that’s almost right

Merchants call credit card industry’s bluff on compliance | The Register

A poll of 65 merchants across Europe by NetIQ revealed that two years after the standard was introduced the majority of firms are still way off being compliant. Worse, the majority (54 per cent) have no timetable for getting up to speed. Only 17 per cent of respondents reckoned that they would be compliant within six to twelve months.

By comparison, 23 per cent of respondents to a similar survey of 300 US organisation said they were already PCI DSS compliant. However more than two in five (44 per cent) of those quizzed had no idea when they would achieve compliance.
…

Seven out of 10 of those quizzed by NetIQ reckoned that the penalties for non-compliance would only occasionally be levied, while 23 per cent said that fines would “almost never” be issued.

But wait, it gets better:

US grocery chain Hannaford warned in March that an information security breach (later blamed on malware) had exposed an estimated 4.2 million credit card records. Hannaford had achieved PCI DSS compliance prior to the breach but the approval process failed to uncover the flaws that led to the breach.

Talking Points Memo | Court cuts judgment in Exxon Valdez disaster

The Supreme Court on Wednesday cut the $2.5 billion punitive damages award in the 1989 Exxon Valdez disaster to $500 million.
…

Justice David Souter wrote for the court that punitive damages may not exceed what the company already paid to compensate victims for economic losses, about $500 million compensation.
…

A jury decided Exxon should pay $5 billion in punitive damages. A federal appeals court cut that verdict in half.

2007 profits for Exxon: $40 billion. So that punitive damage bill is a little more than 1 percent of profits. I’m sure it will make the company ever so much more environmentally sensitive.

(And the thing is, I don’t love punitive damages because piling more money on the plaintiff is not necessarily the best way to make them more whole, but the Supremes’ ongoing insistence that the constitution bars courts from socking egregious tortfeasors for much more than provable economic damage to one plaintiff is just pernicious. The last case that went by said that more than 9x regular damages was suspect; now it appears that even-steven could be the rule. That’s not punitive, that’s just a cost of doing business. And to put it in even clearer counterpoint, it means that a company will pay less of a punitive addition to the damage bill for injuring people than for infringing a patent, which is triple damages.)

Researcher: NebuAd forges Google data packets | The Register

“There was an extra 133 bytes of JavaScript code being added to web pages being sent,” Topolski tells us. “It was being sent in a separate packet, and even though it wasn’t coming from Google, it was identified as being from www.google.com.”

That bit of JavaScript code, Topolski continued, instructed the browser to load additional script from the domain a.faireagle.com. FairEagle is a subsidiary of NebuAd, and one of the cookies that turned up on Topolski’s browser was tagged with that same domain.

In his report, Topolski compares this trick to several common hacking techniques, including a browser hijack, a cross-site scripting attack, and a man-in-the-middle attack. “NebuAd exploits normal browser and security behaviors by forging IP packets, allowing their own JavaScript code to be written into source code trusted by the web browser,” he writes. “NebuAd and ISPs together cooperate in this attack against the intentions of the consumers, the designers of their software and the owners of the servers that they visit.”

Google confirms that the extra cookies and the extra packets are not coming from its site. “The sections in [Robb Topolski's] report that talks about Google are accurate,” says company spokesman Michael Kirkland. “We’re obviously aware of this issue and are looking into it.”

Forging packets as coming from a (somewhat) trusted source and using it to load your own code into the browser? If any hacking group were doing it, the feds would be working to roll them up. But gosh, if there’s a contract with an ISP, there’s probably a clause in your terms of service that requires to to let yourself be pwned (unless it’s by someone the ISP doesn’t approve of, in which case you’ll be thrown off their network instead). Oh, and if it turns out there’s no such clause, that would mean your ISP could be engaged in a conspiracy to violate antihacking statutes for profit. Whee.

But only if you make hand gestures while you do it.

Flirty texting could land Scots in jail for 10 years | The Register

The offence will be committed if someone sends an unsolicited text message to someone else which a court finds was designed to give the sender sexual gratification or to humiliate, distress or alarm the receiver.

Causing a person to see or hear an indecent communication is also an offence. It can be committed by reading “a passage in a book or magazine” or by communicating the sounds of actual or simulated sexual activity or by communicating in sign language.

It will be up to prosecutors and courts to decide which communications are serious enough to warrant the heavy jail terms,

I have mixed feeling about this. On the one hand harassment for sexual purposes is just as criminal as harassment for any other purpose. But in a country where judges can go easy on pedophiles who only boff particularly seductive six-year-olds, I don’t feel all that good about the discretion that’s going to be exercised.

BBC NEWS | Africa | Nigeria launches $10bn oil spree

But the real push to spend such a large chunk of money from the nation’s oil coffers came not from the public, but from state governors.

Haggling

Nigeria’s power grid has all but totally collapsed.

Investment and job creation are almost impossible without a reliable electricity supply. The government promised to repair it, and said it needs to spend some of the nation’s savings to do so.

But state governors refused to allow funds to be withdrawn without getting a share.

“It was necessary to carry the state governments along,” a Ministry of Finance spokesman said.

“They have to plug holes in their budgets or deliver programmes they have promised their people.”

But civil society activists say there might be a more sinister outcome - the money might be frittered away or stolen.

I feel sad about this story, because there’s such a strong undercurrent of opinion that Nigeria shouldn’t have a functioning electrical grid, because they broke the one they had, or something. Electricity is, as the article notes, an essential ingredient for economic development. And the country has $18 billion in oil revenues socked away, of which it plans to spend $5 billion for the power grid. But oh, no, this “spree” could result in inflation (even though an enormous chunk of the money will be going to foreign contractors).

And yeah, the other $5 billion for provincial governments: maybe ugh, maybe not. Without a little more detail we have no idea whether the activists are blowing smoke. But the overall impression I get is that the best thing according the the BBC would be for the $18 billion to keep sitting in banks in rich countries, drawing minimal interest, while Nigerians remain desperately poor and without the capital to help themselves.

The tragic story of 1st Sgt. Jeff McKinney - Army News, opinions, editorials, news from Iraq, photos, reports - Army Times

Studies by the Army, the Defense Department, Rand Corp. and others cite the same reasons why troops with mental health issues don’t seek help: fear of being seen as “weak,” inadequate access to care, concern that asking for help can hurt a career, and guilt about letting battle buddies go out on patrol without them.

Among the troubling factors is that, like McKinney, many of those who choose suicide aren’t young first-tour junior troops. Forty-seven percent of soldiers who have killed themselves in theater are older than 30. And half were in paygrades E-5 or above. Experts are concerned that it’s harder to spot signs of potential suicide in such war-hardened veterans.

McKinney’s family believes that if his chain of command had paid closer attention to the symptoms, his death might have been avoided. And they hope that by talking about it now, months after his death, they might help prevent other suicides.

This isn’t people who don’t know what war is about. It’s people who do. Read the whole damn thing. The whole story reeks of people who just didn’t want to see that there was any kind of problem, didn’t even bother to think that going without sleep for days on end is really a bad idea.

Phorm failed to mention ‘illegal’ trials at Home Office meeting in 2007 | The Register

The Home Office held a private meeting with Phorm in August last year, but BT’s interception and profiling partner did not disclose that it had completed an allegedly illegal trial of its technology on tens of thousands of unwitting broadband subscribers just weeks earlier.

newsobserver.com | U.S. company: crash lawsuit governed by Islamic law

The crash of Blackwater Flight 61 occurred in the rugged mountains of central Afghanistan in 2004, killing three soldiers and the three-man crew.

The widows of the soldiers sued Presidential Airways, Blackwater’s sister company, which was under contract with the U.S. military to fly cargo and personnel around Afghanistan.

Presidential Airways argued that the lawsuit must be dismissed; legal doctrine holds that soldiers cannot sue the government, and the company was acting as an agent of the government.

Last year, a series of federal judges dismissed that argument.

In April, Presidential asked a federal judge in Florida to dismiss the lawsuit because the case is controlled by Afghanistan’s Islamic law. If the judge agrees that Afghan law applies, the lawsuit would be dismissed. The company also plans to ask a judge to dismiss the lawsuit on the constitutional grounds that a court should not interfere in military decision-making.

The National Transportation Safety Board has blamed the crash on Presidential for its “failure to require its flight crews to file and fly a defined route,” and for not providing oversight to make sure its crews followed company policies and Pentagon and FAA safety regulations.

Apparently they’re trying to throw everything at the wall and see if any of it with stick, and ignoring the fact that pretty much all of their rationales for why the suit should be thrown out contradict each other. (And anyway, just how do you determine the “law” of a country where much of the territory is governed by “I don’t like you, I shoot you if I can get away with it”?)

But what really struck me is that this pleading to be judged under Sharia law, Erik Prince has perhaps become the first honest-to-goodness Islamofascist to be spotted outside the confines of neocon ravings.

Soldiers risk ruin while awaiting benefit checks - NYTimes.com

Most permanently disabled veterans qualify for payments from Social Security and the military or Veterans Affairs. Those sums can amount to about two-thirds of their active-duty pay. But until those checks show up, most disabled veterans draw a reduced Army paycheck.

The amount depends on the soldier’s injuries, service time and other factors. But a typical veteran and his family who once lived on $3,400 a month might have to make do with $970 a month.
…

In a change in policy that took effect last August, the Army is allowing wounded soldiers to continue to draw their full Army paychecks for up to 90 days after discharge, Baker said. It is also sending more VA workers to Army posts to process claims more quickly, and trying to do a better job of informing soldiers of the available benefits and explaining the application process.

…

She acknowledged, however, that the changes have been slow to take hold across an Army stretched by war. ”It’s definitely a practice that is new. It takes awhile for new practices to be institutionalized,” the colonel said.

So let me understand this: the DoD in its wisdom decides that a soldier is too badly injured to remain in the service. Then, and only then, do they begin the process of deciding whether they’re badly-injured enough to receive disability payments. And while they’re doing that, if the former soldier disagrees with their assessment of disability, the soldier gets bupkis — not even the lesser amount — while the disagreement is being worked out. Oh, and if the soldier moves, say to a lower-cost area closer to family, or to somewhere closer to a VA hospital that can treat their disability, they get bupkis for another few months until someone has shuffled the paperwork around.

And the excuse for this is that the war has put strains on the Army. You mean strains like having tens of thousands of young men and women who have lost arms, legs, faces, brain function? Nah. Strains like having tens of thousands of additional files to pass around.

‘Lyrical terrorist’ has conviction quashed | UK news | guardian.co.uk

A former Heathrow shop assistant who called herself the “lyrical terrorist” and was the first woman sentenced under new anti-terror laws today had her conviction overturned.

Samina Malik, 24, from Southall, west London, was convicted under section 58 of the Terrorism Act in November last year after she wrote poems celebrating the beheading of non-Muslims.

Today, she won an appeal against her conviction for collecting personal information likely to be useful to a person committing or preparing an act of terrorism.
…
The lord chief justice, Lord Phillips, sitting in the court of appeal with Justice Goldring and Justice Plender, quashed the conviction after the Crown Prosecution Service (CPS) conceded it was unsafe.
…

Phillips explained in today’s judgment that in February the court of appeal gave detailed consideration to section 58 of the Terrorism Act. It ruled that an offence would be committed only if the document or record concerned was likely to provide practical assistance to a person committing or preparing an act of terrorism.

Propagandist or theological material did not fall within the section, he said.

In Malik’s case, the jury was told 14 documents - out of 21 – that did not fall within Section 58 were also capable of founding a conviction.

I’m a little confused by the prosecution’s closing comment, along the lines that, yeah, they clearly couldn’t get a conviction at retrial with the evidence they had left, but they were glad they’d brought the case anyway.