. However, even in this case, the "vandal" would probably end up having a positive contribution to the site, because of the three small improvements that they'd already made. If a legitimate Citizendium volunteer would have to spend more effort making those three small improvements, than it would take to let a new user make those constructive changes and then ban them and revert their destructive changes once the user is caught committing vandalism (and the latter wouldn't take much effort at all), then Citizendium has actually gotten a good deal out of the "vandal"! (To make this work, a user's first contributions could not be "neutral" changes like replacing one word with a synonym; they would have to be actual improvements, even small ones, thus ensuring that the net effect of a potential "vandal" is positive.) There may be other possible solutions. These are just alternatives in case the model of referral by trusted users turns out not to work.

Now switching to the other side of the reliability issue: Whether the default article that is displayed to the public for a given topic, should be the latest "stable" version approved by credentialed users, or the very latest version incorporating all edits submitted by any user whatsoever. Having talked with members of the Citizendium and Wikipedia communities in their respective forums, there appear to be three schools of thought on the article stability issue. The first is that the whole idea of putting articles into an "approved" state and moderating all changes going forward, goes against the "spirit" of wikis in general and Wikipedia in particular. The second, suggested on the Wikipedia discussion list by Sheldon Rampton, is that it would be a useful feature if credentialed users could select certain page versions in the page history and "sign off" on the accuracy of one of those past versions; the page displayed by default would be the bleeding-edge latest one (with all of the possible vandalism and inaccuracies that entails), but users who wanted a reliable, citable source could look in the history. The third school of thought is that reliability is so valuable, that the default page displayed to the public and carrying the stamp of the project, should be the latest version approved by credentialed editors -- the model that Citizendium currently has in mind.

I'm not really partial to the first view, since I think the success of the project should be defined by how it achieves its goals (whatever you define those goals to be) and not in whether it kept with its original "spirit". Since Wikipedia has far more readers than contributors, if your motivations for contributing to or maintaining Wikipedia are at all oriented towards doing good for other people, presumably meeting the needs of readers is more important than keeping the party going for contributors (provided, of course, that the environment for contributors is at least pleasant enough to keep them contributing). The choice between the second and third points of view is more interesting. There's no obvious best-of-both-worlds choice here, because what motivates many contributors (the fact that their changes go live to the entire world, right away) is also what motivates vandals.

On the other hand, the problem doesn't sound unsolvable. You could go with the Citizendium model of editor-approved changes but create a prioritized system for "urgent" updates, in the case of changes to an article made to incorporate current events. Suppose users (who have been verified using one or more of the methods above) are each issued a certain number of "credits" that they can use to mark a proposed update as an urgent, breaking change. (Misusing these credits to mark changes as "urgent", that really aren't, would be considered abuse tantamount to spamming or vandalism.) Then let's say, for example, Anna Nicole Smith dies. A user could submit this change to the Anna Nicole Smith article, along with a link to a reliable news source (e.g. a wire service story) and a credit marking the change as "urgent". Since an editor would not need any particular expertise to view the article and verify that the change was accurate, any editor could review the "urgent request queue" and approve that particular change for publication, ensuring that the queue was checked frequently throughout the day and urgent updates would get pushed through quickly. Thus the site could keep pace with breaking current events without the kind of inaccuracies that plagued Kenneth Lay's Wikipedia entry when he died.

So there's a trade-off there, between displaying all the latest changes by default and motivating people to contribute but also running the risk of vandalism, versus displaying only the latest editor-approved page. Where there is not a trade-off, that I can see, is in the option of simply having an editor-approved version of a given page -- whether it's displayed by default, or only stored in the version history where people can look for it. To me, both of these steps seem to consist of pure gain for relatively little effort:

1. Verify credentials of academic professionals by poking their .edu address.
2. Allow them to give their "blessing" to certain versions of a page in the page history, so that users can rely on those specific page versions and even cite them as sources where appropriate.

So I hope that Citizendium will help bring more prominence to the idea, and that something similar might get incorporated back into Wikipedia. The approval of an identity-verified expert can improve an article's value so much, for such comparitively little extra effort, that it makes no sense not to have that option.