trimMail's Email Battles

VA Data Theft: What Took So Long?

Fri, 14 Jul 2006 15:43:50 CST

Beginning in 2003, the Veterans Affairs (VA) employee hauled out data on CDs, DVDs, floppy disks and flash drive, apparently without permission, then copied it to his own external hard drive at home, without passwords or encryption. Most recently, he had added 26.5 million records from the Beneficiary Identification and Records Locator Subsystem database (BIRL), which includes social security numbers, full names, birth dates, service numbers, and combined degree of disability. Nobody knew or cared... till the burglary, 3 May 2006. The Employee immediately notified several VA bosses, who shuffled papers and played CYA, till the VA Office of Inspector General (OIG) got involved. Not until 15 May then did anyone ask how many records the guy lost, or what they contained. Who Knew About The VA Data Theft and When

3 May
Kevin Doyle, Security and Law Enforcement Police Operations Team Leader;
Michael McLendon, Deputy Assistant Secretary for Policy;
Dat Tran, Acting Director of the Data Management and Analysis Service.
4 May
John Baffa, Deputy Assistant Secretary for Security and Law Enforcement;
Information Security Officer (ISO).
5 May
District Information Security Officer (District ISO);
Johnny Davis, Acting Associate Deputy Assistant Secretary for Cyber Security Operations;
Security Operations Center of the Office of Information and Technology (SOC);
Dennis Duffy, Acting Assistant Secretary for Policy, Planning, and Preparedness.
10 May
Thomas Bowman, VA Chief of Staff;
Jack Thompson, Deputy General Counsel;
Gordon Mansfield, Deputy Secretary.

Twelve up-stream bureaucrats behaved as if this disastrous threat to the financial security of millions of fellow Americans either wasn't that important, or wasn't their job. The errant Employee wasn't even sure who he worked for. Employee told OIG that Tran was his boss, but he wasn't. Apparently, after an intense disagreement between McLendon and his boss, Duffy, Employee had been handed over to one Michael Moore, who apparently didn't know anything about any of this. Boy, did he luck out. On 4 May, Tran advised McLendon and the ISO that a copy of a BIRLS extract was probably on the external hard drive that was stolen. McLendon didn't inform Duffy. The ISO told him, the District ISO and SOC the next day. And so it went. The OIG says McLendon misrepresented the purloined data's security. Then, the SOC sat on the mess for twelve long days before passing it back to the ISO with the excuse that it was out of SOC's jurisdiction. This didn't matter that much to Duffy, as he told the OIG that "he did not even know that there was a SOC before the burglary." It seems everyone thought the data theft was the G-13 ISO's job... Everybody but the ISO. The OIG wrote:

Ironically, when questioned about his role as an ISO for the SOC, the ISO said, "I�m not an investigator. I�m a computer tech guy that has a job."

The OIG concluded that they're all idiots... or at least, that's the way I read it. McLendon has resigned, Duffy retired and the now ex-employee is said to be appealing. Let's see... that leaves ten. So many lives at the mercy of so many incompetents. Email Battles Backgrounder:

VA report on stolen laptop: They're all idiots and/or liars; NewsByte; Email Battles; 12 July 2006.
Black Market Returns Prodigal VA Laptop While FBI Dissembles; Email Battles; 05 July 2006.
More Private Data Is Burgled From Government Than Hacked; Email Battles; 20 June 2006.
News (yawn) flash: VA analyst's lost laptop was no aberration. Duh.; NewsByte; Email Battles; 15 June 2006.
VA top dog to Congress: Stop us before we do it again.; NewsByte; Email Battles; 09 June 2006.
Five vets groups go to war against VA seeking control of records; NewsByte; Email Battles; 07 June 2006.
Boss of Slippery-Fingered VA Analyst Gets The Boot While Keystone Kops Give Chase; Email Battles; 31 May 2006.
Why Steal Social Security Numbers, When You Can Get Them For Free?; Email Battles; 25 May 2006.
VA: The perps can't possibly know that they have 26.5 million Social Security Numbers!; Email Battles; 23 May 2006.

Lotus Haters Gang Up On Notes for Linux

Thu, 13 Jul 2006 13:32:24 CST

IBM opened a fresh front in the desktop wars when it announced the 24 July 2006 release of Lotus Notes on Linux. By mating one of the industry's most mature, hardened, enterprise-level messaging, calendaring and group scheduling systems with the Linux desktop, IBM created a powerful new consideration for those weighing Windows vs. Linux deployment at the client level. You can now run Lotus Notes on darned near any operating system that strikes your fancy. Don't even think about trying that with Microsoft Outlook. And since Notes is based on the open-source Eclipse platform, like Lotus Sametime, code is highly portable. After Lotus announced the release of the Lotus Notes 7.0.1 stand-alone client for Linux, IBM Lotus Chief Ed Brill conceded that the reaction was mixed... Which was a modest bit of understatement. Of over 200 Slashdot commenters, the majority seemed to have had past run-ins with Notes. And they were decidedly unimpressed. This icey explosion reminded Brill of earlier Linux debuts by IBM, like Domino and Domino Web Access. Lots of complaints from non-prospects, but both products have since enjoyed markable success. Nevertheless, he pondered about attitudes that persist in the Linux community, "There's still a fair amount of zealotry, superiority, and defensiveness. Do we (the Notes community) sound like that, too?" I'll field that question. Absolutely. This has a lot to do with a community's sense of self. Those who feel themselves besieged are always defensive. For example, when Mac fans tick off reasons they think their platform is superior, Windows users are likely to respond, "So what?" Linux got the same treatment from Microsoft... at least until recently. As a result, visitors find an anti-Microsoft obsession dominating many Mac and Linux sites. The IBM Domino/Lotus community, which is clearly feeling the heat from Microsoft Exchange/Outlook, is no exception. No need to ask if they feel besieged. Just read the words. As for caterwauling Slashdotters... what's new? I'm far more impressed with the survey of Novell-folk. These admins without axes to grind consider the release of Lotus Notes for Linux to be a huge and wonderful event. As I predicted in February 2006:

The moment the new Notes is launched, Linux will have a complete retail-quality client desktop system to link with the world's only browser platform, Firefox, and hopefully accelerate OpenOffice development. And both will get a shot at tons of previously out-of-reach business desktops.

I'm still predicting it. While at this point, Lotus Notes on Linux supports only Red Hat Enterprise Linux 4 Update 3 out of the box, Novell SUSE Linux Desktop for Enterprise 10 (SLED) should get its shot in the arm by Q4 2006. Plus, under IBM's Migrate to the Penguin program, Lotus pushers get a bonus for every seat they steal from the enemy: Microsoft Exchange... and current Lotus Notes licensees get the Linux version for free. Microsoft's long-range response will be most fascinating. When combined with the European Union's anti-trust offensive, could Notes on Linux trigger Microsoft Outlook for Linux? Microsoft Office for Linux? Microsoft Exchange for Linux? Slashdotters aside, Lotus may very well have just unleashed a whirlwind that will accrue to the benefit of all users. As of this writing, a trial Lotus Notes for Linux download hasn't been posted. But I'm sure you'll see it. Soon.

How Microsoft Can Protect You From The Malware Lurking Behind Google's Search Results

Wed, 12 Jul 2006 12:33:42 CST

While searching for an installer for Firefox, Word Tracker guru Claudiu Spulber discovered that Google had actually indexed the executable itself. When he clicked the link in Google's search results, the Firefox program immediately commenced installation. After further examination, Spulber concluded, "This is possible because a link to a normal website was redirected automatically to an executable file." He found that Google isn't the only one. MSN and Yahoo index executables, too. Websense techs wondered where an appropriate search might turn up executable malware:

Our results show that we were able to collect thousands of pieces of malicious binaries, mostly posted to newsgroups with false names that would normally trick a user, we found many on forum sites, as well as regular personal, educational, compromised, and underground sites. We also found several pieces of spyware on poker and casino sites. We found variants of the Bagel, and Mytob worms, various trojans, and many other malicious binaries.

And so, we find ourselves at another interesting intersection of Good and Evil. Search engines can't simply ignore executables, because most of us need to find them now and again. Of course, they could scan binaries for viruses as they index. But a creep can always redirect a decent page later. In any event, till they figure it out, search developers may want to post an unambiguous warning when they know a file is executable. And you should avoid browsing, or even running your Windows computer, as Administrator. Malware can't do Administrative-level damage, like disabling your firewall and installing executables, without Administrative-level rights. Unfortunately, most Windows users still run their local computers with Administrative privileges. Why? Convenience or lack of knowledge. Even people who know better don't like flipping logins to do things. That's why Michael Howard, a Senior Security Program Manager in Microsoft's Secure Engineering group, whipped up DropMyRights, his freebie utility. I reviewed it last year, and provided step-by-step installation instructions. DropMyRights works with most applications that interface with the Internet, including Firefox, Internet Explorer, Opera, Acrobat and most email clients. As I said before, you will be vastly safer if you operate on a day-to-day basis as a non-administrator with restricted rights and privileges. Windows users often find this to be a major pain, preventing programs that should work from running, and blocking things they don't want blocked. That's why Microsoft's Aaron Margosis ginned up MakeMeAdmin. Aaron's description:

When you run it, you get a Command Prompt running under your normal user account, but in a new logon session in which it is a member of the Administrators group. This Command Prompt and any programs started from it use your regular profile, authenticate as you on the network, but have full local admin privileges. All other programs continue to run with your regular, unprivileged account.

If you're considering MakeMeAdmin, make sure you read the comments on Margosis' blog. He provides lots of enrichment. In the end, MakeMeAdmin requires more effort than DropMyRights, but adds significantly more protection. Like they say, security is inversely proportional to convenience. On the fence? Why not install DropMyRights while you're thinking about it? You'll make web searching a little bit safer all by yourself... without waiting for Google to save you.

Europe Leads The World In Zombies

Wed, 12 Jul 2006 09:41:16 CST

Ask a friend to name the world's top home for zombies, ie, computers hijacked by evil doers for nefarious purposes, like spamming, phishing and virus distribution. If your friend has been properly conditioned by the press, the blowback will likely be either the USA or China. After all, both fit the popular mindset. Zombies tend to dominate areas where unsophisticated users enjoy fast Internet connections. The US is home to teaming hordes of greedy old capitalists. And China's home to teeming hordes of greedy new capitalists. Unfortunately, it's a myth. The real King of the Zombies is the European Union, which is also home to some of the world's most stringent and punitive laws for dealing with privacy and spam. Worldwide Zombie Distribution

Political Unit	Share
European Union	26%
United States	19%
China	15%
South Korea	10%
Brazil	6%

CipherTrust Research, July 2006 That's the conclusion of CipherTrust Research, based on analyzing billions of messages per month. The team actually tags a quarter-million new zombies or infected IPs, every single day. According to CipherTrust techs, the EU harbors 26% of the world's zombies, while the USA trails at 19%, China fiddles around at 15%, and South Korea slinks in with just 10% of the take. So why doesn't the public perception match the statistics? Turns out, it's all in the reporting. If you break down the European Union by state, you get easily overlooked tiny numbers. Germany and France, for instance, are each home to around 6% of zombieworld, while the UK and Spain are worth 3% apiece. The European Union's Major Zombie Nests

EU State	Share
Germany	23%
France	22%
United Kingdom	12%
Spain	11%

CipherTrust Research, July 2006 In that light, it seems only fair to report the zombie stats for each of the subdivisions of the United States and China. Instead of major political divisions, we could compare California with Germany and Beijing... Or match-up Hainan with Spain and Mississippi. Doesn't make much sense, does it? Nope. If the the media wants to treat the EU like one of the big kids, it needs to recognize the EU's collective failures along with any successes. When it comes to zombies, the EU is King. It's just too darned bad that the zombie builders haven't gotten around to reading all those EU laws. That would scare them off. Email Battles Backgrounder:
Most Desktops Are Running As Zombies?; Email Battles; 26 June 2006.
How To Help The FTC Stop Zombies, Step One; Email Battles; 26 May 2005.
Spamming Trick: Don't overwork your zombies; NewsByte; Email Battles; 19 May 2006.
Zombie Armies Out-Maneuver DNS; Email Battles; 05 May 2005.
Desperate Zombies Fall Back To Tired Tricks; Email Battles; 17 March 2005.
10,000 Zombies Laid To Rest; Email Battles; 09 September 2004.
Shopping For Spam Zombies; Email Battles; 10 June 2004.
How To Get Rejected By Spam Zombie Army; Email Battles; 24 May 2004.
As Supply Shrinks, Zombie Prices Soar; Email Battles; 13 May 2004.
Zombies Clobber Spam Fighters; Email Battles; 11 February 2004.

Microsoft Blacklist Strategy Swaps Accuracy For MS's Convenience

Tue, 11 Jul 2006 10:27:26 CST

Want to make email easy on your mail servers? Do it the Microsoft IT way. Reject messages from senders that show up on realtime block lists (a.k.a., blacklists, RBLs). Microsoft IT claims that using RBLs as their first line of defense results in killing 80% of all incoming messages. You gain other benefits, as well. The processing muscle required for a simple RBL lookup is nothing, so your gateway server can handle tons of messages. There is, however, a downside. Innocent users and organizations frequently find themselves on blocklists for a variety of reasons, some of which are flat-out silly. After extensive and distasteful personal experience with blacklists, the father of Baysian filtering, Paul Graham, noted, "Unlike filters, [blacklists are] run by humans. And humans are all too likely to abuse the kind of power that blacklists embody. Perhaps someone will start another blacklist that tries to avoid such abuses. But how long before that one becomes corrupt too?" Whether it's by corruption or incompetence, some RBLs even list all IP addresses designated for use by dial-ups, DSL or cable modems. This effectively knocks out millions of consultants and small business senders. That's OK... if you're Microsoft. They'll get back to you. But what if legitimate blocked senders can't get back to you? After all, the same RBLs that blocked them the first time are still standing at the gateway. According to Microsoft IT, that's easy. The sender should call you, so you can add them to your exceptions IP list. Again, that's fine for Microsoft. But it can cause real problems for other operations. Many blocked prospects will simply take their purchases or donations to friendlier climes. Using RBLs as judge and jury can be deleterious to sales. On the other hand, they can make great consultants if intelligently deployed. When blocklists are considered as a few of the hundreds of components that result in a total spam score, they are helpful and appropriate. There's another way to lop off that first wave of spurious senders: Incoming Message Traffic Shaping (IMTS). IMTS on a spam or mail server "shapes" or reduces email message traffic through deferral. The email gateway simply responds to the first message from any unknown sender by telling the sender to try sending again a little later. (IMTS is not to be confused with firewall traffic shaping, which is rarely, if ever, useful for inbound streams.) Nearly all legitimate email servers are designed to try again... several times, if necessary. But amazingly, few zombies call back... especially those carrying viruses. When Email Battles tested a spam filtering appliance, before and after activation of Traffic Shaping, the results were revealing. To avoid test-bench skewing, we installed our trimMail Inbox 631 email gateway (tMI 631) in an active, real world (albeit low traffic) setting in January 2006. From January through May, about 78,000 SMTP connections a month were attempted. The tMI 631 deferred an average of 42,000 (54%), passing 36,000 messages to other tMI filtering processes. We turned Traffic Shaping off on the 1st of June. The results were dramatic. Messages accepted for further onboard processing soared 274% to 98,900. With IMTS turned off, the number of viruses the tMI 631 had to deal with increased fourfold, from 75 per month to 319. And the average virus size swelled by 1163%.

How Traffic Shaping Differs From Greylisting

The trimMail Inbox's Traffic Shaping process is different from conventional greylisting, which defers connections based on the sending host's IP address, the envelope sender address, and the envelope recipient address. Like greylisting, the tMI's Traffic Shaping module defers first-time SMTP connections from unknown host IP addresses for a configurable time period. Unlike greylisting, the tMI's deferral process does not consider the envelope sender/receiver address. Instead, it allows the admin to impose longer deferral periods and shorter deferral resets on "spammier" hosts. This means that senders who behave like spammers will find it far more difficult to deliver their payload than they would against a conventional greylisting system. Spamminess is determined by a number of characteristics of the SMTP conversation, like whether the sender has a valid reverse lookup, the connection originates from a server on a dynamic (DSL, cable, dial-up) connection, the sender trys to send prior to the tMI issuing a HELO, etc. Spammy IP addresses can also be "throttled," meaning they'll only be allowed to send a single message before they'll be required to negotiate the deferral process again. In a nutshell, Traffic Shaping puts spammers in the slow lane, and makes it so difficult for them to get their mail through, that most simply give up and bother someone else. Well-behaved senders will find the going smooth after properly responding to the initial SMTP-standard deferral.

Other processes on the tMI gateway were forced to work harder, too. More messages were rejected for bad recipient addresses, or deleted/quarantined/tagged as spam. So how does IMTS compare against RBLs as an upfront shield? Microsoft IT claims that, by using blocklists, it delivers around 5% of messages attempted. The tMI gateway netted about 6% good mail, with or without IMTS. But percentages don't tell the whole story. Microsoft's spam filtering abilities regularly make the news:

The Inquirer's Dean Pullen complains that Microsoft Windows Live Mail delivers two to four times as much spam as its nearest competitor, Yahoo Mail.
And permission-based email tracker, Lyris, says that ~~Hotmail~~ Windows Live Mail incorrectly blocks over 23% of approved mail, like opt-in newsletters, and it's getting worse.

Graham's position is unambiguous. "If they worked, we'd know by now." Assuming that ~~Hotmail~~ Windows Live Mail follows Microsoft IT best practices, you may be forgiven if you opt for a friendlier path.

Daily Exploit Release Reignites An Old Fire: What's A Real Good Guy Look Like?

Fri, 07 Jul 2006 15:04:41 CST

A security hacker who doesn't play well with Microsoft has decided to up the ante. So far this month, HD Moore has released a new chunk of browser-attack code every day. And he promises to continue releasing browser exploits through the rest of July. Moore calls it his Month of Browser Bugs Project. He screws up the browsers with fuzzing utilities that inject psuedo-random code streams to trigger browser failures. You can test your own browser on-line:

CSSDIE pumps out bad style values for Cascading Style Sheets to bring down browsers adhering to CSS1, CSS2, or CSS3.
DOM-Hanoi adds and removes DOM elements to trip up DHTML.
Hamachi sends illegal values for method arguments and property values, hoping to trigger DHTML eruptions.
MangleMe is a downloadable browser testing script, about which Michal Zalewski writes, "This started off as a really silly idea: code a trivial program to generate tiny, razor-sharp shards of broken HTML, and repeatedly feed it to various web browsers. I expected them to exhibit some security problems handling it - but I did not expect such a disaster - no browser survived unscratched.".

Most of Moore's fuzz-induced failures are irritating but fairly innocuous. They simply screw up graphic rendering or crash the browser. Moore has unearthed these in triple-digits. But a few bugs can allow a remote attacker to take over your system. These dangerous holes are the focus of Moore's Month of Browser Bugs. How many of these bad bugs has he found? Well... Since July has 31 days, and he's releasing a month's-worth... you do the math. To date, he has published these bugs to the Open Source Vulnerabilities Database:

Given this list, it's easy to see why Microsoft doesn't like him much. Nevertheless, Moore claims Microsoft, Mozilla, Opera, Safari, et al, have been pre-warned. It's up to them to fix their software. That doesn't provide much comfort for harried network managers. Many of them wonder why any legitimate security researcher would release exploits before patches are available. Moore responds that he just wants to create awareness of browser bugs and "demonstrate the techniques I used to discover them." His attitude is not far removed from that of holy father, the creator of Hacker Defender, the well-known rootkit. holy father wrote in Email Battles that his project and others:

...force security companies to care about the core of the problems, to develop better and better products. And after years, I see the results. The situation is better. But there is still a lot of work to be done ... This is why I will continue in my work to try to find ways to bypass their poor products until antivirus companies come with the real solution. And this is why a lot of my customers are security guys who offer penetration testing etc., not bad (or blackhat) guys.

Many have suggested that these are simply self-serving rationalizations by pyromaniacs who leave behind a legion of admins stomping out the fires they lit. But grey hats and early-exploit-releasers say that the flaws were always there. If they could find the holes, black hats are already exploiting them. Where'd I leave my stack of blue ribbons? These heroes deserve a good pinning.

Who's Afraid of the FBI? Certainly Not Hackers.

Thu, 06 Jul 2006 14:02:54 CST

Your company hires a consultant to do a bit of network maintenance. He keeps badgering you for access to this, so he can install a printer, or that to install a switch. Finally... to get him off your back, you give him your user name and password. Later, you discover that the creep used your password to download the entire organization's password file (multiple times)... then used an off-the-web hash-buster to own every user in the company... And you didn't even have Administrative access! What kind of small-time idiot would design such a Swiss-cheesy security system? Turns out, it was the FBI. Washington Post reporter Eric M. Weiss says the Government claims a consultant, Joseph Thomas Colon, snatched its password file several times. Feds say Colon busted the counter-espionage and Witness Protection data, too. The FBI is astounded. Me, too. Correct me if I'm wrong... Isn't this crew part of the Homeland Security department that settled on Windows network-wide, because "everybody uses Office?" It seems slipshod security reasoning comes with the job. But lest you think the federal cops are asleep at the switch, the Bureau has taken quick action, renaming Trilogy, its $581 million IT boondoggle, Sentinel. Whereas hackers took the prior name to mean "three easy points of entry," the FBI apparently figures they'll get the message and stay away, once they see that menacing new moniker. The Department of Justice Office of Inspector General (OIG) isn't quite so sanguine. Among other faults, its audit of the Trilogy project uncovered "poorly defined and slowly evolving design requirements, weak information technology investment management practices, weaknesses in the way contractors were retained and overseen, the lack of management continuity at the FBI on the Trilogy project, unrealistic scheduling of tasks, and inadequate resolution of issues that warned of problems in Trilogy's development." The OIG noted that turnover of key personnel really hurt, especially systems engineers, contracting officers, systems engineers, budget personnel and... systems engineers. Sentinel is carrying the FBI's illustrious computer management banner forward. In March 2006, the OIG reported that the "new" $500 million project suffered many difficiencies [pdf] similar to those of its predecessor:

Sentinel still suffers from a shortage of essential staff;
FBIers can't shuffle funds without screwing mission-critical ops;
Sentinel's still lousy at sharing info with other lawdogs; and
Ongoing project auditing is a joke.

On the upside, documentation's not a problem... because there isn't any. So. If you're one of the 26.5 million vets and active duty personnel whose names and Social Security numbers were recently returned on that stolen laptop... and the FBI says you have nothing to worry about because the data on the hard drive was never accessed... you can believe it (wink, wink). Because nobody knows computers like the Bureau. And everybody knows it. Email Battles Backgrounder:
Black Market Returns Prodigal VA Laptop While FBI Dissembles; Email Battles; 05 July 2006.
Pentagon Hacked Through Common Windows Holes; Email Battles; 08 June 2005.
Hackers Feed On Windows Patches; Email Battles; 26 February 2004.
Homeland Security Demands Your Secrets; Email Battles; 18 February 2004.
Homeland Security: Connecting The Dots; Email Battles; 11 February 2004.
Homeland Security Still Depends On Microsoft?; Email Battles; 11 February 2004.

Black Market Returns Prodigal VA Laptop While FBI Dissembles

Wed, 05 Jul 2006 12:04:42 CST

The laptop stolen (along with names and Social Security numbers of 26.5 million veterans and active duty personnel) from a VA analyst's home is once again in government custody. But its route home doesn't exactly inspire confidence in our nation's law enforcers. The Red Tape Chronicles reports that a guy bought the laptop off the back of a pickup truck north of DC. Undoubtedly figuring he could buy one heckuva lot more laptops with the US$50,000 reward, he brokered a hand-over to the FBI through, of all things, a US Parks cop. Gazette.Net tells a slightly different story. C. Benjamin Ford says the guy was really a gal who handed the laptop over to a detective who worked with Parks cops to deliver it to the FBI. In any case, the same FBI now claims that a preliminary review by computer forensic teams determined that the database "has not been accessed since it was stolen." That quick-draw forensic analysis is good enough for House Committee on Vets' Affairs Chairman Steve Buyer: "I am hopeful that veterans across America can breathe a sigh of relief and that the data has not been compromised." Back to the future... Rep. Buyer acknowledges that somebody oughta do something about somebody. "The basic deficiencies leading to this data loss must be corrected," he noted. "The history of lenient policies and lack of accountability within VA management must be rectified. Multiple vulnerabilities within VA information security management remain unmitigated." Rep. Buyer sees the solution as more House oversight of information management. And this time, by golly, he intends to get it right, with a heapin' helpin' of new rules... as opposed to enforcing the old ones. Like the one about not allowing unauthorized bureaucrats to walk out the door with millions of voters on their laptop... Or the one about firing and prosecuting folks who play fast and loose with citizens' data. Meanwhile, a more circumspect Senate Committee on Vets' Affairs is simply counting sheckels. Fourteen million bucks for crisis startup, plus $200K per day for the call center, plus $160 million for credit monitoring. With the addition of that $50K reward for returning the laptop, it adds up to... well... a lot more than any government analyst is worth. And as far as any certainty that the database wasn't backed up... The correct answer is, "We honestly don't know if the data was backed up." After the FBI's preliminary analysis, I'd suggest hiring more experienced forensics personnel. How 'bout Best Buy's Geek Squad, or maybe a whiz kid from a local high school? One thing's certain. The data analyst didn't keep his laptop up-to-date. Otherwise, Microsoft might have tracked it down when Microsoft's ~~spyware~~ DRM software, Windows Genuine Advantage, phoned home. Email Battles Backgrounder:
More Private Data Is Burgled From Government Than Hacked; Email Battles; 20 June 2006.
News (yawn) flash: VA analyst's lost laptop was no aberration. Duh.; NewsByte; Email Battles; 15 June 2006.
Can Microsoft Remotely Kill Your Windows PC?; Email Battles; 13 June 2006.
VA top dog to Congress: Stop us before we do it again.; NewsByte; Email Battles; 09 June 2006.
Five vets groups go to war against VA seeking control of records; NewsByte; Email Battles; 07 June 2006.
Boss of Slippery-Fingered VA Analyst Gets The Boot While Keystone Kops Give Chase; Email Battles; 31 May 2006.
Why Steal Social Security Numbers, When You Can Get Them For Free?; Email Battles; 25 May 2006.
VA: The perps can't possibly know that they have 26.5 million Social Security Numbers!; Email Battles; 23 May 2006.

Nine Ways To Make Your RSS Feed Useless

Fri, 30 Jun 2006 16:20:13 CST

Way back when, RSS and Atom newsfeeds made it easy for others to sweep up an author's content. Both users and webmasters embraced the feeds with gusto. End-users deployed personal aggregators, like RSS Bandit, to track their favorite subjects and authors. Webmasters replicated the feeds for the same reason, but for their broader audience. Originally, everybody won. Small and/or unknown authors and organizations gained access to the greater universe of readers, through replication-by-choice. Readers found new authors via replicators. And webmasters were able to offer their audiences more content. Correction. Almost everybody won. As more readers started creating their own newspapers, many traditional media and advertising groups found themselves out in the cold. In addition, a few bloggers turned very Old Media as their audiences grew, while other scratchy and itchy types worried themselves sick over who might be using their timeless prose, and for what. So what's a paranoid blogger to do? Don't publish newsfeeds for anything you don't want replicated. Publish only synopses of articles as RSS/Atom feeds, with links to your full content. (This solves 99.99% of your replication problems.) If that doesn't satisfy, post a nasty copyright notice, send angry emails to infringers and fire off DMCA complaints to search engines whenever you see something that makes your head spin. Still spitting bullets? Make your RSS feed radioactive. It's easier than you think.

Make your article a replicated synopsis of someone else's story with a link to the original work... worse yet, no link.
Start with an intriguing headline, then send suckers to a page full of links to articles. Would-be fans will find someone else.
Make your article's Title and Description identical, like "1 Hotmail hoax." Body copy: "1 Hotmail hoax." Readers who sign up for Sophos daily Top 10 Hoaxes get nine more just like this one, every day.
Use titles that aren't descriptive at all, like "Or...", then team them up with equally incomprehensible copy.
Embed lots of pointless graphics like logos and photos. Last week, one well-known blogger, whose name (Pirillo) I will not mention (Pirillo), posted individual Flickr-shots of the geekerati attending his conference. I think I deleted his feed after the David Winer shot. Ironically, Winer's the guy who invented RSS. (After Chris stopped, I resubscribed.)
Slather in the advertising. Make sure your feed includes banner ads, along with Google AdSense links, whenever possible. Blinking banners are particularly effective.
Sprinkle in plenty of obscenities to keep out the fuddy-duddies on a site ostensibly targeted at a general audience.
Regularly update posts with your whereabouts, like we should care.
Post just to be posting, whether you have anything to say, or not.

Admittedly, making your newsfeed useless takes a lot of work and vigilence. But it appears that more and more bloggers have mastered the technique. That'll teach those filthy, money-grubbing aggregators... Right? Just don't lose sight of your blogging goals. After Steve Rubel complained that two websites were stealing his output at Micro Persuasion, Mike Masnick of Techdirt responded:

Hmm. In both cases they link back to you as the original source. I guess I'm confused how this is different than most aggregators, which also redisplay your content. There are probably hundreds of sites that do that with our content, and as long as they link back to us, it's hard to see why it's a problem. They're just helping to get more people to read what you have to say.

I'm with Mikey.

How Windows Live OneCare Can Own Retail Shelf Space Without Squeezing Symantec Or McAfee

Thu, 29 Jun 2006 13:43:33 CST

The Quad Cities houses 360,000 souls and straddles the Mississippi River between Iowa and Illinois. Its most notable tenant is Deere & Company, home of everything John Deere green. The Quad Cities' place in history was assured when the steamwheeler Effie Afton collided with the first bridge spanning the mile-wide river, triggering a court battle over rights-of-way between railroads and river traffic. Abraham Lincoln argued for the railroads and won. So why am I telling you this? To fix the market size, location and a whiff of its history in your head, so you have the proper context for the discussion. Along those lines, you need to know that, for local software purchases, the short list and long list match: Best Buy, Officemax, Sam's Club and Staples. Coincidentally, those are precisely the companies we chose to review for their anti-virus offerings. Armed with the knowledge that space management is high science to a national retailer, and that a merchant displays more of a product that she intends to sell in quantity, we simply counted package fronts of every anti-virus solution we found. The results were surprising, if only for the lopsidedness. Norton anti-virus variations command 58% of the frontage. McAfee is way behind with 15%, followed by Trend Micro (8%), CA (7%), Zone Labs (7%) and the new kid, Windows Live OneCare (6%). Norton's greatest push appears to be in Staples and Best Buy, where the line commands 65% of the anti-virus display area. Sam's Club devotes 55%, while Officemax doles out a comparatively paltry 37%. Officemax is fairly egalitarian about the whole thing, allocating 37% of its display space to McAfee as well. Other retailers aren't so kind. Staples gives the line 22%, Sam's serves up 18% and Best Buy dribbles out just 6% of its space. As for the rest, Trend Micro's anti-virus products aren't offered at all by the office supply retailers. CA gets no space at Sam's, and ZoneLabs is persona non grata at both Sam's and Staples. Officemax doesn't offer Windows Live OneCare, but then again, it's only been out for a month. That's today's snapshot. Tomorrow, you'll see a much different picture. With the advent of Windows Forefront security products for both consumers and businesses, Microsoft is offering a broad new security line at compelling prices. In addition, Microsofties know how to play hardball with retailers... Sam's club excepted. Don't be surprised if, by Christmas, Forefront owns 30% - 40% of the available display space. Norton can afford to give up some of its almost embarrassingly huge frontage. McAfee will be stung by any reductions. But if CA, Trend Micro or ZoneLabs lose any ground, they'll be out of the retail business... at least in the Quad Cities. On the other hand, there's plenty of space available for Forefront, if you empty retail shelves of exclusively anti-spyware products. That may be the natural course, as most anti-virus software now includes A/S functionality, but it could be the end of Webroot as we know it. Oh. Sam's Club is the only shop discounting Windows Live OneCare: $32.84. The rest offer it at list: $49.95. Why is that important? Did I tell you about the time ole Honest Abe took out after Chief Black Hawk? Email Battles Backgrounder:
Antivirus Makers Deserve What Microsoft's Serving; Email Battles; 23 June 2006.
Antivirus software market grew 13.6% in 2005; NewsByte; Email Battles; 23 June 2006.
Microsoft undercuts McAfee, Symantec and Trend by over 50%!; NewsByte; Email Battles; 22 June 2006.
Reviewer: Windows OneCare makes it halfway; NewsByte; Email Battles; 19 June 2006.
Anti-Virus award helps Microsoft stick another fork in McAfee and Symantec; NewsByte; Email Battles; 05 June 2006.
Symantec's Really Bad Year Gains Momentum; Email Battles; 26 May 2006.
Wintel Tightens The Screws On Symantec and McAfee; Email Battles; 25 April 2006.
Angry Victims Describe The Most Disastrous Virus Of 2006: McAfee AntiVirus; Email Battles; 13 March 2006.
Anti-Virus vendors are falling behind; NewsByte; Email Battles; 18 January 2006.
Microsoft Shoots To Kill Dealers & ISPs; Email Battles; 30 November 2005.