Slashdot Mirror
Slashback: Texasocial, Networking, Attacks
Why meet people in real life? Roland Piquepaille writes "I wrote [Saturday] a column about social-network mapping tools mentioned by Slashdot. Slashdot readers sent me many comments and e-mails about other visualization tools. Here are these new tools, in no particular order: email constellations, Apache Agora, NetVis Module, EtherApe, inGridX, NameBase's Proximity Search, Surf3D Pro and the dazzling KartOO. Finally, a reader talked about another kind of tools, the Visual Thesaurus. This web tool is not about social mapping, but it shows graphical connections between words. In this previous column, "The Visual Thesaurus: What Does it Show About Thanksgiving?," I already explored this very funny tool. Check this new story for more the details about all these tools."
Update: 03/19 00:34 GMT by T : Directly related: Josh Tyler writes "Related to a recent Slashdot posting on social networks is this paper on automatically discovering communities based on email data, just published by our group at HP Labs. We find that simple communication data is enough to identify communities, both formal and informal, and possibly even to identify the leaders of these groups."
Speaking of online community ... TGK writes "Audioscrobbler (which many of us visited the first time it was posted here) has a new site up, and most importantly, new plugins for XMMS and Winamp 3."
From the site, a capsule description of what Audioscrobbler does: "It grows to know what music you like by monitoring what songs you play on your computer. From this information you can discover other users that share some or all of your taste in music."
Feedback is always cool. An anonymous reader writes: "Sudhakar Govindavajhala, co-author of the paper referenced by the Saturday Slashdot article 'Using Memory Errors to Attack a Virtual Machine,' has responded to many of your [Slashdot readers'] questions and comments. His commentary is located at his Princeton CS website."
Another reason that Social Security isn't. GregAllen writes "Remember the recent case of SSN data theft at The University of Texas? A student has turned himself in. In his confession he says that he acted alone, and had no intention to disseminate the information. Maybe this will convince them to stop using SSNs for student IDs." Bonker also points out that "Salon is carrying an AP article that's a followup to the story a few days ago about the mass of Social Security Numbers stolen from University of Texas. Christopher Andrew Phillips is described as a 'fine young man who has never before been in trouble with the law'. Apparently he wrote a program 'to access a university Web site that tracks employees who attend training classes'. Whether or not this was done for illegitimate purposes remains to be seen. As a former UTA student, I'm glad my SSN is no longer in danger!"
What's the state of the device? An anonymous reader writes "N-Philes.com did another State of the GBA Industry Article and Roundtable. Here is the Industry Article, and here is the Roundtable"
Update: 03/19 00:34 GMT by T : And one more presroi writes "Just one week after even slashdot has noticed the new 2.2.24 linux kernel, Alan Cox has announced a new version due to a security issue found in 2.2 as well as in the 2.4 branch. I hope that we all were to lazy to upgrade from 2.2.X to .24 until now :)"
I *think* there was some precedent on this;
something about a guy who stole money / robbed a store JUST so that he would go to jail to be away from his wife. The judge decided that since he was not stealing with the intention of theft, he was not guilty and don't get to goto jail. (in the other words, be still under the whips and chains of his wife - which might be a fitting punishment?)
Could have just been a joke that I took for real, though...
My life in the land of the rising sun.
while I cannot *stand* any institution using SSNs for anything not money related (financial aid) it is a near necessity...
I went to BGSU and we had P00 numbers as our student ID (P001123344 for example). While I remember mine from BGSU the college I currently work for has "student IDs" as well but they are not as widely known (most of the foreign students w/o SSNs know theirs but not many others).
So if colleges didn't use them MANY people would have problems getting the info they needed b/c searching through 10000 Michael John Smith's is a pain in the ass.
Didn't someone write a script measuring people's degrees of separation from each other on slashdot via Zoo?
sulli
RTFJ.
That system must really stink!
The point of the Slashback is to provide additional follow-up information or corrections to previous stories, that is why there it seems like there is no general topic... because there isn't :)
It is just a number of tidbits about a number of stories that have already been posted before, kind of like an update.
SeekForth
Also worth noting: Scrobbler is going open-source.
See Developer Mailing List
Sourceforge projects:
Main
XMMS Plugin
Winamp Plugin
iTunes Plugin
Hmmmn on balance I should probably tell RJ to consolidate the projects into one and use modules... Ah well
I thought about this for a moment (just one, just one moment) and came to the conclusion that I actually have no idea why an instition would use SSNs (or SINs) to internally identify their members. The university I go to has their own student numbering system and we seem to do fine. It's not difficult at all to remember a 7 digit code that you find you have to write down at least 5 times a week. *shrug*
So basically, it's OK to use SSN because students aren't smart enough or are too lazy to learn a new PIN. While the PIN seems pretty long, I still see no reason for an SSN. Between phone #, address, etc, you should be able to identify your Michael John Smiths. Being that the identifier given is relatively the same length as an SIN (at least ones around here) - why couldn't anyone who memorizes their SIN memorize the ID.
For those that can't... put it in your damn wallet on a card or something, because with the SIN they're probably referencing their card anyhow.
A homeless man wandered into a bank near where I live, and asked the teller for some money. The teller thought she was being held up, and gave him all the cash in the register.
:)
They later found him, took the money back, and did not arrest him. Of course, in that case, he was given the money. I think he should have sued the cops for stealing it from him
This was a local news item. I doubt it's a hoax.
There are no trails. There are no trees out here.
It is just a number of tidbits about a number of stories that have already been posted before, kind of like an update.
I like to think of it more as a multiple double post.
A somewhat slow (retarded) man walked into a bank, took a deposit slip and managed to write "This is a robbery" on it.
He didnt want to wait in the long line, so he left and took his note to the bank across the street.
When he got to the teller, she noticed he was obviously mentally challenged. So he hands her the note written on the deposit slip, and she says "I cant do anything with this, this slip is from another bank".
The frustrated robber leaves, and is arrested a few minutes later standing in line at the first bank.
True story, I heard it straight from the cop who booked the guy into the local jail.
"As a former UTA student, I'm glad my SSN is no longer in danger!"
Depends on how long ago you attended. Most universities keep your record on file indefinitely right along with active students indefinitely. I have a friend who works in the student services division of my university. She tells me that she routinely has to perform maintenance on records of people who graduated 10 or more years ago. You may want to call your uni and tell them to remove you if they haven't done so already.
The important question is whether the baskets constitute abandoned property. I don't know what the typical laws are concerning what defines abandoned property.
what steps are being taken to protect the data and users privacy ? [... is the info] for sale to the highest bidder ?
What privacy?
The whole POINT of the service is to tell other users who listen to similar music who you are.
So execs don't even need to buy the info in a special transaction. Just subscribe a pseudo-user who "listens to the songs" they're interested in, and BINGO! The service gives 'em a contact list.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
In the school system I used to attend (I won't name it, but it's a K-12 district), studends were assigned student ID numbers which were recycled when the student left. Faculty members, however, didn't get such a priveledge, and instead were tracked by their SSNs. Although this information was not supposed to be available, I was able to gain access without much work (and I suspect I could still do so). In fact, I have a file on my computer right now (encrypted of course) containing the names and SSNs of every faculty member of the entire district as of when I left. This includes janitors, teachers, principals, district administrators - anyone with an account on their system.
:)
The problem seems to stem from the lack of knowledge of the people in charge of running the system. The "technology admin" at my school looked to me like he was chosen as the teacher who knew the most about computers- certainly not hired as a professional.
This district has no idea I have this data, and I don't intend to tell them. Most of the faculty there didn't like me much anyway, and I'm not putting myself at risk for those bastards. They're just lucky I have too much integrity to use it for evil
I'm at Cambridge University, where students get a username consisting of their initials plus a (by now fairly large) sequential number (so John Michael Smith might be jms112), which tends to be a lot more memorable (only 3 arbitrary digits to remember). Students use these as their e-mail addresses and to log in to all lab or library computers, so they're easy to remember from frequent use as well.
This userID also appears on the college food/rent bill, so I assume they're just using these usernames as the unique identifiers in their billing system (which seems to make sense; after all, you're going to have a slightly memorable username generated for you anyway).
I'm having a tough time figuring out what Audioscrobbler's privacy policy is. Is RJ collecting information to sell to marketers? Does this bother anyone that there is no up-front privacy policy? Or is everyone too busy saying geewhiz?
Seriously, what law was broken here? If the university left a list of student/faculty names and SSNs on the sidewalk and someone picked it up, with no intent to commit fraud etc., would that be crime?
Suppose someone from the school administration had memorized everyone's SSN and sat in the student union and would answer questions of the form, "do you know who has xxx-xx-xxxx as their SSN?" If students (or others) asked questions of this form and eventually learned a list of SSNs, would this be a crime? And who would be guilty, the questioners, or the idiot that was giving out confidential information without the owner's consent?
In this case the moron who created the web site was answering this question indirectly over the Internet. Who's at fault? The guy who took the time to ask the questions, or the dork who made it possible to get the answers?
In going through some old papers from my grad school days, I found my carbon copy of a grade report which lists student names and SSNs (along with their grades in the class I taught). Am I guilty of a crime for possessing that list? Clearly, I was trusted with that information because I was hired to teach a class, so isn't it my responsibility to keep that information confidential? It seems to me the web author has the same responsibility.
Obviously, it's a very different situation if someone does something illegal with the list, but just building the list from publicly available information doesn't seem like a crime to me. Making the list easy to publicly deduce seems like the real crime in this case.
regardless of intent, it is called asportation, it involves the physically relocating objects. I am not sure if it covers DATA though....
Asportation is what they get the smart a$$es in stores who ACT like they are stealing somthing then put it down elsewhere..
asportation
n. removal, especially crime of removing property.
errr....umm...*whooosh* *whoosh* Is this thing on ?
In a related story, the teller was fired 2 seconds after the money was recovered. Due to her extensive bank experience, she was hired to a high-ranking position in the US Federal Reserve. God help us all. ;-)
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
I hereby place the above post in the public domain.
I work at a University in south Texas somewhere within the near vicinity of UT Austin (*wink, *wink, *nudge, *nudge, *grin, *grin, say no more) in an IT department on campus. We've known for years that using someone's SSN was a bad idea, and we've tried time and time again to tell our clients (the departments within our office, and other offices across campus) this, but the business heads mostly turn a deaf ear, and our clients are too short-sighted (or stupid) to think of any way to associate data with a particular student with any other identifier other than an SSN. For any web applications we develop for these clients where students (prospective, current, alumni) can do whatever online, we have to butt heads every time when we inform them, "Hey, we can't require students to enter an SSN", but they still want the field on the form (if someone is signing up for something, for instance). We do what we can technologically to mask the data, but it's still there in one form or another. There's other problems too. We're a pretty big shop with a good budget, but there are a number of smaller shops on campus that have just enough budget to afford servers and software (gotta love those academic licensing prices!) but can't afford to hire someone to properly administer (secure) the environment. Shit, there are mails servers in colleges all over campus that aren't using SSL. Be afraid of the kid in his dorm who cracked a router and is sniffing traffic, or sitting in the library sniffing the wireless airwaves.
But, I digress: There's been talk for years of changing from SSNs to something else, but never any progress. I really hope this spurs the change.
Spread the RC luvin'
I am a student at the University of Texas and I think there a couple of things that need to be clarified here. First of all, the SSNs that were accessed are, for the most part, not student SSNs, they are SSNs of employees of the University (some of whom are also students). Read the article again, you will notice that he accessed a web site that tracks employees who signed up for training classes. This means that the SSNs are from tax forms and not student IDs. Secondly, UT Austin no longer uses SSNs as student IDs. I am a recent addition to the student body so I don't know how long this has been true, but the ID cards have a 16 digit number printed on them that you would use whenever that is necessary and that the Electronic ID (EID) is a user-assigned login and password combination and that the social security number is no longer part of the information available electronically even to the student. That was a change that happened just last semester. Students interact with the university electronically with the EID not with an SSN. The only time a student needs to use the SSN is when trying to change the EID (which they have to do in person, with photo ID). So, in the end it is ironic that most of the complaints about the use of SSNs as Student ID numbers, good discussion that it is, has nothing to do with the UT hack!