Oh, gee! What a shock!
http://www.metrowestdailynews.com/homepage/8998981813082783742
Bankers group says fraud tied to TJX data breach
By Andrew J. Manuse/Daily News staff Wednesday, January 24, 2007 - Updated: 06:21 PM EST
FRAMINGHAM - The Massachusetts Bankers Association on Wednesday reported the first cases of fraud linked to the security breach announced last week by The TJX Cos. Inc., which operates T.J. Maxx, Marshalls and other stores.
The Boston trade group said several of Massachusetts banks reported debit and credit card information was fraudulently used to make purchases in Florida, Georgia and Louisiana, and in Hong Kong and Sweden.
“Right now it's just a handful of cases, but we think it's going to increase significantly,'' said Bruce Spitzer, a spokesman for the bankers association. “As we go forward, and the cases increase, we're not going to be able to count them all. [“Management admits it can't count!” Bob] Our intention is to make people aware that they need to be extra vigilant in monitoring their accounts and your bank has to do that as well.''
... Sherry Lang, a spokeswoman for TJX, said the segment of data the company knows was stolen from its computers included “substantially less than millions of account numbers.'' She said she was unable to give a more definitive number because the company itself does not know the extent of the breach.
... “If it comes back to us, we will deal with it appropriately, but we'd need appropriate documentation (of the fraud).'' [“Which we will probably not be able to match...” Bob]
... The breach was discovered in mid-December but was kept secret until last week because of a company decision as well as a request from law enforcement officials.
“Part of the reason we held off was we believed, in doing so, we would be further protecting the data of our customers,” Lang said. [Security through obscurity! Bob]
We should probably start a lawsuit database to compare strategies on these Identity Theft cases...
http://www.indystar.com/apps/pbcs.dll/article?AID=/20070124/BUSINESS/70124028
1:24 PM January 24, 2007
St. Francis sued over info breach
Star report
A lawsuit filed in Marion County accuses Sisters of St. Francis Health Services and its outside contractor of exposing 260,000 patients in Indiana and Illinois to the possibility of identity theft.
Greenwood resident Michael Chaney, one of the victims receiving a letter from contractor Advanced Receivables Strategy, is suing the hospital system and ARS over what his attorney claims were violations of privacy and negligence.
The breach occurred last summer, when an employee of Tennessee-based ARS mistakenly left compact discs containing patients' names and Social Security numbers in a computer bag being returned to a retail store. The patients were notified about the incident in October.
Chaney's lawyer, Scott Benkie, filed a federal lawsuit at U.S. District Court seeking class-action status, a suit that he said was voluntarily dismissed. The new suit filed Tuesday was done in Marion County Superior Court.
Chaney told the Star that he decided to sue because he felt his personal information was handled carelessly.
The suit filed Tuesday seeks damages of at least $1,000 for each affected class member. The CDs contained information on about 260,000 patients and about 6,200 employees, board members and physicians associated with St. Francis.
There's a question still as to whether people had their information breached because of the exposure.
"We've had a few people contact us who had issues with their information," Benkie said.
Looks like someone was paying attention – and not the school district. (You should only make statements like this if you are willing to bet your job.)
http://www.corsicanadailysun.com/news/local_story_024100443.html
CISD says new system secure
By Janet Jacobs
— Call it the Permanent File to end all permanent files.
When the Corsicana school system goes to the new Skyward student records computer system, expect it to be fairly encompassing, but it’s got some parents concerned about privacy.
The new records system is capable of compiling all the information about every child in the district, keeping it as long as the student is enrolled. [“When your child's college wants a transcript, we'll tell 'em, “Sorry, we deleted everything upon graduation – for privacy reasons, you know.” Bob]
This includes health and immunization records, attendance, class schedules, grades, discipline, school bus route, or pickup times, even locker combinations, although it’s unsure how much of that will be used immediately.
... Corsicana will only be using the student records software for now. At a future date, the district could add the nutrition software, which keeps track of everything a child buys in the cafeteria.
Tools & Techniques Looks like vendors are starting to offer tools that management should already have in place...
http://www.eweek.com/article2/0,1759,2087164,00.asp?kc=EWRSS03119TX1K0000594
Provilla to Fight Leaks with Document 'Fingerprints'
January 24, 2007 By Matt Hines
A software startup is hoping to plant its flag in the rapidly expanding data leakage prevention sector using a technique that marries traditional endpoint security controls with a document-based system that assigns a digital fingerprint to each piece of protected content.
Provilla, based in Mountain View, Calif., moved out of quiet mode on Jan. 22 and launched its first product, LeakProof, an application sold as an appliance, which aims to help companies stop workers or outside attackers from either mistakenly or intentionally copying sensitive data from their networks into messaging systems, Web applications or mobile storage devices.
As part of the launch, Provilla also introduced LeakSense, a free software application that promises to help administrators observe workers' data-handling activities and isolate potential problems that programs such as LeakProof seek to prevent.
THIS is what erodes freedoms... Indifference.
http://www.eweek.com/article2/0,1759,2087177,00.asp?kc=EWRSS03119TX1K0000594
Survey: Nobody Really Cares that Big Brother Is Watching
January 24, 2007 By Deborah Perelman
Despite employer policies, threats and monitoring, the vast majority of workers still use company technology for personal use, according to a survey commissioned by Lawyers.com, released Jan. 24.
Though nearly one-half (45 percent) of respondents reported that they been explicitly informed by superiors that their technology usage at work is monitored, most still use it for personal tasks, the survey found.
Of the adult U.S. office workers surveyed, 69 percent said they use the Internet for non-work purposes while at work; 69 percent said they make and receive personal phone calls on their work telephones; and 55 percent said they send or receive personal e-mails on work e-mail accounts.
Almost three-quarters of those surveyed, 73 percent, reported that they are as likely or more likely to use the Internet at work for personal reasons than they were two years ago, and 68 percent reported the same in regard to personal e-mail.
According to the survey results, younger workers were more likely to make information about their private lives available online, opening themselves up to unintended exposure in front of employers. Of the 18- to 34-year-old workers surveyed, 71 percent maintained some sort of personal Web site, blog or personal networking account, 52 percent had MySpace or Facebook profiles, and 13 percent currently had online dating accounts.
Younger workers were also the most likely to use their employers' technology for personal reasons. Nearly three-quarters (72 percent) reported checking personal e-mail accounts during work (compared to 61 percent of the total surveyed), and 77 percent said they used their Internet access at work for personal reasons (compared to 69 percent of office workers overall).
At least the ISPs are safe...
Wednesday, January 24, 2007 4:03 PM/EST
Fox's Piracy Czar Subpoenas YouTube over Pirated "24" and "Simpsons" Episodes
D'oh! Twentieth Century Fox has subpoenaed YouTube to reveal the identity of users who uploaded four episodes of the TV series "24" and twelve episodes of "The Simpsons," Google Watch has learned.
The subpoena reads, in part:
On or about January 8, 2007, Fox became aware that a subscriber ("the Subscriber") of YouTube Inc.s' Internet-based service uploaded pirated copies of the works onto YouTube, making it available for illegal viewing over the Internet to anyone who wishes to watch it. Fox has not authorized this distribution or display of the works. The subpoena request YouTube, Inc. to disclose information sufficient to identify the Subscriber so that Fox can stop this infringing activity.
YouTube declined to comment. A phone call to Fox's legal representation was not returned.
The subpoena includes the testimony of Jane Sunderland, vice president of content protection and anti-piracy for the Fox Entertainment Group.
Sunderland's portion of the subpoena, which is her personal testimony that the infringing activity is occurring, says that Fox has been unable to determine on their own who has been uploading the Works. The uploaded Works are also causing Fox irreparable harm (standard legal language).
Sunderland also testifies that Fox sent an official letter to YouTube on January 8. Although I haven't been in touch with News Corp yet, I assume YouTube didn't remove the videos promptly enough, hence the official subpoena.
A quick search on YouTube only revealed trailers for "24," although given how poorly the site's search function works some videos may yet exist. There are several Simpsons excerpts available, though I didn't see any full episodes.
Update: Andrew Wallenstein and Carl DiOrio at The Hollywood Reporter have more details about the subpoena, including the YouTube user's name (ECOTotal) and that a subpoena was also served to a site called LiveDigital.
This means my blog is safe, right?
http://techdirt.com/articles/20070124/093337.shtml
Court Reinforces, And Even Expands, Site Owners' Immunity For Other People's Content
from the no-libel-for-you dept
The Communications Decency Act, passed in 1996, was, like so many other government attempts to regulate technology, something of a mess. However, it does have one bright spot: Section 230, which generally says that site providers aren't liable for content on their sites which they didn't post. Typically, this refers to things like comments and forums. For instance, if a commenter here made a libelous or otherwise defamatory statement, they're liable for it, not Techdirt. This has been held up several times in various courts, because it makes sense to target the actual source of the defamation, not the platform provider. There have been repeated efforts to narrow the scope of Section 230, but a recent decision seems to have expanded it a little bit.
A federal judge in Texas has ruled that Yahoo wasn't liable in a civil case for an child pornography online group set up and moderated by a user on its servers. The user's in jail on criminal charges stemming from the group, but a civil suit targeted the ISP with a variety of claims, though the judge ruled that Section 230 gave them immunity, even though it was alleged Yahoo had broken the law by hosting child porn. This means that people can't file civil cases against site owners or hosting providers, and use the allegation of criminal conduct as a way to get around Section 230. The law was also intended to foster self-regulation of obscene and illegal content by service providers, and immunity is an important aspect of that. Lawsuits often try to allege that if a service provider regulates any content on their servers, they're legally liable for all of it -- something that's wholly impractical, particularly for a service the size of Yahoo Groups. The judge rightly notes in the decision (PDF) that to allow suits on either basis (alleging criminal activity, or that any level of regulation creates liability) would have a chilling effect on online speech, which is something Congress didn't want to do in enacting the law. To do so would not just stifle online speech, but it would also stifle innovation -- since any sort of interactive or user-generated content could create an impossible level of legal liability for site owners.
“Hi there! Allow us to demonstrate why we should be trusted to conduct your elections...”
http://techdirt.com/articles/20070123/134221.shtml
Diebold Shows Anyone How To Break Into Their E-Voting Machines
from the yikes dept
Well, this is just fantastic. Following the claims that there's no real problems with e-voting machines, almost immediately followed by reports of massive fraud with e-voting machines in Brazil, Alex Halderman is pointing out that Diebold, in their infinite wisdom, are making it ridiculously easy to break into their machines. Halderman was a part of the team that showed that Diebold's locks on their e-voting machines used a default key that was common to many hotel minibars and could be found easily in many places. However, the researchers who noted this were still careful never to show the actual key, preferring not to help anyone who seriously intended on breaking into the machines. Diebold, on the other hand, isn't so careful. The company, that has continually played down reports of security flaws is apparently selling the very key you need to break into their boxes on their online site... with a picture of the key. You need to be a Diebold account holder to buy it, but anyone can look at the key and then figure out how to make their own copy -- and, in fact, that's exactly what someone did. He used the picture to cut his own keys and sent the keys to Halderman, who found that two of the three keys opened the Diebold locks with ease. The guy who discovered this notified Diebold a month ago, but Diebold did not respond and has not removed the image of the key from their website. [Up until now, it was merely ignorance, now it's stupidity. Bob
Well, that makes imperfect sense.
http://digg.com/world_news/Border_Patrol_ordered_Not_to_Arrest_Illegal_Border_Crossers
Border Patrol ordered Not to Arrest Illegal Border Crossers
U.S. Border Patrol agents have been ordered to NOT apprehend people crossing our border illegally.
http://www.metacafe.com/watch/398640/border_patrol_ordered_not_to_arrest_illegal_border_crossers/
Looking for a template for your presidential campaign?
http://www.bespacific.com/mt/archives/013711.html
January 24, 2007
Guiliani Dossier of Campaign Documents Online
From Politico.com, "a dossier [126 pages, PDF] of confidential Giuliani campaign documents of which the campaign lost possession in early November [2006]. The documents appear to have been prepared by Giuliani's chief fundraiser, Anne Dickerson. Some personal information, largely cellular phone numbers, was redacted."
I wonder if we'll start seeing a lot of similar recommendations?
http://slashdot.org/article.pl?sid=07/01/24/210234&from=rss
Koreans Advised to "Avoid Vista" for Now
Posted by ScuttleMonkey on Wednesday January 24, @05:19PM from the as-long-as-warcrack-still-works dept. Windows Software
An anonymous reader writes "The Chosonilbo reports that several government ministries in South Korea are advising users not to install Windows Vista, at least until popular online services can be made compatible. The problem is that ActiveX is pervasive in the Korean webspace, employed by everyone from web games to online banking. Upgrading to Vista is expected to render many of these services unusable. Portions of the popular "Hangul" word processor, a major competitor to Office in that country, are also not functioning under Vista. The Ministry of Information is planning to publish compatibility information for popular websites, and urging users to carefully research the implications of upgrading."
[Interesting that they blame this on Bill Clinton... See the comments. Bob]
...there's not enough tension in the world... So much for the “we need the energy” argument.
http://www.telegraph.co.uk/news/main.jhtml?xml=/news/2007/01/24/wiran24.xml
N Korea helping Iran with nuclear testing
By Con Coughlin Last Updated: 3:23pm GMT 24/01/2007
North Korea is helping Iran to prepare an underground nuclear test similar to the one Pyongyang carried out last year.
No comments:
Post a Comment