that’s almost right

Oil Price Fallout: Jobs Coming Home?

“Cheap labor in China doesn’t help you when you gotta pay so much to bring the goods over,” says economist Jeff Rubin.

Some local manufacturers have suddenly found themselves in the thick of boom times.

“In December, we had three employees here. We were just getting set up. Now it’s 14,” says Casey Hearn, who owns a furniture manufacturing business in North Carolina.

Other sectors of U.S. manufacturing may see a boost in jobs as well. Rubin says the U.S. steel industry is poised to reap benefits.

“It’s not just about labor costs anymore,” says Rubin. “Distance costs money, and when you have to shift iron ore from Brazil to China and then ship it back to Pittsburgh, Pittsburgh is looking pretty good at 40 bucks an hour.”

Well, pretty much anyone who had any sense.

Want to know the real kicker here? Shipping bits is cheap, so it could be that soon white-collar jobs are the only ones it makes sense to outsource. Until the dollar falls a little more, that is.

Merchants call credit card industry’s bluff on compliance | The Register

A poll of 65 merchants across Europe by NetIQ revealed that two years after the standard was introduced the majority of firms are still way off being compliant. Worse, the majority (54 per cent) have no timetable for getting up to speed. Only 17 per cent of respondents reckoned that they would be compliant within six to twelve months.

By comparison, 23 per cent of respondents to a similar survey of 300 US organisation said they were already PCI DSS compliant. However more than two in five (44 per cent) of those quizzed had no idea when they would achieve compliance.
…

Seven out of 10 of those quizzed by NetIQ reckoned that the penalties for non-compliance would only occasionally be levied, while 23 per cent said that fines would “almost never” be issued.

But wait, it gets better:

US grocery chain Hannaford warned in March that an information security breach (later blamed on malware) had exposed an estimated 4.2 million credit card records. Hannaford had achieved PCI DSS compliance prior to the breach but the approval process failed to uncover the flaws that led to the breach.

BBC NEWS | Middle East | Dubai plans ‘moving’ skyscraper

The 420-metre (1,378-foot) building’s apartments would spin a full 360 degrees, at voice command, around a central column by means of 79 giant power-generating wind turbines located between each floor.

And I sure hope they’ve done the analysis to prove it’s stable against interesting turn sequences.

Researcher: NebuAd forges Google data packets | The Register

“There was an extra 133 bytes of JavaScript code being added to web pages being sent,” Topolski tells us. “It was being sent in a separate packet, and even though it wasn’t coming from Google, it was identified as being from www.google.com.”

That bit of JavaScript code, Topolski continued, instructed the browser to load additional script from the domain a.faireagle.com. FairEagle is a subsidiary of NebuAd, and one of the cookies that turned up on Topolski’s browser was tagged with that same domain.

In his report, Topolski compares this trick to several common hacking techniques, including a browser hijack, a cross-site scripting attack, and a man-in-the-middle attack. “NebuAd exploits normal browser and security behaviors by forging IP packets, allowing their own JavaScript code to be written into source code trusted by the web browser,” he writes. “NebuAd and ISPs together cooperate in this attack against the intentions of the consumers, the designers of their software and the owners of the servers that they visit.”

Google confirms that the extra cookies and the extra packets are not coming from its site. “The sections in [Robb Topolski's] report that talks about Google are accurate,” says company spokesman Michael Kirkland. “We’re obviously aware of this issue and are looking into it.”

Forging packets as coming from a (somewhat) trusted source and using it to load your own code into the browser? If any hacking group were doing it, the feds would be working to roll them up. But gosh, if there’s a contract with an ISP, there’s probably a clause in your terms of service that requires to to let yourself be pwned (unless it’s by someone the ISP doesn’t approve of, in which case you’ll be thrown off their network instead). Oh, and if it turns out there’s no such clause, that would mean your ISP could be engaged in a conspiracy to violate antihacking statutes for profit. Whee.

DIY Wiretapping: The Ultimate Guide (and How to Fight Back) - IT Security

Did you think wiretapping was just for the FBI and mobsters? It’s actually so easy that we can show you how to install and manage different wiretapping systems yourself.

* Tap in using your own phone: Listen to other people’s calls through your own basic telephone by hooking up your phone to a part of the original line that runs outside the house of your target. By cutting one of the plugs so that the red and green wires are exposed, you can figure out which part to plug into your phone and complete the connection.

PC World - Privacy Crusader Sues Virginia

Betty “BJ” Ostergren, a Virginia-based privacy advocate who has been fighting to stop county and state government offices from posting public records containing Social Security numbers and other personal records on their sites. As part of her campaign to publicize the issue, Ostergren has routinely downloaded documents containing Social Security numbers from county Web sites and reposted them on her own site .

Ostergren and the ACLU had previously said that a recent bill amending Virginia’s Personal Information Act would do nothing to prevent county governments in the state from posting documents without first redacting Social Security numbers and other sensitive days. Rather, she claimed , the measure seems to have been designed specifically to curtail her campaign to publicize and end that practice

BBC NEWS | UK | Magazine | 50 office-speak phrases you love to hate

‘You can’t have your cake and eat it, so you have to step up to the plate and face the music.’ It was in that moment I knew I had to resign before somebody got badly hurt by a pencil.”

Phorm failed to mention ‘illegal’ trials at Home Office meeting in 2007 | The Register

The Home Office held a private meeting with Phorm in August last year, but BT’s interception and profiling partner did not disclose that it had completed an allegedly illegal trial of its technology on tens of thousands of unwitting broadband subscribers just weeks earlier.

Robotic Chair: RFID Robotic Chair Follows You Around For Constant Seating

Dutch designer Jelte van Geest’s RFID-enabled robotic chair is for Openbare Bibliotheek Endhoven, and it’s fantastic. What you do is swipe your RFID-enabled library card in front of the chair’s sensor, which then follows you (or your card) around the library so you always have somewhere to sit.

Also imagine what kinds of information a space could get from (properly anonymized) traces.

Hey! Here’s an idea: instead of tracking customers by their cellphones, perhaps malls could issue them little personalized shopping-cart robots that would end up producing the same data without the serious privacy invasion.

Then again, with our luck this will be the basis of killbots that quietly track targets to some deserted venue by homing on on an rfid-enabled passport or driver’s license.

‘Lyrical terrorist’ has conviction quashed | UK news | guardian.co.uk

A former Heathrow shop assistant who called herself the “lyrical terrorist” and was the first woman sentenced under new anti-terror laws today had her conviction overturned.

Samina Malik, 24, from Southall, west London, was convicted under section 58 of the Terrorism Act in November last year after she wrote poems celebrating the beheading of non-Muslims.

Today, she won an appeal against her conviction for collecting personal information likely to be useful to a person committing or preparing an act of terrorism.
…
The lord chief justice, Lord Phillips, sitting in the court of appeal with Justice Goldring and Justice Plender, quashed the conviction after the Crown Prosecution Service (CPS) conceded it was unsafe.
…

Phillips explained in today’s judgment that in February the court of appeal gave detailed consideration to section 58 of the Terrorism Act. It ruled that an offence would be committed only if the document or record concerned was likely to provide practical assistance to a person committing or preparing an act of terrorism.

Propagandist or theological material did not fall within the section, he said.

In Malik’s case, the jury was told 14 documents - out of 21 – that did not fall within Section 58 were also capable of founding a conviction.

I’m a little confused by the prosecution’s closing comment, along the lines that, yeah, they clearly couldn’t get a conviction at retrial with the evidence they had left, but they were glad they’d brought the case anyway.

Compressed web phone calls are easy to bug - tech - 12 June 2008 - New Scientist Tech

The new compression technique, called variable bitrate compression produces different size packets of data for different sounds.

That happens because the sampling rate is kept high for long complex sounds like “ow”, but cut down for simple consonants like “c”. This variable method saves on bandwidth, while maintaining sound quality.

VoIP streams are encrypted to prevent eavesdropping. However, a team from John Hopkins University in Baltimore, Maryland, US, has shown that simply measuring the size of packets without decoding them can identify whole words and phrases with a high rate of accuracy.

Gotta love the back channels.

Groups ask court to review laptop searches | InfoWorld | News | 2008-06-12 | By Grant Gross, IDG News Service

Circuit Judge Diarmuid O’Scannlain wrote in the panel’s April 21 decision.

“Courts have long held that searches of closed containers and their contents can be conducted at the border without particularized suspicion under the Fourth Amendment,” O’Scannlain wrote. “We are satisfied that reasonable suspicion is not needed for customs officials to search a laptop or other personal electronic storage devices at the border.”

The EFF and ACTE argue in their brief that “invasive” searches of electronic devices should be treated differently from searches of luggage. “Your computer contains a vast amount of information about your private life, including details about your family, your finances, and your health,” Tien said. “All that information can be easily copied, transferred, and stored in government databases, just because you were chosen for a random inspection.”

Tien said he expects a decision on whether to rehear the case within a few months.

Ultimately the customs people are doing it because it’s convenient. If it were as hard to search a laptop as it is to search freight shipments for drugs or nuclear materials, they wouldn’t bother.