For more than a decade, the Census Bureau posted on a public Web site the Social Security numbers of 63,000 people who received financial aid, officials said yesterday. The apparent violation of federal privacy law prompted concerns about identity theft.

Government officials removed the data from the Web site on April 13, the day they were alerted to the breach by an Illinois farmer who discovered the numbers while surfing the Internet. They did not publicize the matter until yesterday, saying they needed the delay to enable information-security officials to contact those whose numbers were revealed and to contact “at least a half-dozen” mirror sites.

“We take full responsibility for this and offer no excuses for it,” said Terri Teuber, a spokeswoman for the U.S. Department of Agriculture. “We absolutely do not think it was appropriate.”

A watchdog group countered that officials tried to suppress the news.

“The bottom line is the government screwed up,” said Gary Bass, executive director of OMB Watch. “What’s really important is that they now try to rectify the problem. Thousands of research groups have copies of this site.”

Government officials said they knew of no misuse of the personal data, but the breach underscores the ease with which such data can be exposed in the digital age.

Source: washingtonpost

Pirates around the world have fired another shot with the first release of the first full-resolution rip of an HD DVD movie on BitTorrent. The movie, Serenity, was made available as a .EVO file and is playable on most DVD playback software packages such as PowerDVD. The file was encoded in MPEG-4 VC-1 and the resulting file size was a hefty 19.6 GB.

This release follows the announcement, less than a month ago, that the copy protection on HD DVD had been bypassed by an anonymous programmer known only as Muslix64. The open-source program to implement this was called Backup HDDVD and was released in a manner designed to put the onus of cracking on the user, not the software. To extract an unencrypted copy of the HD DVD source material required obtaining that disc’s volume or title key separately, which the software did not do. However, a key was later released on the Internet, and a method for extracting further keys is allegedly available as well.

Now that the genie is out of the lamp, so to speak, what will the reaction be from the content industry? CyberLink, the makers of PowerDVD playback software, have already stated that the title keys were not obtained through their software, although this has yet to be conclusively proven. As for the content providers themselves, they have already said that they reserve the right to invalidate known pirated keys in the future. But to be of any use, they’ll first need to determine which software application is responsible for giving up the volume keys. If it is something like PowerDVD, future titles can require that the user upgrade their software in order to play discs—this can be made to happen automatically when new discs are first inserted.

Muslix64 and others involved in Backup HDDVD are deliberately not exposing the actual method by which the keys have been obtained. This is partly to protect themselves from legal repercussions, but also to ensure that whatever “hole” that is being exploited remains unpatched. In the ongoing war between the pirates and the content providers, the pirates appear to be winning, but who knows who will get caught in the crossfire?

Source: arstechnica (the full news article copied)