Slashdot Mirror

DevanJedi writes "According to an article at Wired.com , several FBI agents are under investigation for illegally acquiring information an American citizens. Overzealous agents used 'misleading emergency letters' obtain phone records of thousands of Americans. This marks the first time government officers have been prosecuted for misuse of the Patriot Act. From the article: 'Unit employees, who are not authorized to request records in investigations, sent form letters to telephone companies to acquire detailed billing information on specific phone numbers by falsely promising that subpoenas were already in the works. According to a third source, FBI officials also said at the meeting that some bureau employees have already been granted immunity from prosecution in the investigation. The third source, who also spoke on condition of anonymity, did not recall, however, that FBI officials described the investigation as "criminal."'"

Konami's press conference was short and sweet, but the focus was on the unveiling of Silent Hill V . There's almost no information about it out yet, though there is a singularly unhelpful trailer available online. From the press release: "Building upon the series trademark foundations of atmosphere, adventure and storytelling, Silent Hill 5 introduces players to a frightening new experience. When confronted by the perverse incarnations of evil that roam Silent Hill and Shepherds Glen, players will be able to utilize an enhanced combat system and execute a number of offensive and defensive maneuvers as they experience every terrifying encounter with the games numerous nightmarish creatures. Players will also have to solve a variety of puzzles as they progress through the highly atmospheric game world, using cues from the environment to unlock Silent Hills darkest secrets. Continuing the series tradition of standout music and sound design, Silent Hill 5 features an original soundtrack by famed composer Akira Yamaoka."

The big three hardware makers aren't the only ones to offer events with uncomfortable seating this week. Activision was probably the winner of the 'most confusingly run event' award, as their welcome demonstrations of Call of Duty 4, Guitar Hero III, and Tony Hawk's Proving Ground were interspersed with walk-ons by folks like Stan Lee, Slash, and Tony Hawk himself. Jamie Kennedy apparently MC'd, with lackluster results. THQ's event, meanwhile, offered several kinds of sweaty men and uninterested female models, while also showing off new products like Conan, Destroy All Humans! Path of the Furon, and De Blob. Throughout, the company pledged heavy support for the Wii. Midway's event was much more to the point, with news of a downloadable Stranglehold demo coming in August, the title Aqua Teen Hunger Force Zombie Ninja Prom announced, and a bit about Blacksite Area 51. There will be a demo for that game too.

This year's E3 is substantially different than events of the past, with an easily navigated show floor just one of the signs of the changing times. There are a number of questions up in the air as to what the new face of E3 means. Hideo Kojima (creator of the Metal Gear series) went on record at the Konami conference saying that he considers the new format a waste of time. Game|Life's Chris Kohler has a piece up on this subject, and he says that the new E3 is all about the status quo: "Yes, there were press conferences. But when Nintendo, Microsoft, and Sony all decide to only show their 2007 games (for the most part) and hold back on announcing huge news (entirely), you know something's up with the venue. At any rate, gamers hoping for some kind of shift in momentum, no matter which direction, didn't get their wish. This year's E3 is all about maintaining the status quo. Typically, it's been the 'battle of the press conferences' to see who 'wins E3.' This year, everybody surrendered."

After a bout of radio silence, yesterday Sony unveiled Killzone 2 as it stands today. Those attending the event seem duly impressed. Eurogamer's Tom Bramwell points out that the level of cynicism has been set quite high, after the pre-rendered 2005 trailer prompted a lot of hard feelings among journalists. Just the same, Susan Arendt of Game|Life is of the opinion that the wait was worth it: "Most of the action we saw was basic run-and gun--working your way up and down, through the buildings of the city to reach various checkpoints. We saw a fight with a mini-boss that was relatively unremarkable, but it did at least end with a fairly satisfying 'boom.' The level culminated with the destruction of an arc weapon--basically an antenna that draws electricity from lightning and releases it to destroy troops ... Killzone 2 is loud, dirty, and violently elegant. If you have a PS3, you're going to want this game. If you don't have a PS3 you might have to figure out how you're going to get one." For more details, check out the Killzone 2 trailer Sony has released as well as the quick Q&A on the game at PS3 Fanboy.

Fantastic Lad sends us to Wired for a story on the upside of nicotine. Researchers are developing drugs based on nicotine that may prove beneficial for brains, bowels, blood vessels and immune systems. "Nicotine acts on the acetylcholine receptors in the brain, stimulating and regulating the release of a slew of brain chemicals, including seratonin, dopamine and norepinephrine. Now drugs derived from nicotine and the research on nicotine receptors are in clinical trials for everything from helping to heal wounds, to depression, schizophrenia, Alzheimer's, Tourette Syndrome, ADHD, anger management and anxiety." A separate story talks about nicotine warding off Parkinson's disease.

posys writes "Wired Magazine has an article showing how the eternal patience of robots lends itself well to teaching new social skills to autistic children. 'The researchers hope that the end result is a human-like robot that can act as a "social mediator" for autistic children, a steppingstone to improved social interaction with other children and adults. "KASPAR provides autistic children with reliability and predictability. Since there are no surprises, they feel safe and secure," Robins said, adding that the purpose is not to replace human interaction and contact but to enhance it. Robins has already tested some imitation and turn-taking games with the children and his preliminary findings are positive.'"

good soldier svejk writes "'It could be a scene from Kafka or Brazil. Imagine a government agency, in a bureaucratic foul-up, accidentally gives you a copy of a document marked "top secret." And it contains a log of some of your private phone calls. You read it and ponder it and wonder what it all means. Then, two months later, the FBI shows up at your door, demands the document back and orders you to forget you ever saw it.' That is what happened to Washington D.C. attorney Wendell Belew. His lawsuit takes on special significance given today's Sixth Circuit Court ruling that surveillance victims can only sue the DOJ if they can prove they were affected."

SoyChemist writes "The Wired Science blog has production stills and a story about a side project that several Industrial Light and Magic employees have been working on. They are producing the short story Maelstrom II as an independent film. The entire thing was shot in front of a bluescreen, so all of the sets and props will be CGI. The lone actor, Chuck Marra, plays a guy that hitches a ride on an electromagnetically launched freight capsule from the moon to earth. When the nuclear reactor that powers the catapult fails, he is thrown into space, but not far enough to escape lunar gravity — leading to an Apollo 13 style rescue mission. The original story was written by Arthur C. Clarke, author of 2001: A Space Odyssey."

CoolBeans writes "Making ethanol is easy. Making enough ethanol to fill every gas tank in a developed country is tricky. The Department of Energy has promised $125 million to the Joint BioEnergy Institute, a team of six national labs and universities that will be run like a startup company. They intend to create new life forms that are optimized for alcohol production. The genes of crops that produce large amounts of cellulose will be tweaked to improve the yield per acre and to increase drought and pest resistance. Microbes that produce sugar from cellulose and ethanol from sugar will be built for speed and efficiency." The article mentions as an aside that earlier this year, "the energy giant BP gave $500 million to Berkeley, Lawrence Berkeley lab, and the University of Illinois at Urbana-Champaign for similar alternative energy research. That gift will fund the Energy Biosciences Institute, which will operate separately from the JBEI." So UC Berkeley and LBL are both participating in two separate energy-biotech research programs.

Game|Life has a breakdown of the numerous PlayStation 3 exclusives that might have been. The high cost of making games and Sony's slow start out of the game means that titles like Assassin's Creed and Devil May Cry IV, which may have been exclusive to a Sony console at one point, will now be leading a double life on Microsoft's Xbox 360. "Grand Theft Auto IV -- Peter Moore shocked the world at E3 last May when he announced that GTAIV would appear day-and-date on Xbox 360 and PS3. Months later, Newsweek reported that Take Two had wanted to continue its long-standing practice of giving Sony a lengthy timed exclusivity on the game, but they didn't want it. Newsweek says that former Sony Computer Entertainment president Ken Kutaragi's 'radio silence' on the issue left Sony's American execs without the authority to make deals, and nothing happened. Same with ... Assassin's Creed -- Again, Newsweek revealed that Ubisoft had actually gone to Sony with an offer to make the game a PlayStation 3 exclusive. Although Sony did go through the trouble of asking Ubisoft to make it seem as if their multiplatform action game Assassin's Creed was indeed PS3 exclusive , it came out shortly after E3 that it would ship simultaneously on both platforms."

westlake writes "In the wake of Internet Radio's Day of Silence, SoundExchange has proposed a temporary $2500 cap on advance payments 'per channel/per station.' The Digital Music Association responded immediately in its own press release that it would agree to this, but only if the term for the new arrangement were extended to 2010 — or, preferably, forever. On another front, SoundExchange seems aware in its PR that it will have to concede something more to the non-profit webcaster, if it is to avoid Congressional action."

MrErlenmeyer writes "Many injuries and diseases including heart attacks, stroke, and Parkinson's cause healthy cells to kill themselves. A group of scientists at Washington University in Saint Louis believe they have a lead on how to stop apoptosis (unwanted cell suicide) and thus minimize the tissue damage that occurs as a result of these injuries. They designed drugs that halt the actions of executioner caspases, proteins that act as a molecular wrecking crew. Other scientists had found that a chemical called isatin could prevent tissue damage in rabbit hearts that were deprived of oxygen. This was the starting point for the team of researchers in Missouri. By making some changes to the molecule, they were able to develop an even more effective molecule. With some further refinement, this may lead to a new class of emergency medications."

An anonymous reader writes "Boeing is making the wings of its new 787 out of carbon fiber instead of metal. That means the wings are so strong and flexible that they could bend upward and touch above the fuselage — or come close. The company is expected to deliver the first 787 to All Nippon Airlines in May 2008. 'Boeing has completed static testing of a three-quarter wingbox, but engineers are still considering whether to limit testing of the full wing to a 150% load limit held for 3 sec. or to continue bending it to see when it breaks. 'There's a raging debate within the engineering team to see if we should break it or not,' says [787 General Manager Mike] Bair.'" They have come a long way in wing flexibility.

Wired discusses the last episode of the Red vs. Blue web series, which ends tonight with its 100th episode. The long-running show has been lauded as highly influential in the world of machinima, and made the folks at Rooster Teeth into household names among gamers. If you enjoyed RvB, their current project is a Machinima set in the Shadowrun FPS entitled 1-800-MAGIC. "'We didn't even know what machinima was,' says Burns. 'We played a ton of Halo at LAN parties because Xbox Live didn't exist yet. The humor of us yelling across the room led to Red vs. Blue.' The videos are recorded directly from three Xbox consoles running a linked game of Halo. Players on two consoles play the red and blue characters, and one player on a third game console records all the action from the first-person viewpoint. Burns ... promises that Wednesday's final episode will 'honor that unique distribution method -- we have the ability to do some things on the internet that you can't do in television or film.'"

JLester writes "Wired Magazine has an interview this month with Hans Reiser (of the ReiserFS journaling file system for Linux) from prison. It contains more details about the murder case against him. Some of the questions still go unanswered though."

Van Cutter Romney sends us word of a British steam-powered car that will attempt to set a world record speed of 200 mph. The car, constructed on a tubular chassis, holds four boilers that deliver four megawatts of power, producing 300 bhp. The current record of 127.659 mph was established in 1906. More photos and specs at the Steam Car Club of Great Britain's site.

UltravioletLED writes "A company in Petaluma, California has developed highly programmable desktop lasers. The same devices used in hospitals could also be used to turn any metal surface black by simply changing the software. From the article: 'The technology once filled a large room at DARPA until Raydiance scientists made it into a compact, tabletop unit. Schuler (The CEO) said he hopes it will replace just about any cutting device you can think of, from a big metal saw to a precise surgical blade ... Now that it's a little bigger than a breadbox, researchers want to use them to kill tumors, identify friend or foe during combat, and even remove tattoos.' Femtosecond lasers for eye surgery have been around for years now, but these new lasers are far smaller and promise to have much greater versatility."

NewYorkCountryLawyer writes "A Washington woman sued by the RIAA has asked the Court to award her attorneys fees, after the record company plaintiffs (Interscope Records, Capitol Records, SONY BMG, Atlantic Recording, BMG Music, and Virgin Records) dropped their case against her after two years of litigation, in Interscope v. Leadbetter. The brief submitted by her attorneys (pdf) pointed out the similarity between Ms. Leadbetter's case and Capitol v. Foster. In the Leadbetter case, as well as Foster case, the RIAA sued the woman solely because she had paid for an internet access account, and then later in the case attempted to plead 'secondary liability' against her without any factual basis for doing so. This tactic had been repudiated by Judge Lee R. West in Capitol v. Foster as 'marginal' and 'untested' in his initial decision awarding attorneys fees, and in his later decision denying the RIAA's motion for reconsideration."

Vicissidude sends us to Wired for a look at a fruit-harvesting robot being developed in California. Its development has been funded entirely by agricultural associations, concerned by the uncertainty surrounding migrant immigrant labor. Quoting: "As if the debate over immigration and guest worker programs wasn't complicated enough, now a couple of robots are rolling into the middle of it. Vision Robotics, a San Diego company, is working on a pair of robots that would trundle through orchards plucking oranges, apples or other fruit from the trees. In a few years, troops of these machines could perform the tedious and labor-intensive task of fruit picking that currently employs thousands of migrant workers each season."

Espectr0 writes "A Venezuelan professor along with his team have set a new record for the longest WiFi link. Using commodity hardware, they established a connection between a PC in El Águila, Venezuela, and one in Platillón Mountain, a distance of about 237 miles. The previous record was 193 miles. Slides [PDF] are also available."

Lux writes "Where will the car of the future come from? It's unlikely to come from anywhere you'd expect it to. Wired's money is on the car of the future coming from NASA. 'New technology that promises to revolutionize the automobile as we know it is emerging from research institutions and startups — and these innovations won't set you back $100,000 like a Tesla will... One experiment involves small electric motors located in the wheels of the CityCar, a tiny, nimble and practically silent vehicle with wheels that turn 360 degrees, enabling it to slip neatly into tight urban parking spaces. Others are looking to revolutionize the automobile's engine, not replace it.'"

Raver32 writes with Wired article about the strange juxtaposition of real life identities intruding on virtual world bliss. Voice chat is becoming a very common component of online games, from MMOGs to FPS titles. Many even bundle a voice chat service into the game client now. That's useful, tactically, but socially it can be downright frustrating, confusing, or awkward. "Recently I logged into World of Warcraft and I wound up questing alongside a mage and two dwarf warriors. I was the lowest-level newbie in the group, and the mage was the de-facto leader. He coached me on the details of each new quest, took the point position in dangerous fights and suggested tactics. He seemed like your classic virtual-world group leader: Confident, bold and streetsmart. But after a few hours he said he was getting tired of using text chat — and asked me to switch over to Ventrilo, an app that lets gamers chat using microphones and voice. I downloaded Ventrilo, logged in, dialed him up and ... realized he was an 11-year-old boy."

An anonymous reader writes "In a 6th circuit court decision [PDF] today 4th amendment expectation of privacy rights were extended to email. 'The ruling by the Sixth U.S. Circuit Court of Appeals in Ohio upholds a lower court ruling that placed a temporary injunction on e-mail searches in a fraud investigation against Steven Warshak, who runs a supplements company best known for a male enhancement product called Enzyte. Warshak hawks Enzyte using "Smiling Bob" ads that have gained some notoriety.'"

skotte writes "Wired is reporting that July 23 at the Citadel in Charleston, South Carolina, Anderson Cooper will host presidential debates in which debaters are asked 20-30 questions culled from a specially designated section of YouTube, where the voting populace can post questions directly. You and I (assuming you're American, probably) can ask questions ourselves, not just a reporter in a crowd. Candidates won't know which questions they are being asked, and the video selection process will remain a complete secret. Interesting, but also the slightest bit scary."

FatherBash writes "Friday marks the final day for citizens, corporations, and paid spinmeisters alike to file comments with government regulators on Net Neutrality. Wired has the story with a link to the FCC page where you too can throw in your two cents."

greenbird writes "Another patent fiasco has begun. Wired reports that a patent on location-based Internet searches was filed in 1996 and granted in 1999 (patent is here). A patent troll company name Geomas acquired the patent and has filed suit against Verizon in none other than Marshall, Texas. They claim this is the first in what will be a long line of lawsuits. Geomas has amassed a $20M war chest in venture capital to use for getting rich off of a clearly obvious idea."

firesquirt sends us an article from Wired about a survey they conducted to determine major ISPs' data retention and other privacy practices. Over a period of two months, four national ISPs would not give Wired the time of day; and another four answered some of their questions in a fashion not altogether reassuring.

The iPhone may have been the star at today's Apple event, but Joystiq points out that id software's debut of 'id Tech 5' is just as beautiful. There are no current details on the first title slated to use the engine. Just the same John Carmack had a few things to say, pointing out the technology's strong graphical and cross-platform performance: "What we've got here is the entire world with unique textures, 20GB of textures covering this track. They can go in and look at the world and, say, change the color of the mountaintop, or carve their name into the rock. They can change as much as they want on surfaces with no impact on the game ... We're going to be showing on a Mac, PC, PS3, and Xbox at E3, we'll have another Mac announcement at E3." Game|Life also points out that EA will be throwing support behind OS X, with releases of major titles like Command and Conquer 3, Battlefield 2142, Need For Speed Carbon, and Harry Potter and the Order of the Phoenix.

vigmeister writes "A group of Russian kids have uncovered and rebuilt some arcade games from the Soviet era. These games apparently offered free play when someone played well, but no list of hi-scores. Roughly 32 of them have been found and although they are based on other arcade games, I hope these games were unique enough to offer playability for the present day arcade game lovers. 'Based largely (and crudely) on early Japanese designs, the games were distributed -- in the words of one military manual -- for the purposes of "entertainment and active leisure, as well as the development of visual-estimation abilities." Production of the games ceased with the collapse of communism, and as Nintendo consoles and PCs flooded the former Soviet states, the old arcade games were either destroyed or disappeared into warehouses and basements. It was mostly out of nostalgia that four friends at Moscow State Technical University began scouring the country to rescue these old games. '"

An anonymous reader writes "Via Wired, a blog post in which BMC Software's Whurley and Google's Greg Stein agree that the GPL v3 is currently on a path that will alienate developers. Stein has an interesting theory called 'license pressure' which is similar to 'pricing pressure'. 'Due to pressure from developers, all software is moving towards permissive licensing" translation, the GPL and developers are moving in opposite directions ... Developers care about the licenses on the software they use and incorporate into their projects, they like permissive licenses, and they will increasingly demand permissive licenses.'"

Pcol writes "The New York Times is running a story about a woman who says her cat is clearly visible through the living room window of her second-floor apartment using Street View and that she has contacted Google asking that the photo be removed. 'The issue that I have ultimately is about where you draw the line between taking public photos and zooming in on people's lives,' Ms. Kalin-Casey said in an interview. 'The next step might be seeing books on my shelf. If the government was doing this, people would be outraged.' Wired has started a contest on the most interesting photos found using the new Google Tool that now includes sunbathing coeds, alleged drug deals, and the google van itself. 'I think that this product illustrates a tension between our First Amendment right to document public spaces around us, and the privacy interests people have as they go about their day,' says Kevin Bankston, a staff lawyer at the Electronic Frontier Foundation."

An anonymous reader writes "Wired is presenting a gallery of artwork that inspired Weta's collectible rayguns, plus exclusive photos of the retrofurist sidearms. The article offers more than just images; each weapon has a description of where they were inspired from, as well as possible uses. 'In this illustration by Greg Broadmore, a hunter poses with his latest kill and his elegant retrofurist rifle ... "I started drawing these things just for fun," says Broadmore. "I did dozens of designs, all really stylized and Flash Gordon looking. I remember those black and white serials playing on TV as a kid and the imagery always stuck with me. Really hokey, but really scary and weird at the same time. And, of course, if you're a fan of classic rayguns you'll see the influence of the old toy rayguns. The Buck Rogers disintegrator pistol -- of course directly referenced in Han Solo's blaster in Star Wars -- is iconic, and that original raygun, along with many others, inspired me massively.'"

javipas writes "On May 25th, 1977 the first film of the Star Wars Saga was released to theaters. Thirty years later, and celebrations are being held all around the globe. Wired has a series of articles entitled The Empire at 30, and many fans are posting about this particular birthday. For example, you can see the best 30 clips made by fans to celebrate this anniversary. The BBC is chronicling the journey of one man who had never seen Star Wars before. IGN has a rundown on some of the highlights of the Celebration convention, running this weekend."

Some excellent news for Nintendo fans: two of the 'big three' games are coming out this year. At an event held in Washington state Reggie Fils-Aime was able to confirm that Smash Bros. and Super Mario Galaxy will be released before the end of the year. Excellent to hear such news, of course ... but other people had different priorities. For Metroid fans, it does indeed look like Samus will have to wait until 2008. Other than that, the company was all good news in general: "Typically, about half of home consoles in Japan are placed in the living room -- with Wii that figure is 75%. In France, 15 of the top 15 games recently were Nintendo. In the US, Fils-Aime says they are seeing 'early signs of significant market change.' The number of female purchasers of hardware are up 42%. The number of people over age of 30 purchasing Nintendo DS is up 127%. Tighten that age range to people over 35, and the number is up 212%. 40% of Wii owners have connected to the internet. 3.3 million plus Virtual Console downloads." Game|Life has hands-on impressions of Brain Age 2 and Mario Strikers Charged , two of the new games shown off at the event.

Some excellent news for Nintendo fans: two of the 'big three' games are coming out this year. At an event held in Washington state Reggie Fils-Aime was able to confirm that Smash Bros. and Super Mario Galaxy will be released before the end of the year. Excellent to hear such news, of course ... but other people had different priorities. For Metroid fans, it does indeed look like Samus will have to wait until 2008. Other than that, the company was all good news in general: "Typically, about half of home consoles in Japan are placed in the living room -- with Wii that figure is 75%. In France, 15 of the top 15 games recently were Nintendo. In the US, Fils-Aime says they are seeing 'early signs of significant market change.' The number of female purchasers of hardware are up 42%. The number of people over age of 30 purchasing Nintendo DS is up 127%. Tighten that age range to people over 35, and the number is up 212%. 40% of Wii owners have connected to the internet. 3.3 million plus Virtual Console downloads." Game|Life has hands-on impressions of Brain Age 2 and Mario Strikers Charged , two of the new games shown off at the event.

Some excellent news for Nintendo fans: two of the 'big three' games are coming out this year. At an event held in Washington state Reggie Fils-Aime was able to confirm that Smash Bros. and Super Mario Galaxy will be released before the end of the year. Excellent to hear such news, of course ... but other people had different priorities. For Metroid fans, it does indeed look like Samus will have to wait until 2008. Other than that, the company was all good news in general: "Typically, about half of home consoles in Japan are placed in the living room -- with Wii that figure is 75%. In France, 15 of the top 15 games recently were Nintendo. In the US, Fils-Aime says they are seeing 'early signs of significant market change.' The number of female purchasers of hardware are up 42%. The number of people over age of 30 purchasing Nintendo DS is up 127%. Tighten that age range to people over 35, and the number is up 212%. 40% of Wii owners have connected to the internet. 3.3 million plus Virtual Console downloads." Game|Life has hands-on impressions of Brain Age 2 and Mario Strikers Charged , two of the new games shown off at the event.

Frequent Slashdot contributor Bennett Haselton gives the full-disclosure treatment to the widely known and surprisingly simple technique for finding treasure-troves of credit card numbers online. He points out how the credit-card companies could plug this hole at trivial expense, saving themselves untold millions in losses from bogus transactions, and saving their customers some serious hassles. Read on for Bennet's article.
Some "script kiddie" tricks still work after all: Take the first 8 digits of a standard 16-digit credit card number. Search for them on Google in "nnnn nnnn" form. Since the 8-digit prefix of a given card number is often shared with many other cards, about 1/4 of credit card numbers in my random test, turned up pages that included other credit card numbers, and about 1 in 10 turned up a "treasure trove" of card numbers that were exposed through someone's sloppily written Web app. If the numbers were displayed along with people's names and phone numbers, sometimes I would call the users to tell them that I'd found their cards on the Internet, and many of them said that the cards were still active and that this was the first they'd heard that the numbers had been compromised.

Now, before this gets a lot of people mad, let me say that at first I was planning on holding off writing about this for months if necessary, to give the credit card companies time to do something about it. In other words, I actually had the presumptuousness to think that I had been the first one to discover it, but only because the credit card numbers that I found were still active. (If the trick had been widely known, I reasoned, surely the credit card companies would have found any credit card numbers listed in Google before I did, and gotten them cancelled.) Then I found that the trick had been publicized about three years earlier in a C-Net article by Robert Lemos and was probably widely known even before that. (The article stops just short of describing the actual technique, but one reader posted the full details in a follow-up comment.) Another article from that year in CRM Daily describes an even more efficient trick: Googling for number ranges like 4060000000000000..4060999999999999 to find Visa card numbers beginning with "4060". Google has now blocked that trick, so that trying that as a Google search leads to an error page. But the basic technique of Googling for working credit card numbers, apparently still works. In other words, credit card companies have apparently known about this technique for at least three years, probably longer, and presumably have hoped it would continue being swept under the rug.

At this point, I think the right thing to do is to shine a light on the problem and insist that they fix it as soon as possible. It may result in a short-term spike in people using this technique, but if it results in the problem being fixed, then the total number of fraud incidents will probably be less in the long run.

It would be simple for companies like Visa, MasterCard, and Discover to take a list of the most common 8-digit prefixes, query for them every day on Google, and de-activate any new credit card numbers that were found that way. (American Express cards are apparently not vulnerable to this trick, because when their 15-digit card numbers are written with spaces, they are usually written in the format "3xxx xxxxxx xxxxx", and Googling for the first 10 digits as "3xxx xxxxxx" didn't yield anything in my random test of ten AmEx numbers. But this is still their problem too, since the searches that turn up "treasure troves" of card numbers usually include AmEx numbers as well.) A Perl programmer could write a script in one afternoon that could run through all the known 8-digit prefixes, parse the search results, and pick out any URLs that weren't listed as matches the day before. From there, the search results would have to be reviewed by a human, in order to spot any situations where one credit card number was exposed at one URL, and a slight variation on the same URL (such as varying an order ID number) would expose other credit card numbers as well, which was the case with several of the hits that I found. Simple, but time-consuming with so many different 8-digit prefixes -- but every minute of effort expended on tracking down and canceling leaked credit card numbers, would save time and grief later by preventing the numbers from being used by criminals. If it would save them time in the long run and help prevent fraud, then why don't they do this?

It's considered good etiquette among security researchers, when finding a new security hole, to give the affected companies a chance to fix the issue before publicizing it. When I first contacted the credit card companies and described exactly how the exploit worked and how to block it, after getting a polite "We can't comment" from each one, I figured I'd give them a few months to get a system in place that could find leaked cards on a daily basis and de-activate them before they could be used. But then I found the C-Net article from 2004, and figured that if the card companies hadn't taken action in three years, it was fair game to publicize the trick in order to increase the pressure on them to plug the gap. Of course, it's not the card companies' fault that these card numbers are leaked onto the Web; it's the fault of the merchants that allowed them to get leaked. But the credit card companies are the only ones who are in a position to do something about it.

I did try the "Good Samaritan" approach, calling the credit card companies when I found one of their customers' card numbers on the Web. For each of the four major card companies, I called their security departments and reported two of the cards that I had found compromised, and then a week later, called the cardholders themselves to see if the card companies had notified them. Surprisingly, of the four companies, American Express was the only one whose customers in this experiment, when I called them a week later, said that AmEx had contacted them and told them to change their numbers. But even if all four credit card companies were more proactive about acting on reports of leaked numbers, the problems with scaling this approach are that (a) I usually had to wait on hold for a few minutes with each company and then spell out each card number that I'd found, which doesn't scale for a large number of stolen card numbers, and (b) if lots of people started doing this, then the credit card companies would be inundated with duplicate reports about the "low-hanging fruit", card numbers with common prefixes that appear near the top of some Google search result. Both problems could be avoided if the card companies simply ran their own script that queried Google and brought up a list of any indexed card numbers, whereupon an employee could copy and paste the numbers into an interface that would flag the cards instantly.

Google does have a feature where you can request the removal of pages that contain credit card numbers and other personal data such as Social Security Numbers. Any pages that I found containing credit card data, I submitted for removal, and Google did handle each removal request within two days. But this doesn't guard against the possibility that someone might have found the credit card information before it was removed, and of course it doesn't mean that other search engines like Alta Vista (remember Alta Vista?) might not have indexed the same pages. Running a sample of 8-digit prefix searches on Alta Vista, I found about as many credit cards as I found through Google, including some pages that were not in the Google index (maybe Google never indexed them, or maybe they had removed them already). So removing a page from any engine's search results is more like covering up a symptom of a problem than fixing the problem itself, which is the fact that the card number was leaked to the Web in the first place.

If nothing else, this is another reminder of how terrible the security model is for credit card numbers as a token of payment -- one universal piece of information shared with every merchant, that can be used for unlimited unauthorized charges if it gets compromised, until someone notices. About the only desirable property of credit card numbers from a security point of view is that they can be changed, and most of your existing recurring billing relationships will carry over, but even that is a hassle. Several credit card companies do provide the ability to generate single-use credit card numbers, each one authorized only for a limited purchase amount. The problem with that is that as any security analyst will tell you, if it takes even one extra step, most people won't bother -- as long as all-purpose credit card numbers are the default, that's what most people will use. Perhaps incidents like this will push people towards more 21st-century-aware styles of payment (like PayPal, but without all the horror stories), where you can pay a bill through a system that debits your card or your bank account, without sharing all your information with the merchant.

But in the short term, as long as credit card numbers are still with us, the card companies should make more proactive efforts to find and deactivate the ones that have been leaked on the Internet. If the card numbers are found to be leaked by a clumsy Web interface on one company's site, then that company should be chastised by the card companies that issued them a merchant account. If the numbers are found together in a list posted on some third-party forum, then the companies can cross-reference the charge history against each card in the list, to narrow down which merchant may have been responsible for the leak. I'm sure the card companies do something like this already when they find a list of leaked cards; what they don't seem to be doing is acting aggressively enough to find the leaked numbers in the first place.

Maybe the real moral is not the insecurity of credit card numbers, but the value of transparency and online community relations. If MasterCard had been a hip company like Wikia, some volunteer probably would have discovered this attack very early, and another volunteer would have written an open-source tool to find and deactivate leaked MasterCard numbers automatically, and the problem would have been solved ten years ago. In fact many tech companies, if you report a security problem to them, will thank you and fix it immediately, and some of them will even offer you cash if you find any more, like Netscape used to do with their $1,000 Bugs Bounty program. We get so used to big companies having obvious holes in their security practices and answering every question about security with a flat "No comment", that we forget it doesn't have to be that way -- transparency is not just trendy, it works. After years of having bug hunters poke at the Netscape browser, the security may not have been perfect, but it didn't have any security holes that were as simple and obvious as to be analogous to finding credit card numbers on Google.

teflonscout writes "When I think of bulletproof vests, the first word that comes to mind is Kevlar. Wired is running a story on Dynema SB61, a bulletproof material that is made of polyethylene. It is a higher grade of the plastic found in Tupperware. The story also mentions the recall of Second Chance bulletproof vests that were made from Zylon, a material that degraded slowly when exposed to moisture. At least one police officer was injured when a bullet penetrated his Zylon vest. Polyethylene is impervious to moisture. The first vests made from this new material are 5mm thick and can stop a 9mm bullet traveling at 1777 feet per second, which is slightly better than other top of the line vests."

After the FBI mistakenly targeted him as a terror suspect five years ago, art professor Hasan Elahi began recording his entire life online for the perusal of government agents or anyone else who wants to look in. "I've discovered that the best way to protect your privacy is to give it away," he says, grinning. "It's economics. I flood the market."

abhinav_pc writes "Wired is carrying an article pondering whether Firefox has become big and bloated, much like IE. As the browser's popularity has risen, the interest in cramming more features into the product has as well. Slowdowns and feature creep have some users asking for a return to the days of the 'slim and sexy' Firefox. 'Firefox's page-cache mechanism, for example, introduced in version 1.5, stores the last eight visited pages in the computer's memory. Caching pages in memory allows faster back browsing, but it can also leave a lot less memory for other applications to use. Less available RAM equals a less-responsive computer. Firefox addresses this issue somewhat, setting the default cache lower on computers with less than a gigabyte of RAM. Though the jury is still out on where the perfect balance between too many and too few features lies, one truth is apparent: The new web is pushing our browsers to the limit.'"

qeorqe writes "For the tenth anniversary of Deep Blue's victory over the world chess champion Garry Kasparov, Wired has an interview with Deep Blue developer Murray Cambell. The discuss the power of the now-aging supercomputer (equivalent to just one Cell processor), and the nonexistent future of PC vs. Human chess contests. 'It's almost the end of the story for chess in the sense that matches between chess machines and grand masters are becoming less interesting because it's so difficult for the human grand masters to compete successfully. They're even taking relatively dramatic steps like giving handicaps to computers, making them play the game with a pawn less or playing the game with less time. We're past the stage where there's a debate about who's better -- machines or grand masters -- and we're just looking for interesting ways to make the competition fairer.'"

Khyber writes to let us know that First Word Records, a U.K.-based record label, is now selling vinyl records that come with codes that allow you to download a 320-kbit MP3 of that record's content. The article mentions another independent label, Saddle Creek, that also offers DRM-free downloads with some vinyl records. The co-founder of First Word is quoted on why they didn't DRM the download: "Making a legal, paid-for version of the file less useful than a copied or pirated one doesn't make sense."

Skidge writes "Wired is running a piece showing the drastically reduced mileage ratings for hybrids after the upcoming changes in gas mileage calculations by the EPA. While the cars themselves aren't changing, plugging these new numbers in to the equation makes a hybrid much less cost effective: "The two top-selling hybrid vehicles, the Prius and Honda's Civic Hybrid, will lose 12 and 11 miles per gallon respectively from their city driving estimates." The new values come from more realistic testing; the old, over-inflated ratings were higher in part because the cars idled a lot, allowing the hybrids to completely turn off their engines. The new ratings should be more in line with what hybrid drivers are actually seeing."

Alien54 wrote with a link to a Wired blog entry noting that May 14th is the official deadline for internet service providers to modify their networks, and meet the FBI and FCC's new regulations. The Communications Assistance for Law Enforcement Act requires that everyone from cable services to Universities give them access, within certain parameters, to the usage habits of customers. "So, if you're a broadband provider (separately, some VOIP companies are covered too) ... Hurry! The deadline has already passed to file an FCC form 445, certifying that you're on schedule, or explaining why you're not. You can also find the 68-page official industry spec for internet surveillance here. It'll cost you $164.00 to download, but then you'll know exactly what format to use when delivering customer packets to federal or local law enforcement, including 'e-mail, instant messaging records, web-browsing information and other information sent or received through a user's broadband connection, including on-line banking activity.'"

k1980pc writes "In a nice twist to the recent discussion on Slashdot, PC World editor Harry McCracken has returned to the magazine. In turn, Colin Crawford has been removed as PC World's CEO, where 'he will be responsible for driving IDG's online strategy and initiatives in support of our web-centric business focus' ... safely out of the way of the magazine editors. McCracken was pleased to return to his position: 'I'm thrilled to be back with the PC World team. IDG is a company I've loved working for over the past 16 years, and one with a remarkable history of enabling editors to serve our customers--the millions of people who depend on our content online and in print.'"

Yesterday was Square/Enix's annual media party, and there were a couple of interesting announcements. Game|Life's Chris Kohler was there, and reports on the most interesting announcement: a Final Fantasy XII re-envisioning entitled International: Zodiac Job System. The title will feature the same story, a further-refined combat system, and a series of 12 separate license boards. Each board corresponds to a traditional FF 'job', like Monk or Red Mage; at the moment there is no plan to release it in the states. Other announcements include word that Star Ocean will get the remake treatment, with the first two games coming to the PSP sometime in the future. They are also working on a next-gen Star Ocean 4; no details about that. Crystal Chronicles for the DS drops in August in Japan, no US release date was given. Finally, screenshots and videos of The Last Remnant capped off the event; we talked about the game earlier this week when it was announced.

Yesterday was Square/Enix's annual media party, and there were a couple of interesting announcements. Game|Life's Chris Kohler was there, and reports on the most interesting announcement: a Final Fantasy XII re-envisioning entitled International: Zodiac Job System. The title will feature the same story, a further-refined combat system, and a series of 12 separate license boards. Each board corresponds to a traditional FF 'job', like Monk or Red Mage; at the moment there is no plan to release it in the states. Other announcements include word that Star Ocean will get the remake treatment, with the first two games coming to the PSP sometime in the future. They are also working on a next-gen Star Ocean 4; no details about that. Crystal Chronicles for the DS drops in August in Japan, no US release date was given. Finally, screenshots and videos of The Last Remnant capped off the event; we talked about the game earlier this week when it was announced.

Yesterday was Square/Enix's annual media party, and there were a couple of interesting announcements. Game|Life's Chris Kohler was there, and reports on the most interesting announcement: a Final Fantasy XII re-envisioning entitled International: Zodiac Job System. The title will feature the same story, a further-refined combat system, and a series of 12 separate license boards. Each board corresponds to a traditional FF 'job', like Monk or Red Mage; at the moment there is no plan to release it in the states. Other announcements include word that Star Ocean will get the remake treatment, with the first two games coming to the PSP sometime in the future. They are also working on a next-gen Star Ocean 4; no details about that. Crystal Chronicles for the DS drops in August in Japan, no US release date was given. Finally, screenshots and videos of The Last Remnant capped off the event; we talked about the game earlier this week when it was announced.

Yesterday was Square/Enix's annual media party, and there were a couple of interesting announcements. Game|Life's Chris Kohler was there, and reports on the most interesting announcement: a Final Fantasy XII re-envisioning entitled International: Zodiac Job System. The title will feature the same story, a further-refined combat system, and a series of 12 separate license boards. Each board corresponds to a traditional FF 'job', like Monk or Red Mage; at the moment there is no plan to release it in the states. Other announcements include word that Star Ocean will get the remake treatment, with the first two games coming to the PSP sometime in the future. They are also working on a next-gen Star Ocean 4; no details about that. Crystal Chronicles for the DS drops in August in Japan, no US release date was given. Finally, screenshots and videos of The Last Remnant capped off the event; we talked about the game earlier this week when it was announced.