Social security numbers sold on Web
From CNN.com
Group buys data on top U.S. officials to underscore need for tougher laws

Almost everything is for sale on the Internet -- even the Social Security numbers of top government officials like CIA Director George Tenet and Attorney General John Ashcroft, consumer advocates warned Wednesday.

The California-based Foundation for Taxpayer and Consumer Rights said for $26 each it was able to purchase the Social Security numbers and home addresses for Tenet, Ashcroft and other top Bush administration officials, including Karl Rove, the president's chief political adviser.

That illustrates the need for stronger protections of personal information, the group said.

Concerned about bill
Specifically, the foundation is concerned about legislation in the House that would amend the Fair Credit Reporting Act. The bill, sponsored by Reps. Spencer Bachus, R-Alabama, Darlene Hooley, D-Oregon, and dozens of other members, aims to prevent identity theft and improve the accuracy of consumer records, among other things.

While backing the overall goals of the bill, the group's executive director, Jamie Court, objected to a portion of it that would continue a current pre-emption of tougher state privacy laws.

California Gov. Gray Davis signed such legislation Wednesday, which allows consumers to block companies from sharing personal information with affiliate businesses.

"Banks and insurers should not be able to go to Washington as an end-run around the most protective state privacy laws," Court said.

The Bush administration has urged Congress to act quickly to strengthen the nation's credit laws and has praised the House bill. It is expected to come up for a vote in the first few weeks after lawmakers return from their August recess.

A spokesman for Bachus, Evan Keefer, said the legislation has important new provisions that will be tough on fraud. He said the issue raised by the foundation is something lawmakers would look at in conference, after votes in the House and Senate.

National law proposed
The foundation wants to see a strong national law on credit reporting, but Court said that should not preclude states from passing even stronger privacy protections.

He said stopping trafficking of information among corporate affiliates is key because some companies have hundreds of businesses under the family umbrella. For example, a banking corporation might have a number of insurance, securities and real estate affiliates it does business with and financial data might be swapped among all.

"If you cannot stop the traffic in your information among corporate affiliates, you don't have privacy in this nation," Court said.

Easy to get
In addition to Social Security numbers, Court said some online sites will give out a person's bank account balance for about $300.

Beth Givens, director of Privacy Rights Clearinghouse based in San Diego, said there are at least a dozen sites that provide social security numbers and other private data.

"If you're willing to spend a little money, you can get this type of information very easily on the Internet," said Givens.

A company trying to stop P2P warez
There is demand on the part of businesses for control over their networks is proving fertile ground for a new generation of bandwidth- and network-management companies, which are pitching their services as the answer to P2P, viruses and other "garbage software" ills. Among these companies are Packeteer, Allot Communications, AssetMetrix and a growing list of others. Long article at Cnet.

RealOne Player Allows Cross Zone and Domain Access
DigitalPranksters Security Advisory
http://www.DigitalPranksters.com

RealOne Player Allows Cross Zone and Domain Access

Risk: High

Product: RealOne Player (English only), RealOne Player v2 for Windows (all
languages), and RealOne Enterprise Desktop (all versions, standalone and
as configured by RealOne Desktop Manager).

Product URL: http://www.real.com/realoneplayer.html

Vendor Contacted: July 1, 2003

Vendor Released Patch: August 19, 2003

DigitalPranksters Public Advisory Released: August 27, 2003

Found by: KrazySnake (krazysnake@digitalpranksters.com)

Problem:
Using a SMIL presentation, an attacker can instruct the RealOne player to
load a series of URLs. If the attacker specifies a scripting protocol as
the URL, the script executes in the context of the previous URL. This
allows the attacker access to everything the previous URL had access to.
For example, an attacker could load a file on the local machine (C: drive)
through the SMIL and then load script into the "my computer" zone to read
content from the local hard disk. It also allows the attack to script web
sites and steal cookies.
We feel this is a high risk because there is no prompt before opening a
SMIL file. This allows the attacker to open the maliciously created file
without the victim's intent. We have identified several potential attack
vectors. These include linking to the SMIL over HTTP through link (A
HREF="malicious.smil"), javascript (document.location="malicious.smil"),
and email attachments.

Proof of concept:
We have created a SMIL file that will read the cookie from
https://order.real.com/pt/order.html. The cookie will be read 9 seconds
after the audio has begun.

Source Code on Bugtraq


Resolution:
RealNetworks released a security update to address this issue. The
security update and details of this update from RealNetworks are available
from
http://service.real.com/help/faq/security/securityupdate_august2003.html.

Now Sprint wants more money with Vindigo
Vindigo said Monday that its electronic city guide service is now available to those who have mobile phones on Sprint PCS' network. The service, which offers movie times, restaurant reviews, directions and other services in various cities, will cost $2.99 a month. The software is limited to certain Java-based phones running on Sprint's PCS Vision data network. Yeah, thats exactly what I want to do, pay more for cell phone usage. Remember when Vindigo was free, it used to include Manhattan Beach too.

Piss on you again CNN
First you stop your free video now you are stopping Avantgo? This is the message on Avantgo CNN channel:

Starting September 15, CNN will no longer be available through the AvantGo service. Take CNNtoGO for the latest news, business and sports headlines with photos sent directly to your wireless devices. Simply enter your email address below for more information on CNNtoGO.

Screw you CNN, I will now support the crappier MSNBC. At least they do video to the Pocket PC.

Yay! I am liking DELL fixed it!
DUDE! You're Getting An Update!
From PDAbuzz.com

If you're waiting for the update to fix your Dell Axim X5 running Windows Mobile 2003 for Pocket PC shipped between the June 23rd release date and July 16th, keep an eye on your mail box -- that's the thing that paper letters and packages get delivered to, not your inbox.

Hitachi 4GB Microdrive
From PDAbuzz.com
Hitachi has a 4GB Microdrive in the pipeline and the price look to make this a hands-down winner!

The company expects the 4GB Microdrive to sell for $499. Lexar Media sells 2GB and 4GB flash memory cards that cost as much as $799 and $1,599, respectively, according to its online store

Awesome device from Toshiba
From PCworld.com
Toshiba Readies Tiny IPod Rival
Lightweight digital music player features a 20GB hard drive.

Toshiba has announced a new hard drive-based digital music player that is both smaller and lighter than both its previous model and the competing IPod player from Apple Computer.

The Gigabeat MEG200J (G20) contains a 20GB hard drive, which is four times the capacity of that in Toshiba's previous model, the MEG50JS. It is enough space to store up to 332 hours of music, encoded at 128 kbps, or, put another way, around 5,000 songs, according to Toshiba. Formats supported are Windows Media Audio, MP3, or WAV.

Truly Tiny
In size the G20 is a good deal smaller than Toshiba's previous model. It measures 3.5 inches by 3.0 inches by .5 inches which means total volume is 5.3 cubic inches. That's less than half the volume of the MEG50JS, at 11.1 cubic inches, and also less than both the 15GB and 30GB versions of Apple's IPod, which have volumes of 6.1 and 7.3 cubic inches respectively.

In addition to its smaller size the player is also lighter. The G20 weighs 4.9 ounces compared to 8.3 ounces for the previous model and 5.9 ounces and 6.2 ounces for Apple's two players.

Part of the reduction is due to the hard drive becoming a solely internal drive on the new player. Toshiba's last player took PC Card hard drives, which had the advantage of being able to be connected directly into a notebook computer but the disadvantage of requiring more space.

On the front of the player is a small monochrome flat-panel display that is used for navigation and to display details of the current playing track.

For Windows Only
Battery life is estimated to be around 11 hours on a full charge and the player connects to a PC through a USB 2.0 interface. While it is both smaller and lighter than Apple's IPod, the Toshiba player can't compete with the IPod on all platforms. Its supporting software is only compatible with PCs running Windows 98 second edition and higher and won't work on a Mac.

Toshiba plans to put the G20 on sale in Japan in early October, where it will cost around $424. There are no concrete plans to put it on sale overseas but Toshiba says the company will consider international sales should it sell well in Japan. Like the previous model, the G20 can be switched between Japanese, English, French, German, and Spanish.

And the security curitain gets a little thinner
From the New York Times
Ann Marie Diogo has been a waitress for 18 years. So she was skeptical when her boss at the Royal Mile Pub in Wheaton, Md., recently replaced her paper order pad with a Toshiba palm computer that can wirelessly send her customers' orders directly to the kitchen.

"I was panicking," Ms. Diogo said. "I'm not that computer savvy." But when her faster service resulted in larger tips, she was won over. "There's no way I'd like to go back to pen and paper," she said.

Better still, said the pub's owner, Ray Morrison, who can monitor all the tables and even send complimentary drinks remotely from his Toshiba, errors in the kitchen are down and profits are up about 15 percent since the Royal Mile converted early this year to its wireless system, which is based on the increasingly popular Wi-Fi format.

The pub is hardly alone in bringing Wi-Fi to the sales floor. Wi-Fi may be more celebrated as a means of logging into the Internet without cables. But the fast-dropping price of Wi-Fi, technically known as the 802.11 format, and its ability to convey a large volume of digital data wirelessly over short distances have made it possible for various businesses to improve sales and profits, while better serving customers face to face.

The business world, of course, has long used wireless technology to track inventory and speed shipping. But often, such networks used proprietary technology that could be expensive and only sometimes reliable. Compared with many older systems, standardized Wi-Fi technology, which can broadcast data about 500 times faster than a cellphone, is exceedingly stable, if only because as it becomes more common, feedback from its many users has led to continual improvements.

And the high volume of production, driven by popular demand, has pushed the price down to less than $100 for the local network routers at the heart of the systems and less than $100 for the wireless circuit card that connects a device, like a palm or laptop computer, to the network.

"Last year under 20 percent of the laptops had Wi-Fi built in; this year it's 40 percent," said Brian Grimm, a spokesman for the Wi-Fi Alliance, a trade association.

Operators of stadiums, casinos, groceries, hospitals and department stores are among those who have recognized the value of bringing wireless technology out of the storeroom and into the store.

Stop & Shop, the 336-store grocery chain based in Boston, had used specialized wireless hand-held devices to track inventory for more than a decade. But in April the company put an 802.11 network in shoppers' carts through a portable device called the Shopping Buddy. The device lets customers perform feats like order a pound of pastrami from the deli counter while wheeling through the canned-goods aisle, and then alerts them when the order is ready.

Shopping Buddy also has a location device to guide customers to hard-to-find items, and a bar code scanner that keeps tabs on purchases for budgeting and to let shoppers zoom through a self-checkout lane. Using a Shopping Buddy involves running the customer's Stop & Shop loyalty card through the built-in magnetic stripe reader.

"It knows who you are. It knows what you buy when you are usually there," said Mira Genser, a spokeswoman for Cuesol of Quincy, Mass., which designed the Shopping Buddy's software.

Nordstrom, an avatar of customer service, is installing a wireless network and stationary terminals that can replace the sales staff's "personal books," notepads that sales associates use to write down personal information about regular customers, like clothing sizes and favorite brands. "If there is a Donna Karan trunk show, we can suggest the top 10 clients for the sales associate to call," said Al Falcione, the senior product marketing manager for Blue Martini Software, which designed the Nordstrom system. Although Nordstrom is not initially giving its staff hand-held devices that are tied to the system, the system can accommodate them, Mr. Falcione said. The devices would allow the staff to locate an orange polo shirt in size XXL in any Nordstrom store, right from the sales floor.

The casino and hotel operator Harrah's Entertainment of Las Vegas has tested several uses of Wi-Fi at its properties. Curbside check-in lets high rollers bypass the hotel registration desk and shortens lines for all guests. The hand-held terminal can also direct a host to dole out perks on the spot, checking information on specific guests to see if their past business warrants a free meal or show or even a free room, said Tim Stanley, Harrah's chief information officer.

Harrah's has also experimented with using roving cashiers, who tote hand-held terminals to verify player winnings and make payments on the casino floor, so the customers can keep gambling when they would otherwise be standing in line at the payout window. A small portable printer even spits out federal tax forms at tableside. "It keeps them in the action longer, frankly," Mr. Stanley said.

Continued here