Paul Hardwick: Studies
Information about proposed, upcoming, ongoing or completed studies

• Malware Threat Report for February 2007.
  Malware Threat Report for February 2007. "Storm Worm," continues to severely impact worldwide mailboxes in successive waves. [GT: Security and Privacy]
• Administrivia: Now we have a overheated CPU ( 60 degrees centigrade )
  OK, if the DDOS attack wasn't enough. Now our server went down with a temperature overload. We were up to 60 degrees centigrade when we shut down. The CPU and a broken fan have been replaced.
  
• Administrivia: Our data-center was hit by a DDOS attack today.
  Sorry for being either very slow or off the net for a while recently. The data-center we are part of was hit by a DDOS (Distributed Denial Of Service) attack recently. At the moment it looks to be under control, but we are keeping an eye on things.
  
• Feinstein to GAO: Investigate E-voting System.
  Feinstein to GAO: Investigate E-voting System.

  During the 2006 election in Florida, electronic voting machines may have "undercounted" to the tune of 18,000 votes in Sarasota County. But because the new machines were not designed to provide paper receipts, there is no way to double check the vote.

  Now, Senator Dianne Feinstein of California has taken action. Last week, she asked the Government Accountability Office (GAO) to investigate electronic voting systems that do not provide voter-verified paper ballots. Senator Feinstein specifically highlighted the problems in Florida, and asked for a "top to bottom investigation"

  "Should the GAO become aware of any systems that are prone to software malfunctions, are susceptible to fraud, or use hardware design that would lead to voting system problems, I would request that you also inspect those systems," writes Senator Feinstein.

  EFF and a coalition of voting integrity groups, representing Sarasota County voters, have filed suit in state court in Tallahassee asking for a re-vote in Florida's 13th congressional district. To find out more about EFF's work defending your right to vote, visit our E-voting page.
  

  [EFF: Deep Links]
• Next Generation Data Auditing for Data Breach Detection and Risk Mitigation.
  Next Generation Data Auditing for Data Breach Detection and Risk Mitigation. (Source: Tizor) This white paper reviews cases of mass data theft from the data source and provides a best practices approach for protecting your organization's sensitive data and valuable brand equity from a major data breach. Find out how to effectively secure valuable company data and download this whitepaper. [Computerworld Privacy News]
• U.S. Government Readying Massive Cybersecurity Test.
  U.S. Government Readying Massive Cybersecurity Test. The U.S. Department of Homeland Security is planning a large-scale test of the nation's response to a cyberattack, to be held in early 2008. [PC World: Latest Technology News]
• Mobile Attacks Jumped Fivefold in 2006, Study Says.
  Mobile Attacks Jumped Fivefold in 2006, Study Says. The number of security attacks reported by mobile phone operators in 2006 jumped fivefold over the year before, a McAfee study reports. [PC World: Latest Technology News]
• Unfairly Caught in Viacom's Dragnet? Let Us Know!
  Unfairly Caught in Viacom's Dragnet? Let Us Know!

  As an RIAA spokesperson famously put it when asked about the spectacle of file-sharing lawsuits against innocent grandparents, "when you go fishing with a driftnet, sometimes you catch a dolphin."

  Well, with its 100,000 DMCA takedown notices aimed at YouTube users, now it's Viacom that is netting its share of dolphins. Among the 100,000 videos targeted for takedowns was a home movie shot in a BBQ joint, a film trailer by a documentarian, and a music video (previously here) about karaoke in Singapore. None of these contained anything owned by Viacom. For its part, Viacom has admitted to "no more than" 60 mistakes, so far. Yet each mistake impacts free speech, both of the author of the video and of the viewing public.

  If they are making these kinds of blatant mistakes, who can tell how many fair uses of Viacom content they also targeted in their 100,000 takedowns? Hundreds? Thousands? If Viacom made a clear mistake and your clip contains no content from Viacom-owned copyrighted works, sending a simple DMCA counter-notice to YouTube may be enough to do the job. But if you're attempting to make a fair use of Viacom's works, it may make more sense to go to court to assert your rights. More information about your options is available at the Fair Use Network.

  Has your video been removed from YouTube based on a bogus Viacom takedown? If so, contact information@eff.org --we may be able to help you directly or help find another lawyer who can. In this situation, as in so many others, EFF will work to make sure that copyright claims don't squelch free speech.

  We've put together a video version of this post on YouTube, which you can embed on your website or blog. Check it out, Digg it and spread the word -- the more it rises in YouTube's listings, the more likely it will be seen by users who have received takedowns:
  

  [EFF: Deep Links]
• Study Notes Link Between IT Sabotage, Work Behavior.
  Study Notes Link Between IT Sabotage, Work Behavior. Workers who sabotage corporate systems are almost always IT workers who exhibit specific negative office behavior according to recent research. [PC World: Latest Technology News]
• Study: Weak Passwords Really Do Help Hackers.
  Study: Weak Passwords Really Do Help Hackers. Left online for 24 days to see how hackers would attack them, Linux PCs with weak passwords were hit by some 270,000 intrusion attempts. [PC World: Latest Technology News]
• TiVo sees if you skip those ads
  TiVo revealed the other day that it's offering TV networks and ad agencies a chance to receive second-by- second data about which programs the company's 4.5 million subscribers are watching and, more importantly, which commercials people are skipping.
  
  This raises a pair of troubling questions: Is TiVo, which revolutionized TV viewing with its digital video recording technology, now watching what people watch? And is it selling that sensitive info to advertisers and others?
  
  The answers, apparently, are no and no