Sunday, April 22, 2007

I wonder if TJX will be doing this in all 50 states?

http://www.ct.gov/dmv/cwp/view.asp?Q=335996&A=807

Consumer Alert for those Affected by the Theft of Information from TJX Companies

April 20, 2007

The Department of Motor Vehicles has been notified by TJX Companies of an incident of unauthorized access to personal information of nearly 18,000 people with Connecticut addresses. The firm advised customers to contact their local DMV office because information taken included license and social security numbers. Please be assured that all Connecticut licenses and ID cards are assigned a unique identifying number. Unlike the practice in some other states, the Connecticut driver license number is not connected in any way with your social security number. You do not need a new driver’s license.

Read what DMV is doing to protect your identity on your license. [Most interesting. Read this! Bob] The DMV is making this announcement in advance of a letter that TJX plans to re-send the week April 23, 2007, to 10,000 [Not all? Bob] of the original number of customers to advise them of additional credit protection opportunities.

.. There are also other steps you can take to protect yourself and to understand more about identity theft.

  • DMV has prepared a letter for all those affected by this unauthorized disclosure. If you would like a copy, please request it through this link.

Content Last Modified on 4/20/2007 5:39:49 PM



Note that this has not been headline news, nor has the story been picked up by other news sources.. Probably because the jokes are too self evident... Possibly because of the number of politicians named?

http://www.homelandstupidity.us/2007/04/21/astroglide-data-breach-exposes-customer-information/

Astroglide data breach exposes customer information

Special to Homeland Stupidity By Michael Hampton Posted: April 21, 2007 9:41 am

... Astroglide suffered a data breach this week. People who ordered the company’s products from their Web site from 2003 to the present may have had their names and email and shipping addresses published on the Internet.

The breach exposed information for as many as tens of thousands of Astroglide customers. The data was broken down by product and date and much of it is still available in Google’s cache. It’s not known at this time how long the information, which consisted primarily of Microsoft Excel spreadsheets and CSV formatted text files, was published online.

... Biofilm, Inc., was notified of the breach on Wednesday, and the company pulled most of the data from their Web site and placed a robots.txt file to cause search engines to (eventually) remove their cached copies of the personal data.

The breach was discovered when a person who had ordered a free sample of Astroglide searched for his own name in Google and found the Astroglide record of his request.

... This is important because aside from the thousands of records remaining in Google’s cache, a spreadsheet containing 4,529 records of people who ordered the company’s Silken Secret vaginal moisturizer product remains on Astroglide’s web site, available for download by anyone. Out of these records, 4,055 were identified as female, 472 identified as male, and two had no gender listed.



Honest! How refreshing!

http://www.eveningnews24.co.uk/content/news/story.aspx?brand=ENOnline&category=News&tBrand=ENOnline&tCategory=news&itemid=NOED21%20Apr%202007%2009%3A21%3A15%3A820

Email blunder leaves Sportspark bosses red-faced

DAN GRIMMER 21 April 2007 09:19

Bosses at the University of East Anglia Sportspark were forced to apologise after a member of staff accidentally sent out every one of their customers' email addresses to more than a thousand people. [At least they didn't blame the computer! Bob]

People who use the sports venue were sent the Sportspark E-Zine previewing a forthcoming charity event, but opened it up to discover their email addresses had been shared with almost 1,200 other customers.

The person sending out the email had accidentally forgotten to hide the email addresses of all the recipients who were getting the message - so everyone sent the message could read them.

The Sportspark was accused of breaking the data protection act and one person who responded to the message said: “I am sure I will not be the only one who is upset that their email addresses can be simply given away to more than 1,100 people so cheaply.”

Upon realising the mistake, Keith Nicholls, director of physical education and sport at the Sportspark, sent out an apology.

It said: “This should not have happened and I regret any problems this may cause you. In future I have arranged that the email will be checked by a second member of staff before it is sent.”



Write the law, then gather some facts. What's wrong with this picture?

http://www.reuters.com/article/governmentFilingsNews/idUSN1933708420070419

House panel approves anti-spyware bill

Thu Apr 19, 2007 7:59PM EDT

WASHINGTON (Reuters) - Legislation that would help protect consumers from harmful spyware that can harvest personal data from a user's computer was approved on Thursday by a U.S. House Energy and Commerce subcommittee.

... The Energy and Commerce Committee's panel on commerce, trade and consumer protection approved the bill on a voice vote. It plans to hold a May hearing on computer data breaches at retailer TJX Cos. Inc., which recently reported information was stolen on more than 45 million credit and debit cards.



See the picture of the cute little hand-held card scanner! I want one!

http://www.gothamist.com/2007/04/21/credit_card_sca.php

April 21, 2007

Credit Card Scam at Restaurants

The Manhattan DA's office announced that thirteen people were indicted in a identity theft scam. Credit card information from diners in Chinatown and other areas (Brooklyn, Westchester, Long Island, Florida, New Hampshire, New Jersey, and Connecticut) would be stolen by wait staff, using handheld credit card skimmers. A list of restaurants where the scam took place was not released.

One defendant, JD Kenny, would pay $35-50 per skimmed card information, [Outrageous! They should only cost $12 per... Bob] and then use that information to create fake cards. Then, another group of people were enlisted to use the fake cards and buy "high-end electronics merchandise – such as laptop computers, Sony Play Stations, GPS navigation systems, high-end digital cameras and IPods." The DA's office says each "shopper" was expected to make $1,000 of purchases per card; another defendant, Li-Chieh Pao, would pay the shopper 15% of the items' retail values and then sold the goods to stores in Queens.

This is not the first time restaurant workers have been known to skim credit card information - this happened at Tenement in 2005 and at Les Halles last year.



I wonder if my blog could aspire to such greatness?

http://www.boingboing.net/2007/04/21/mayor_of_boston_bans.html

Saturday, April 21, 2007

Mayor of Boston bans Boing Boing

Jake tried to access Boing Boing from Boston's free WiFi network and got this notice -- topped by the seal of the Mayor of Boston no less! Banned in Boston -- first they came for the Mooninites, then they came for the Boingers.

Want to defeat censorware? Let freedom ring!

Update: Seth sez, "The phrase 'Banned combination phrase found' is a characteristic message of the censorware Dan's Guardian. It seems some combination of words has triggered the 'isItNaughty' flag (that's what they call it). It would be an interesting legal case to see if you had the right to file a Freedom Of Information Act for the settings and block logs to find out the exact reason you got censorware'd."



I read these because I'm still trying to develop a “General Theory of Privacy,” (P=MC2) which has to include rules for disclosure...

http://www.bespacific.com/mt/archives/014620.html

April 20, 2007

Paper Addresses Consent for Disclosures of Health Records

Robert Gellman, Privacy and Information Policy Consultant: Consent for Disclosures of Health Records: Lessons from the Past (PDF), ver. 1.2, April 17, 2007. This paper addresses issues specific to the Maine health privacy law.



Yes it was the software. It wrote itself, then it failed to test itself. Fortunately it didn't blame the humans. Bad software!”

http://cbs2chicago.com/topstories/local_story_110224943.html

Software Blamed For Chicago Teachers' Checks Snafu

Flitches In New $19 Million Payroll Software Left Some Teachers Without Checks Friday

(CBS) CHICAGO The Chicago Teachers Union is giving the school system an "F" for payroll management.

Some teachers didn't get paid Friday and others got shortchanged.



Consider me paranoid, but doesn't this have e-Discovery implications?

http://it.slashdot.org/article.pl?sid=07/04/21/1257249&from=rss

Digital Media Archiving Challenges Hollywood

Posted by CowboyNeal on Saturday April 21, @09:14AM from the taping-over-m*a*s*h-reruns dept. Movies Data Storage IT

HarryCaul writes "Movies are moving to digital, but what about long-term archiving of the master source materials? Turns out it's harder for digital media than for contemporary analog. Data is being lost, and studios have to learn to cope. Phil Feiner of the AMPAS sci-tech division says when he worked on studio feature films he 'found missing frames or corrupted data on 40% of the data tapes that came in from digital intermediate houses' How to deal with it? Regular migration from old media to new media. Grover Crisp, says Sony has put in a program of migrating every two to three years. Other studios are following suit, but what about indie features? Will we lose films like we lost the originals of the 20s?"



Okay, perhaps security at nuclear reactors isn't all that it could be...

http://www.ncr-iran.org/content/view/3257/152/

Former Engineer Accused of Taking Nuclear Power Plant Codes to Iran

Saturday, 21 April 2007

AHN global news - Federal official are accusing a former U.S. engineer of taking security codes from the nation's largest nuclear power plant to Iran, reports say.

Mohammed Alavi, 49, is accused of downloading training materials and access codes from the Palos Verde Nuclear Generation Station to his computer while he was on a trip in Tehran, Iran.

According to published reports, Alavi was charged with violating a trade embargo law that forbids Americans from offering goods or services to Iran.

Alavi, a U.S. citizen, was reportedly visiting Iran to set up a new home and life for himself. He quit his job at Palos Verde in August after working 16 years, but still had access to some security codes. [Seems like that procedure isn't working. Bob]

The software Alavi allegedly used to download Palos Verde material allowed access to the power plant's layout and control rooms. Alavi reportedly used a Palos Verde user's identification to download the material.

It was reported that there was no security risk posed nor was the breach linked to the Iranian government. Federal officials feared that potential danger could arise if the access codes were placed in the wrong hands.

... Palos Verde employees learned of Alavi's arrest and charge on April 21, when security procedures were changed.



Talk about your “high value” targets!

http://www.webware.com/8301-1_109-9711121-2.html

BuyYourFriendADrink update: It works!

By Caroline McCarthy – April 20, 2007, 12:48 PM PDT



Perhaps the best idea is: take a floppy to Kinkos?

http://hardware.slashdot.org/article.pl?sid=07/04/21/1331248&from=rss

Is Your Printer Ripping You Off?

Posted by CowboyNeal on Saturday April 21, @11:16AM from the or-only-its-maker dept. Printers Hardware

An anonymous reader writes "Are original inkjet cartridges really worth the high cost? Do third party refill inks do as good a job? This article looks at printers from Epson, HP, Canon and Lexmark, with a combination of original inks and the top selling third-party options, using a whole host of different papers. A panel of printer users judged the output in a blind test — the printer manufacturers may not be happy with the results!"



I suspect there will be many sites like this, with extreme specialization. (Eye color in female Shad in the Delaware river, upstream of Trenton NJ during the full moon...)

http://www.researchbuzz.org/wp/2007/04/21/science-information-video-style/

Science Information, Video Style

Thanks to reader KM for pointing me toward VideoLectures.net ( http://videolectures.net/), a collection of over two thousand videos related to science. It’s currently in beta and looks like it covers a variety of topics, from Web technologies to translation tools to math to logic.

... Click on a video and you’ll get a page for the video and a brief description as well as a list of related videos (”The people who watched this video also watched…”) You’ll have the opportunity to leave comments as well. Click on the thumbnail to start the video. Some lectures are set up as a series of videos.

... These are lectures; all the videos I looked at were well at least an hour.



Fun! An Origami simulator?

http://jrc313.com/processing/cloth/index.html

Cloth Simulation

I happened across this rather nice spring physics library for Processing, so I thought I'd try making a simple cloth simulation to see what it was capable of. Turns out it's really easy to use and works exactly as advertised. I think it's time for a little more experimentation.



I'm not fluent, but is this correct?

http://www.bespacific.com/mt/archives/014628.html

April 20, 2007

Election Assistance Commission Provides Spanish Language Glossary of Election Terms

Press release: "The U.S. Election Assistance Commission (EAC) today voted to adopt a glossary that provides a translation of key election terms from English to Spanish and from Spanish to English. The glossary is available at www.eac.gov and EAC will distribute copies to jurisdictions throughout the nation."

Spanish Language Glossary of Election Terms

[Somehow, this seems wrong...

Democrat: demócrata

Republican: mal personificado

...Yes, it's a joke, Bob]

No comments: