Monday, January 29, 2007

It's not there yet...

http://www.eyewitnessnewstv.com/Global/story.asp?S=6002518&nav=F2DO

Retailer discusses security breach in ads, Website

BOSTON The chairman of Framingham-based retailer T-J-X plans to post a video message on the company's Web site today discussing the computer breach that has left its customers worried about credit card fraud.

In full-page ads that ran in Boston newspapers over the weekend, chairman Ben Cammarata outlined the steps T-J-X has taken since the breach was discovered in mid-December.

Cammarata said the company waited about a month before alerting customers at the request of law enforcement, and used that time to (quote) "contain the problem and further strengthen our computer network to prevent further intrusion."

Cammarata said based on the company's internal investigation, it does not believe transactions at "Bob's Stores" were affected by the breach, nor were any credit cards issued by Canadian banks.



Low risk? Perhaps we need an incident ranking system?

http://www.dfw.com/mld/dfw/16566523.htm

No evidence of ID theft in accidental post

By BRYON OKADA STAR-TELEGRAM STAFF WRITER Posted on Sun, Jan. 28, 2007

FORT WORTH - No evidence of identity theft has surfaced in the aftermath of the accidental posting of the Social Security numbers of substitute teachers on a Fort Worth school district internal Web page, district officials said Saturday.

The Social Security numbers of about 1,200 substitute teachers were briefly posted in error on an internal bulletin board for South Hills High School on Thursday evening.

As a caution, however, the district has notified individuals on the list and advised them to monitor personal financial transactions and report any unusual activity.

Officials stressed, however, that very few users bothered to look at the information.

"This is a one-time, unfortunate incident," Superintendent Melody Johnson said in a statement. "It was due strictly to human error not malicious intent on anyone's part. We are taking every precaution to make sure this doesn't happen again."

Because an automated substitute call system was malfunctioning at South Hills High School on Thursday, a manual system was used.

The substitute teacher list, which included Social Security numbers, was included as an attachment in a memo posted on the school's internal Web page some time after 6 p.m.

The numbers were removed by Friday morning. By then, however, the incident had been noticed by someone with internal access, and the information was given to KTVT/Channel 11. [Very difficult to hide this type of problem Bob]

District officials emphasized Saturday that this was a private, school-based electronic bulletin board for a relatively small group of teachers at one school and not accessible by the general public.

The district system includes a security program that records which computers viewed the information, district spokeswoman Barbara Griffith said.



A complete summary of privacy issues? I think not.

http://www.nj.com/news/gloucester/index.ssf?/base/news-1/116997033621830.xml&coll=8

License scanners raise privacy issue

Sunday, January 28, 2007 By Jim Six jimsix@sjnewsco.com

The next time someone wants to scan your driver's license, you might want to ask what will become of the scanned information.

In at least one New York town, a district attorney wants to give tavern owners a device that determines whether a driver's license is real or fake.

In New Jersey, the head of the Assembly Judiciary Committee wants to introduce legislation that will clarify exactly how scanned information can be used.

Who has these scanners? Bars, mostly, though in Los Angeles, they're in use at a courthouse and even at a councilman's office.

Retail stores also may be using them.

Is this a privacy concern?

Well, yes and no.

There is no covert information in a New Jersey driver's license, according to Sandy Grossman of the state Motor Vehicle Commission.

What is scanned is what can be seen by the eye: [“We just bought this nifty $800 scanner, and we gotta use it.” Bob] Name, address, date of birth, sex, eye color, height and driver's license number.

"There is no secret code," Grossman said.

"The problem is not the information they're getting. You're handing it over with the knowledge that they can look at your information. The problem is scanning and saving it to a database to use for something other than the acknowledged purpose," she said.

Last week, an Assembly Judiciary Committee heard reports that a Trenton nightclub had gathered information from driver's license scans of about 15,000 customers. MVC officials said the club owner voluntarily destroyed the database when asked to do so. [...and the backups? Bob]

There also were reports of an Atlantic City casino having swiped licenses to issue privilege cards, then using the data to offer customized complimentary services. In another report, customers whose licenses were scanned at an auto body shop received discount coupons in the mail.

According to the committee chair, Assemblywoman Linda Greenstein, D-Middlesex, the Driver's Privacy Protection Act describes some circumstances under which information on a driver's license is not considered confidential usually interpreted to mean that a license may be scanned. Generally, the exceptions are meant to allow verification of personal information.

The law that created New Jersey's digital driver's licenses, however, prohibits the information from being retained by whomever does the scanning, she said. [TJX only had a contract with Visa Bob]

There is also a federal law that bans the sale of information that has been scanned.

[??? Bob]

"It's not that there isn't a law," Greenstein said; her bill would be a "clarification, not a change."

"The card readers can detect fraud whether the card I handed you is counterfeit," said David Wald of the state Attorney General's Office. He said the scanner reads a bar code on the credit-card-sized license to verify its authenticity.

"As the law is interpreted, using the scanner is the same as taking my license and looking at it," said Wald.

Grayson Barber, a First Amendment lawyer who testified at the Assembly Judiciary Committee hearing on Jan. 22, said, "Individual citizens should have a remedy when their information is misused."

"The government has an obligation to protect its citizens' privacy. Most don't know that, if they give their information to the state, it is now up for grabs," Barber said. "The government agency can just give that information away for nothing."

Mark R. Baughman's company, Tricom Card Technologies Inc. of San Pedro, Calif., makes driver's license scanning devices. His products are used at the Los Angeles courthouse, as well as by tavern owners around the country.

"The only thing not already on the Internet is your driver's license number. There are a bunch of organizations that collect all this personal information and they publicize it. It's called the phone book," Baughman said.

He insisted that his products are management tools that can, for instance, tell a bar owner whether his bouncers are doing their jobs properly. Baughman acknowledged that his scanners do more than just collect the information; he also makes the software used to store the data.

"The State of New York is thinking of making them mandatory, and New Jersey who had the worst fake ID problem in the country might want to ban them. That won't make any sense," Baughman said.

"Three, four years ago, the ABC (Alcoholic Beverage Control) in California didn't like our device. Now, a bar that has been closed (for violations) can't reopen without one," he added.

The Assembly Judiciary Committee hearings "are just a jumping-off point for looking at the larger issue of privacy," said Greenstein.

Concerning "post 9-11 issues, we have barely scratched the surface of so many ways the government is trying to justify collecting more information.

"It's such an illusion that we have privacy," she said.



Is this just a case of “I'll bet you a six-pack of Jolt Cola that I can write a virus for your navigation system.” OR will there be a “national get-everyone-lost day?” (Amusing comments)

http://it.slashdot.org/article.pl?sid=07/01/28/1952238&from=rss

TomTom Admits Satnav Device Infected With Virus

Posted by kdawson on Sunday January 28, @03:22PM from the connect-at-your-own-risk dept. Security Handhelds Space

miserableles writes "TomTom has admitted to a UK security journalist that a number of GO 910 satellite navigation units shipped with two Trojans installed on the hard drive. But still no sign of an official warning on the TomTom website."



Podcasts from the SBA

http://www.sba.gov/idc/groups/public/documents/sba_homepage/tools_podcast_disaster_preparr.wma

Small Business Administration

Welcome to SBA Podcasting. Podcasting is a way to receive audio files over the Internet.

[I'll pass this one to my Business Continuity class...

Disaster Preparedness for Business Owners

Lori Adamo President, Code Red Business Continuity Services

Business disasters can occur at any time and any place. It’s a good idea to have an emergency plan, before the disaster hits.

Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)