http://news.com.com/2100-7349_3-6090860.html
Illinois university hit with security breach
By Dawn Kawamoto Story last modified Wed Jul 05 16:14:35 PDT 2006
Western Illinois University is notifying more than 180,000 people that their personal data is at risk after hackers entered its networks.
The university said it mailed the last of its notifications on Monday to people whose Social Security number, credit card account number and other sensitive information were on the student service servers in the security breach.
"The breach occurred on June 5 through our electronic student services system servers. They do frequent checks on their system and discovered the breach within hours after it occurred," [Very impressive!] said Darcie Shinberger, a spokeswoman for Western Illinois University.
The incident affects alumni and students who attended the institution between 1983 to the present, as well as 1,000 individuals who were there from 1978 to 1982. Anybody who purchased items online from the university's bookstore or who stayed at the university union hotel also may have had their data exposed, [Strange definition of “Student”] Shinberger said, but could not specify a date range.
The hacked servers house Western's electronic student services system, which is used to run the university's admissions Web site, financial aid, bookstore and hotel.
Western Illinois University distributed e-mail notices to those affected on June 15 and began following that up with mailings last week. It has not received any reports from its public safety office of individuals having their personal information compromised as a result of the incident, Shinberger said.
For the school to say it has no evidence that private information has been used to commit identity theft is disingenuous, said Avivah Litan, an analyst at research firm Gartner. Unless a school has taken an extensive review over an extended period, there's no sure way of determining whether the hackers have profited from the information, Litan said.
In addition, victims of identity theft will often turn to other sources to report the problem, such as their credit card companies or local police, before notifying the place where the breach occurred.
Following the incident, Western Illinois University, which serves 13,400 students and has an alumni base of 95,000, [13,400 + 95,000 = 108,400 Are the other 70,000 just passers-by?] began installing new security measures. It is reviewing its policies for storing information and handling online credit card information.
The security breach is not the first for the university. A few years ago, a student broke into Western's computer system and began rifling through his or her own virtual records.
"We have never had anything of this magnitude. This is a first for us," Shinberger said. "There are always risks when doing business online."
Perhaps one of the strongest indicators of the level of security at U.S. universities is that even after a string of major breaches at such places as Ohio University, Notre Dame University and the University of Texas, hackers continue to find their way into college computer systems.
The pervasiveness of security breaches there stem, in part, from the way educational institutions are set up. Universities and colleges desire an exchange of ideas and information and, as a result, maintain relatively open networks. Security experts have noted that this situation may well be to blame for security breaches at institutions.
No sweat. People who invest in hedge funds have no political clout.
http://www.bloomberg.com/apps/news?pid=20601103&sid=auAh0Q8WqE.w&refer=us
Bisys Loses Details of 61,000 Hedge Fund Investors (Update2)
July 5 (Bloomberg) -- Bisys Group Inc. said personal details about 61,000 hedge fund investors were lost when an employee's truck carrying the files was stolen.
Backup tapes with the information, including the social security numbers of 35,000 individuals, were being moved June 8 between the Roseland, New Jersey-based Bisys RK business unit to another facility, said Amy Conti, a Bisys spokeswoman.
The loss by Bisys, a provider of administrative services to financial companies, is among more than 100 similar thefts reported since January by the U.S. San Diego-based Privacy Rights Clearinghouse. The organization's Web site shows two or more losses of sensitive records every week, including confidential information on 28.6 million U.S. veterans in a laptop stolen from the home of a Department of Veteran Affairs analyst.
The Bisys tapes can only be read with “sophisticated hardware and proprietary software,” [A tape drive?] Conti said in an interview from Roseland, New Jersey. “We began calling our clients last week to notify them.''
Conti, who declined to identify the hedge funds, said police and private investigators believe the tapes were thrown away. [Based on what? Their psychic detective? Bob]
“The police are on the opinion that this was a joy ride, and the contents disposed of,'' she said. ``We believe these files weren't compromised, but we have a legal and moral requirement to let investors know.''
No doubt the information was just “Thrown away”
http://abcnews.go.com/Business/story?id=2158141&page=1
Payroll Firm Scammed Out of Personal Data
Scammer Asked for Data and Got It
By DAN ARNALL
July 5, 2006 — - The latest corporate data breach is from a company you may never have heard of, even though one in six American workers gets paid by the firm.
Automatic Data Processing, one of the world's largest payroll service companies, confirmed to ABC News that it was swindled by a data thief looking for information on American investors.
According to a company spokeswoman, ADP provided a scammer with personal information for an undisclosed number of investors who had purchased stock through brokerages that use ADP's investor communications services. Initial reporting indicates that these firms include a number of brand-name brokers, including Fidelity.
The company spokesperson said the data thief exploited a Securities and Exchange Commission rule that allows public companies to get names and addresses of shareholders from brokers, as long as the shareholder has not objected to the disclosure of such information.
The thief apparently impersonated a corporate officer from a public company and got ADP to send the information. The company declined to answer questions about its data security measures or why its existing measures did not prevent the data loss.
ADP refused to disclose the number of individuals affected by the data theft, but said that the loss, which occurred between November 2005 and February 2006, resulted in the "inadvertent disclosure" of investors' names, mailing addresses and the number of shares they held in certain companies. No Social Security numbers or account information were disclosed.
"ADP notified federal law enforcement authorities promptly after its discovery of the problem in February 2006," said Dorothy Friedman, an ADP spokeswoman, in a prepared statement. "Shortly thereafter, ADP notified its broker clients. Law enforcement authorities are continuing to investigate the matter."
Some customers whose personal data was compromised have received a letter from ADP. The three-page letter contains a list of 60 "affected companies," including HealthSouth and Sirius Satellite Radio among many smaller corporate names.
"We have been advised that the information disclosed was not sufficient by itself to permit unauthorized access to your account, and we have no evidence that the information on the lists has been improperly used," reads the customer notification. "However, we recommend that you be alert to any unusual or unexpected contact or correspondence that you may have with the listed public companies (or with anyone else) about your holdings in these companies."
The letter then goes on to encourage affected customers to consider contacting one of the national credit bureaus to discuss getting a fraud alert service. ADP says federal authorities are investigating the matter.
Identity theft can be low-tech too...
http://www.newsobserver.com/145/story/457732.html
Personal data were sought, police say
Triangle Briefs: Published: Jul 06, 2006 12:30 AM Modified: Jul 06, 2006 03:12 AM
From Staff Reports
DURHAM - A Burlington man was jailed Tuesday after, authorities say, he was going door-to-door and posing as a government worker to gain residents' personal information.
Rashod Lamont Whitfield, 26, was charged with impersonating a law enforcement officer and resisting police after a deputy with the Durham County Sheriff's Office confronted him. Deputy Shane Fowler said Whitfield was knocking on doors on Hadrian Drive, asking people for their personal information. When the deputy confronted Whitfield, the suspect said first he was a Burlington police officer, then said he was the sheriff, Fowler said.
Dr. Frankenstein (without the grave robbing?)
http://www.wired.com/news/technology/medtech/0,71276-0.html?tw=rss.index
Tweaking Genes in the Basement
By Allen Riddell 02:00 AM Jul, 06, 2006
In the 1970s, before the PC era, there were computer hobbyists. A group of them formed the Homebrew Computer Club in a Menlo Park garage in 1975 to trade integrated circuits and swap tips on assembling rudimentary computers, like the Altair 8800, a rig with no inputs or outputs and half a megabyte of memory.
Among the Club's members were Apple founders Steve Wozniak and Steve Jobs.
As the tools of biotechnology become accessible (and affordable) to a wider public for the first time, hobbyists are recapturing that collaborative ethos and applying it to tinkering with the building blocks of life.
Eugene Thacker is a professor of literature, culture and communications at Georgia Tech and a member of the Biotech Hobbyist collective. Just as the computer hobbyists sought unconventional applications for computer circuitry, the new collective is looking for "non-prescribed uses" of biotechnology, Thacker said.
The group has published a set of informal DIY articles, mimicking the form of the newsletters and magazines of the computer hobbyists -- many of which are archived online. Thacker walks readers through the steps of performing a basic computation using a DNA "computer" in his article "Personal Biocomputing" (PDF). The tools for the project include a $100 high school-science education kit and some used lab equipment.
Other how-to articles guide readers through cultivating skin cells and "Tree Cloning" -- making uniform copies of plant tissue.
Thacker calls the spirit of his article "playful," but adds that it's entirely possible that hobbyists could be part of the future of important biotechnology.
"The people in the Homebrew Computing Club didn't all aim to be Bill Gates," Thacker said. "Nobody knew what was going to happen. There was an interest in the technology as it first became accessible to people who didn't work in big corporations."
The Collective is the inspiration of Natalie Jeremijenko, who began the Collective in 1997. An artist and professor of Visual Arts at the University of California at San Diego, Jeremijenko says the virtue of the hobbyist's "hands-on, DIY mentality" lies in its power to engage a wider audience in the issues surrounding biotechnology.
"Messing with the stuff of the future allows you to have an opinion and to participate in the political process that determines our technological future," she said. "It's a little theoretical; it's also fun."
She conjures Benjamin Franklin as the patron saint of the hobbyist. Rather than appealing to God or to experts, Franklin appealed to the "sense-making of the everyman," she said.
With the tools of the biotech amateur now available for purchase -- used laboratory equipment has its own section on eBay -- some have asked why "garage biotech" has not spread even further.
The main factor limiting an amateur biotech community is the immaturity of the technology, according to Drew Endy, a biological engineering professor at MIT. "Even though it's cheap it's extraordinarily difficult," he said. "The technology isn't reliable enough."
And there's another reason.
"People are very comfortable manipulating silicon," said Endy. "A lot of people, to be blunt about it, are not comfortable with taking responsibility for the manipulation of genetics."
Kim Coghill, a spokeswoman for the Biotechnology Industry Organization, was wary of a potential Bill Gates of biotech starting out as an amateur. "I hope he's not doing (something) in his basement without the guidance of the FDA," she said.
All the members of the collective are familiar with the case of Steve Kurtz, a professor and artist who has had to defend himself against accusations of "bio-terrorism" after local police happened upon his amateur home lab in May 2004.
He says his case has had a moderate "chilling effect."
"Amateurs need experts," Kurtz said. "We come to them with ideas and ask them for help. Scientists are (now) a lot more hesitant to get involved."
Kurtz adds that Tepnel, the company selling a biokit used to conduct a homebrew test for genetically modified organisms designed by Critical Art Ensemble, now refuses to sell to the general public.
While inconvenient, none of these obstacles will stop amateur engagement in the long-term, says Kurtz.
"They're not doing it because it's trendy -- people like the Biotech Hobbyist Collective," he said. "They authentically believe in what they're doing."
http://www.bespacific.com/mt/archives/011723.html
July 05, 2006
Most Large North American Organizations Subjected to Security Breaches
Press release: "CA today announced a new security survey of 642 large North American organizations which shows that more than 84% experienced a security incident over the past 12 months and that the number of breaches continues to rise. According to the findings, security breaches have increased 17% since 2003. As a result, 54% of organizations reported lost workforce productivity; 25% reported public embarrassment, loss of trust/confidence and damage to reputation; and 20% reported losses in revenue, customers or other tangible assets. Of the organizations which experienced a security breach, 38% suffered an internal breach of security."
http://www.bespacific.com/mt/archives/011721.html
July 05, 2006
Handbook on Military Law
Steven Aftergood: "The 2006 edition of the Operational Law Handbook (598 pages, PDF) published by the Army Judge Advocate General is "a 'how to' guide for Judge Advocates practicing operational law. It provides references and describes tactics and techniques for the practice of operational law."
Related government documents:
Show me the software, then show me the “fixed” software. (Then show me the law/contract that says you don't have to pay when you lose...)
http://techdirt.com/articles/20060705/1154242.shtml
New Casino Business Model: Any Time Someone Wins, Blame The Software
from the stacking-the-odds dept
Everyone knows that casinos stack the odds against players. That's the business model. However, every once in a while they need to pay out large amounts, because it's the possibility of such payouts that keep people coming back, despite their long odds. It appears one casino has come up with an ingenious method to stacking the odds even further: when someone wins a big jackpot on a computerized Keno machine, just claim the winning results were a software glitch and refuse to pay (found via digg). The men who did not get their prize are hiring lawyers to discuss the matter. The casino claims that they're not liable for any "malfunction." Of course, the article isn't entirely clear on exactly what the malfunction was -- but it seems like they should pay up, and if they have a problem with the machine, they should take it up with the machine's manufacturer.
No comments:
Post a Comment