Slashdot Mirror
Slashback: Texasocial, Networking, Attacks
Why meet people in real life? Roland Piquepaille writes "I wrote [Saturday] a column about social-network mapping tools mentioned by Slashdot. Slashdot readers sent me many comments and e-mails about other visualization tools. Here are these new tools, in no particular order: email constellations, Apache Agora, NetVis Module, EtherApe, inGridX, NameBase's Proximity Search, Surf3D Pro and the dazzling KartOO. Finally, a reader talked about another kind of tools, the Visual Thesaurus. This web tool is not about social mapping, but it shows graphical connections between words. In this previous column, "The Visual Thesaurus: What Does it Show About Thanksgiving?," I already explored this very funny tool. Check this new story for more the details about all these tools."
Update: 03/19 00:34 GMT by T : Directly related: Josh Tyler writes "Related to a recent Slashdot posting on social networks is this paper on automatically discovering communities based on email data, just published by our group at HP Labs. We find that simple communication data is enough to identify communities, both formal and informal, and possibly even to identify the leaders of these groups."
Speaking of online community ... TGK writes "Audioscrobbler (which many of us visited the first time it was posted here) has a new site up, and most importantly, new plugins for XMMS and Winamp 3."
From the site, a capsule description of what Audioscrobbler does: "It grows to know what music you like by monitoring what songs you play on your computer. From this information you can discover other users that share some or all of your taste in music."
Feedback is always cool. An anonymous reader writes: "Sudhakar Govindavajhala, co-author of the paper referenced by the Saturday Slashdot article 'Using Memory Errors to Attack a Virtual Machine,' has responded to many of your [Slashdot readers'] questions and comments. His commentary is located at his Princeton CS website."
Another reason that Social Security isn't. GregAllen writes "Remember the recent case of SSN data theft at The University of Texas? A student has turned himself in. In his confession he says that he acted alone, and had no intention to disseminate the information. Maybe this will convince them to stop using SSNs for student IDs." Bonker also points out that "Salon is carrying an AP article that's a followup to the story a few days ago about the mass of Social Security Numbers stolen from University of Texas. Christopher Andrew Phillips is described as a 'fine young man who has never before been in trouble with the law'. Apparently he wrote a program 'to access a university Web site that tracks employees who attend training classes'. Whether or not this was done for illegitimate purposes remains to be seen. As a former UTA student, I'm glad my SSN is no longer in danger!"
What's the state of the device? An anonymous reader writes "N-Philes.com did another State of the GBA Industry Article and Roundtable. Here is the Industry Article, and here is the Roundtable"
Update: 03/19 00:34 GMT by T : And one more presroi writes "Just one week after even slashdot has noticed the new 2.2.24 linux kernel, Alan Cox has announced a new version due to a security issue found in 2.2 as well as in the 2.4 branch. I hope that we all were to lazy to upgrade from 2.2.X to .24 until now :)"
Is it just me or is this article confusing and without a topic?
I *think* there was some precedent on this;
something about a guy who stole money / robbed a store JUST so that he would go to jail to be away from his wife. The judge decided that since he was not stealing with the intention of theft, he was not guilty and don't get to goto jail. (in the other words, be still under the whips and chains of his wife - which might be a fitting punishment?)
Could have just been a joke that I took for real, though...
My life in the land of the rising sun.
while I cannot *stand* any institution using SSNs for anything not money related (financial aid) it is a near necessity...
I went to BGSU and we had P00 numbers as our student ID (P001123344 for example). While I remember mine from BGSU the college I currently work for has "student IDs" as well but they are not as widely known (most of the foreign students w/o SSNs know theirs but not many others).
So if colleges didn't use them MANY people would have problems getting the info they needed b/c searching through 10000 Michael John Smith's is a pain in the ass.
Didn't someone write a script measuring people's degrees of separation from each other on slashdot via Zoo?
sulli
RTFJ.
what steps are being taken to protect the data and users privacy ? hypothetically if a large company offers say a million dollars to use the data how protected are the users who contribute or are they for sale to the highest bidder ?
or is it a case of when they hand over the cash the project leaders will be rich so who cares
That system must really stink!
We all know that Slashdot has too many dupes. So, do we really need Slashbacks? Most stories that warrant updates are normally posted as dupes (or "updates" in the case of the xpde article) again later, so why keep the Slashbacks? Especially ones that cover completely unrelated topics?
With that out of the way, I may as well have a valid, on-topic comment. For the SSN thief, wouldn't it just be easier for a malicious student to install a keylogger? I'm sure that someone would think of doing that in almost every school, so why aren't SSN/Credit Card Numbers/etc stolen more often in this manner? (Maybe they are, but the students don't get caught.)
I can't say I like the idea of having music served up and tailored to my personal tastes... I'd rather go and try new things. Although I'm sure Audioscrobbler helps you do this to some extent, the best way to broaden your musical horizons will always be to talk to other people - even if they don't really share your tastes. On a side note, I love the statistics page - I'm suprised that so many people listen to Radiohead, and it's cool to see that the most popular song ("Karma Police") also happens to be my favorite. If I got Audoscrobbler, it would be just to contribute to those lists.
I produce electronic music and write little games. Have a look.
Also worth noting: Scrobbler is going open-source.
See Developer Mailing List
Sourceforge projects:
Main
XMMS Plugin
Winamp Plugin
iTunes Plugin
Hmmmn on balance I should probably tell RJ to consolidate the projects into one and use modules... Ah well
I thought about this for a moment (just one, just one moment) and came to the conclusion that I actually have no idea why an instition would use SSNs (or SINs) to internally identify their members. The university I go to has their own student numbering system and we seem to do fine. It's not difficult at all to remember a 7 digit code that you find you have to write down at least 5 times a week. *shrug*
A prestigious university mistakenly leaves several thousand dollars in cash in laundry baskets by their back door.
A homeless man wandering through and picking up trash to see if it is edible comes across the laundry baskets, and surprised, takes them and wanders away.
Several days later when the homeless man sees a news report that the university is looking for its bales of money, he turns himself in.
Is the homeless man guilty of theft? What about trespassing on university property?
So basically, it's OK to use SSN because students aren't smart enough or are too lazy to learn a new PIN. While the PIN seems pretty long, I still see no reason for an SSN. Between phone #, address, etc, you should be able to identify your Michael John Smiths. Being that the identifier given is relatively the same length as an SIN (at least ones around here) - why couldn't anyone who memorizes their SIN memorize the ID.
For those that can't... put it in your damn wallet on a card or something, because with the SIN they're probably referencing their card anyhow.
Sounds like a joke. Although IANAL, I think with respect to the SSN case there is intent. He intended to illegally access/aquire the data.
A good example of lack of intent may be running into a hardware store and running out with a fire extinguisher because a car in the parking lot is on fire.
"As a former UTA student, I'm glad my SSN is no longer in danger!"
Depends on how long ago you attended. Most universities keep your record on file indefinitely right along with active students indefinitely. I have a friend who works in the student services division of my university. She tells me that she routinely has to perform maintenance on records of people who graduated 10 or more years ago. You may want to call your uni and tell them to remove you if they haven't done so already.
what steps are being taken to protect the data and users privacy ? [... is the info] for sale to the highest bidder ?
What privacy?
The whole POINT of the service is to tell other users who listen to similar music who you are.
So execs don't even need to buy the info in a special transaction. Just subscribe a pseudo-user who "listens to the songs" they're interested in, and BINGO! The service gives 'em a contact list.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
In the school system I used to attend (I won't name it, but it's a K-12 district), studends were assigned student ID numbers which were recycled when the student left. Faculty members, however, didn't get such a priveledge, and instead were tracked by their SSNs. Although this information was not supposed to be available, I was able to gain access without much work (and I suspect I could still do so). In fact, I have a file on my computer right now (encrypted of course) containing the names and SSNs of every faculty member of the entire district as of when I left. This includes janitors, teachers, principals, district administrators - anyone with an account on their system.
:)
The problem seems to stem from the lack of knowledge of the people in charge of running the system. The "technology admin" at my school looked to me like he was chosen as the teacher who knew the most about computers- certainly not hired as a professional.
This district has no idea I have this data, and I don't intend to tell them. Most of the faculty there didn't like me much anyway, and I'm not putting myself at risk for those bastards. They're just lucky I have too much integrity to use it for evil
A local supermarket had their safe right up front for easy access and so everyone could see anyone who fooled with it. To discourage crime, so to speak.
So, while waiting, a friend of mine just went up and started to spin the dial and try the handle. He had no intention of taking any money if the safe opened, he was just playing with it to pass the time.
This is not a crime, there was no criminal act (stealing), nor any criminal intent (say, learning the combination so he could steal money later).
The manager had a fit anyway.
Can't wait to get home and install this.
Finally a way to find more music I like w/o haveing to download gigs of crap. (Yes, of *course* I own all the CDs for the music I download, you ignorant clod)
Antoher Free (someguy who hacked x thing) Group
Eg. Free Kevin
I'm at Cambridge University, where students get a username consisting of their initials plus a (by now fairly large) sequential number (so John Michael Smith might be jms112), which tends to be a lot more memorable (only 3 arbitrary digits to remember). Students use these as their e-mail addresses and to log in to all lab or library computers, so they're easy to remember from frequent use as well.
This userID also appears on the college food/rent bill, so I assume they're just using these usernames as the unique identifiers in their billing system (which seems to make sense; after all, you're going to have a slightly memorable username generated for you anyway).
It's base-64 encoded, but when I decode the message body the only readable part is:
Science and Human Rights Program <shrp@aaas.org>
There is nothing meaningful in the title, but perhaps it's a foreign character set or a binary that just happens to have a string embedded in it.
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
The XPde (featured recently) website has been down since yesterday. Anyone know why?
I'm surprised this was marked "off-topic"! This Slashback linked to Sudhakar's very cool summary of the memory errors article, and his usage of "shud" _SHOULD_ be criticised. Yes, the author's native language may not be English, but if you're going to write technical documentation and expect people to take you seriously, knowing how to spell common words, or at the very least, being expected to use a spelling checker, is not too unreasonable.
I see examples of bad spelling and grammatical illiteracy among _many_ geeks in IT -- and it's just disturbing.
The moderator must have been a product of the American so-called education system.
I'm having a tough time figuring out what Audioscrobbler's privacy policy is. Is RJ collecting information to sell to marketers? Does this bother anyone that there is no up-front privacy policy? Or is everyone too busy saying geewhiz?
Seriously, what law was broken here? If the university left a list of student/faculty names and SSNs on the sidewalk and someone picked it up, with no intent to commit fraud etc., would that be crime?
Suppose someone from the school administration had memorized everyone's SSN and sat in the student union and would answer questions of the form, "do you know who has xxx-xx-xxxx as their SSN?" If students (or others) asked questions of this form and eventually learned a list of SSNs, would this be a crime? And who would be guilty, the questioners, or the idiot that was giving out confidential information without the owner's consent?
In this case the moron who created the web site was answering this question indirectly over the Internet. Who's at fault? The guy who took the time to ask the questions, or the dork who made it possible to get the answers?
In going through some old papers from my grad school days, I found my carbon copy of a grade report which lists student names and SSNs (along with their grades in the class I taught). Am I guilty of a crime for possessing that list? Clearly, I was trusted with that information because I was hired to teach a class, so isn't it my responsibility to keep that information confidential? It seems to me the web author has the same responsibility.
Obviously, it's a very different situation if someone does something illegal with the list, but just building the list from publicly available information doesn't seem like a crime to me. Making the list easy to publicly deduce seems like the real crime in this case.
...for those blankety-blanks at UT to even start sending out those letters? This is their idea of rapid response? How long does it take to do a mail merge?! Obviously, their priorities were elsewhere (CYA).
And why haven't they expelled the jerk who did it?
How about something that monitors what music I like and what music I skip past, and automatically generates a playlist linking various songs together? [He listened to X all the way through, but skipped past Y, then listened to Z. However, after listening to Q and P, he would listen to Y all the way through- so when he skips past Q, dont play Y, go to P]
"mood-based" playlists that generate themselves. Why not?
-- 'The' Lord and Master Bitman On High, Master Of All
Holy shit, that's hysterical!
How long till someone takes data from these tools and publishes...
"Ultimate Internet Seduction Guide".
Seriously, if it studies our social networks, it could be really useful to people who have trouble forming networks... Study what it says about your own networks, and see where you are weak.
regardless of intent, it is called asportation, it involves the physically relocating objects. I am not sure if it covers DATA though....
Asportation is what they get the smart a$$es in stores who ACT like they are stealing somthing then put it down elsewhere..
asportation
n. removal, especially crime of removing property.
errr....umm...*whooosh* *whoosh* Is this thing on ?
Welcome to TEX, the telephone enrollment exchange at the University of Texas at Austin. TEX is currently scheduling classes for the...Fall...19...92 semester...
What is novel in the HP paper is the automated identification of groups. That is an interesting analysis of graphs.
I went to a fine (*cough*) engineering school. At the time I attended, all Unix accounts (and email addresses) were of the form of [three initials][last four SSN]. Since the first three and the middle two can be deduced (though not easily) from your state and year of birth, this means that there are thousands of student's SSNs that are at least partially out there.
BTW, Unix accounts were mandatory for a good number of classes.
=Blue(23)
LITTLE GIRL: But which cookie will you eat FIRST? C. MONSTER: Me think you have misconception of cookie-eating process.
One poor sap turned himself in. How many others are laughing away with even more than he got?
Friends don't help friends install M$ junk.
I've heard so many varations on this story. It's an urban legend.
slashdot, news for criminals, techniques that work.
Heck; with all of us adamently defending these kids, when will the feds get the bright idea that slashdot is in fact "news for terroists, stuff that'll get you shot"?
My life in the land of the rising sun.
I just earned my PhD from UT-Austin and after hearing the name of the student who confessed to the SSN theft I hunted around for a photo and found that, yes indeed, this was the same Chris Phillips who was in my Calculus "Emerging Scholars Program" Workshop last year. What makes this more striking to me is that rather than the typical TA sessions of 50+ students, the ESP workshops only comprised about 10 students meeting three times a week for two hours at a shot. So I actually got to know my students pretty well, or so I thought...
This is just plane freaky!
I hereby place the above post in the public domain.
you think just because you're a former student that your SSN is no longer in danger??? HAHAHAHAHAHAHA!!!!
Your SSN has been spread around every information source on that campus and will linger forever in some form or another. My SSN is also my student ID at my school (TAMU), and I'm 100% seriously planning to get a new SSN after I'm done with grad school. AFAIK, that's the only way to have a completely clean slate in terms of people not knowing your SSN.
Don't become a regular here, you will become retarded. -- Yoda the Retard
From what I've heard, it doesn't sound like he broke any security. He just wrote a script that attempted logins with various SSNs, and recorded successes. The site login was so braindead that it didn't even cross-reference against last name. Unlike a dictionary attack to guess a password, which is given the legal presumption of being private data, he was tossing up perfectly public SSNs. He's apparently also being charged with impersonating another in the commission of a felony, or something like that. Depending on what the site login screen asks, he may have been impersonating other people, but if he's not gaining access improperly, because he's only using public data anyway, then that doesn't apply because he wasn't committing a felony to begin with.
WARNING: there is a trojan on your
There's something fundamental that every commentator I see here is missiing. The reason UT uses SSNs as the student ID numbers is because the state of Texas uses 'em. All people employed in education by the state - professors, primary and secondary teachers (yes, ALL the public schools), administrators, UT's president, janitors, everyone, is identified in the central certification records by their federal SSNs. Texas takes the number for all driver's licenses as well. Most schools as far as I know also use SSNs whenever possible as IDs for students (i.e. for kids) - I know the very large urban district I work for does. People concerned with civil liberties rightly worry about the dangers of a national ID number. Well, that battle is already lost in Texas - they already have it, and used the federal number for it! (Awfully efficient of them, isn't it?) As that debate continues, don't expect any legislator from Texas to weigh in with an opinion against it. For you crackers out there, get the right computer in Texas, and you get the data on a huge (or even all) percentage of the adult population of the state. What fun.
Look, everyone employed by a state educational institution in Texas, and most of the students as well, are identified in Texas state records by their federal SSN. I work in a school and I have or could easily accumulate over a relatively short period of time the SSNs of dozens of staff and faculty members. I have ALL my students' numbers (and in a remarkably short number of years they'll all be getting those credit cards they offer to college students....). It actually speaks well of the integrity of teachers, professors, and administrators that this has happened so rarely, for Texas has set up a situation where a LOT of people could get fucked.
I work at a University in south Texas somewhere within the near vicinity of UT Austin (*wink, *wink, *nudge, *nudge, *grin, *grin, say no more) in an IT department on campus. We've known for years that using someone's SSN was a bad idea, and we've tried time and time again to tell our clients (the departments within our office, and other offices across campus) this, but the business heads mostly turn a deaf ear, and our clients are too short-sighted (or stupid) to think of any way to associate data with a particular student with any other identifier other than an SSN. For any web applications we develop for these clients where students (prospective, current, alumni) can do whatever online, we have to butt heads every time when we inform them, "Hey, we can't require students to enter an SSN", but they still want the field on the form (if someone is signing up for something, for instance). We do what we can technologically to mask the data, but it's still there in one form or another. There's other problems too. We're a pretty big shop with a good budget, but there are a number of smaller shops on campus that have just enough budget to afford servers and software (gotta love those academic licensing prices!) but can't afford to hire someone to properly administer (secure) the environment. Shit, there are mails servers in colleges all over campus that aren't using SSL. Be afraid of the kid in his dorm who cracked a router and is sniffing traffic, or sitting in the library sniffing the wireless airwaves.
But, I digress: There's been talk for years of changing from SSNs to something else, but never any progress. I really hope this spurs the change.
Spread the RC luvin'
I am a student at the University of Texas and I think there a couple of things that need to be clarified here. First of all, the SSNs that were accessed are, for the most part, not student SSNs, they are SSNs of employees of the University (some of whom are also students). Read the article again, you will notice that he accessed a web site that tracks employees who signed up for training classes. This means that the SSNs are from tax forms and not student IDs. Secondly, UT Austin no longer uses SSNs as student IDs. I am a recent addition to the student body so I don't know how long this has been true, but the ID cards have a 16 digit number printed on them that you would use whenever that is necessary and that the Electronic ID (EID) is a user-assigned login and password combination and that the social security number is no longer part of the information available electronically even to the student. That was a change that happened just last semester. Students interact with the university electronically with the EID not with an SSN. The only time a student needs to use the SSN is when trying to change the EID (which they have to do in person, with photo ID). So, in the end it is ironic that most of the complaints about the use of SSNs as Student ID numbers, good discussion that it is, has nothing to do with the UT hack!
Keving Mitnick didn't intend to use information that he acquired from hacking for personal gain. Remember what happened to him?
What a relief!
At least in Michigan you don't even have to leave the store to be shoplifting. It depends on the store layout, but simply bypassing the register without paying for an item from the store can constitute shoplifting. This is why many stores make a point of placing the register in a position such that you have no way of exiting without definitely passing the register, and there is nothing between the register and the door. (vs. the common "mall store" layout where the register is at the middle or back of the store, enticing you into the store and forcing you to walk past as much of the merchandise as possible.)
If there is no valid reason for you to have passed the register (to look at a display etc) and no way for you to have mistakenly passed it, the store CAN nab you right there, although they will still usually wait until you get to the door. (makes a better legal case, and accidents do happen so why piss off an honest customer who makes an accident)
Funny shoplifting story: My neighbor was a security guard for Montgomery Ward. One pair of theves almost got away with stealing a canoe! They walked out with it in plain sight (like one could hide a canoe) and security wasn't sure so they didn't stop them... until the theves came back and tried to steal the oars.
McFly777
- - -
"What do people mean when they say the computer went down on them?" -Marilyn Pittman
The University of Texas at Austin has set up a website in response to this incident: https://www.utexas.edu/datatheft
Please help find my missing daughter: FindSabrina.org
I've been doing something similar to this via the online blogging communities at LiveJournal
LiveJournal, like a lot of these online diarie thingys, has a field where you can enter the music you're currently listening to when you make new entries.
My system takes your username and grabs the most recent 50 tracks you've entered and trys to compare these tunes with the music that other people have entered - if you get a match then it will display some random tracks from that matching users most recent entries.
It appears to work well - but I haven't quite reached a critical mass of users.
Give it a go yourself
I was a bit lazy with keys, to save the pressure on my fingers. Anyway, I see what you are saying.
--Sudhakar