Wednesday, April 18, 2007

So long, and thanks for all the phish!

http://techdirt.com/articles/20070417/092918.shtml

Undisclosed Data Breach Helped Enable Phishing Scam At University

from the how-the-data-gets-used dept

Officials at Indiana University have concluded that a 2006 phishing attack against university members was made possible by an earlier breach of one of the university's main servers. This all came to light when one recipient of a phishing email -- a cybersecurity Ph.D. student -- wondered how an attacker could get his university email address, since he had never given it out to anyone. After requesting documents under the Indiana Public Records Act, the student discovered that the university had previously suffered an undisclosed breach, which is how the attacker obtained his information. This simple story underlines some important points. It shows that breaches aren't harmless; even if the stolen data isn't immediately used for direct fraud, it's likely to be used in other ways down the road. If stolen data can help a phisher do a better job of personalizing an email to make it look more legitimate, then that stolen data has value. The case also demonstrates the importance of disclosure. People whose data is lost need to be aware of it so that they can be on guard for fraud. When we hear about massive losses of data, such as the incidents at the Veterans Administration or TJ Maxx, it's easy to get lost in the staggering numbers and think of it all as an abstraction. But this incident shows, along with others before it, that breaches do have real consequences for the victims.



What liability? The taxpayer is responsible...

http://digg.com/business_finance/MASSIVE_Failure_of_TurboTax_Servers

MASSIVE Failure of TurboTax Servers

Beginning last night and stretching into this evening it is nigh impossible to e-file your taxes using TurboTax 2006. Here are some posting by some irate consumers -- including myself.

http://forums.turbotax.com/intuit/board?board.id=ef06



Do we automatically assume that any computer use involves the Internet? OR, we just think all strangers are up to no good...

http://news.bbc.co.uk/1/hi/england/hereford/worcs/6565079.stm

Two cautioned over wi-fi 'theft'

Two people have been cautioned for using people's wi-fi broadband internet connections without permission.

Neighbours in Redditch, Worcestershire, contacted police on Saturday after seeing a man inside a car using a laptop while parked outside a house. [I would have been more concerned if they had parked inside the house... Bob]

He was arrested and cautioned. A woman was arrested in similar circumstances in the town earlier this month.

... In the earlier incident, a woman was arrested after attracting the attention of neighbours in the early morning.

She had put up cardboard around her car windows but the light from her computer could be seen through the back window.



Perhaps they can learn!

http://slashdot.org/article.pl?sid=07/04/17/2337255&from=rss

Sony Fixes Problems With New DVDs

Posted by kdawson on Wednesday April 18, @04:43AM from the DRM-again dept. Sony Media Movies Entertainment

An anonymous reader writes "Following up on reports that DVDs for some Sony titles were causing problems, Video Business is reporting that Sony has fixed the copy-protection problem on recent DVD releases, and will provide replacement discs to customers. The problem was with the ARccOS DRM system. The company issued the following statement: 'Recently, an update that was installed on approximately 20 titles was found to cause an incompatibility issue with a very small number of DVD players (Sony has received complaints on less than one thousandth of one percent of affected discs shipped)... Since then, the ARccOS system has once again been updated, and there are no longer any playability problems.' Customers can call 800-860-2878 to inquire about replacement discs."



Look for bots that randomly claim content...

http://money.cnn.com/2007/04/17/technology/bc.google.viacom.reut/index.htm?section=money_technology

Google's copyright-protection tool unveiled

World's largest Web search services provider finds a way to protect itself from recent piracy claims from Viacom as well as future allegations.

April 17 2007: 4:53 PM EDT

SAN FRANCISCO (Reuters) -- Google is ready to introduce a copyright protection tool that helps media owners to automatically report acts of piracy on its YouTube video site, Chief Executive Eric Schmidt said Tuesday.

Schmidt said the new tool, known as "Claim Your Content," could resolve accusations that the world's largest provider of Web search services is tolerating piracy by consumers to share video on its YouTube site.

That complaint is featured in a high profile lawsuit filed last month by media conglomerate Viacom that seeks more than $1 billion in damages from Google for alleged violations of the Digital Millennium Copyright Act (DMCA).

"As that product rolls out, the issue becomes moot," Schmidt said in response to questions from an interviewer's question about how the tool might affect the suit. "We are automating that process to claim that content."



Your employees may elect to use this without consulting you – after all, the features they want to use don't include security.

http://www.infoworld.com/article/07/04/17/HNgooglecalendardata_1.html?source=rss&url=http://www.infoworld.com/article/07/04/17/HNgooglecalendardata_1.html

Corporate data slips out via Google calendar

The search function of the Web-based app can be used to find sensitive business data that has not been properly made private [Opt-in security Bob]

By Robert McMillan, IDG News Service April 17, 2007

It's not clear what gets discussed during McKinsey & Co.'s weekly internal communication meeting, but the dial-in number and passcode for the event can be easily found by searching with Google.

... Google Calendar gives users the choice of keeping calendar entries private or publishing them for the world to see, but some Google Calendar users appear to be sharing their calendar information without realizing it.

... Further searching revealed that quite a few corporate calendars can be found on Google Calendar, yielding such tidbits as the date and time of vendor meetings and names of projects in the works. Dial-in information could also be seen Tuesday on other calendars for calls on topics like "Deloitte's V2 Status Meeting- Updated" and "Compliance Overview."

... "This is pretty much exactly the kind of recon necessary to start doing industrial espionage," wrote Robert Hansen, the CEO of Sectheory.com, when he first blogged about this issue on Tuesday. "Weekly meetings that discuss key internal information? Not looking good. Sometimes you see major leaks in the least likely places."

This kind of data leakage is a growing problem for corporations, whose employees are adopting a new generation of Web-based productivity tools without necessarily understanding the security implications, said Marv Goldschmitt, vice president of business development with data auditing appliance vendor Tizor Systems.



Hey, they're my employees. I should be able to use any tool to protect them!

http://www.technewsworld.com/rsstory/56945.html

The Mushrooming Menace of Keyloggers

By Andrew K. Burger TechNewsWorld 04/18/07 4:00 AM PT

"Most modern keyloggers are considered to be legitimate software or hardware and are sold on the open market. However, there is an ethical boundary between justified monitoring and monitoring for the purpose of stealing confidential user information -- a boundary marked by a very fine line," said Nikolay Grebennikov, deputy director of Kaspersky Lab's R&D department.



Interesting...

http://www.bespacific.com/mt/archives/014580.html

April 16, 2007

Law Review Article on First Amendment as Criminal Procedure

Solove, Daniel J., The First Amendment as Criminal Procedure. New York University Law Review, Vol. 82, p. 112, 2007.

  • "This Article explores the relationship between the First Amendment and criminal procedure. These two domains of constitutional law have long existed as separate worlds, rarely interacting with each other despite the fact that many instances of government information gathering can implicate First Amendment freedoms of speech, association, and religion. The Fourth and Fifth Amendments used to provide considerable protection for First Amendment interests, as in the famous 1886 case Boyd v. United States, in which the Supreme Court held that the government was prohibited from seizing a person's private papers. Over time, however, Fourth and Fifth Amendment protection has shifted, and countless searches and seizures involving people's private papers, the books they read, the websites they surf, and the pen names they use when writing anonymously now fall completely outside the protection of constitutional criminal procedure. Professor Solove argues that the First Amendment should protect against government information gathering that implicates First Amendment interests. He contends that there are doctrinal, historical, and normative justifications for developing what he calls "First Amendment criminal procedure." Solove sets forth an approach for determining when certain instances of government information gathering fall within the regulatory domain of the First Amendment and what level of protection the First Amendment should provide."



One or two look useful.

http://www.bespacific.com/mt/archives/014584.html

April 17, 2007

Gadgets Presentation from 2007 Computers in Libraries Conference

On April 16, 2007 Barbara Fullerton, Manager, Librarian Relations, 10-K Wizard, Sabrina Pacifici, Editor & Publisher, LLRX.com and beSpacific.com and Aaron Schmidt, Director, North Plains Public Library, presented their always popular round-robin Gadgets presentation at Computers in Libraries 2007.



Not sure I get it. Must be a legal thing.

http://www.law.com/jsp/article.jsp?id=1176455064218

'Dear Abby' Law Firm Blogs a No-No, Insurance Carrier Says

Lisa Brennan New Jersey Law Journal April 17, 2007

One of the largest carriers of lawyers' professional liability insurance has set out guidelines for law firms that want to get into the business of blogging, without hurting their insurability.

In brief, it's fine to post bulletins on Web logs but not to answer questions that could be construed as seeking advice, the Chubb Group of Insurance Companies said in an April 4 statement.

... The company said that informational blogs -- which are essentially news -- "pose a minimal level of risk from Chubb's underwriting perspective," but that advisory blogs -- such as those in question-and-answer format -- potentially establish attorney-client relationships that can lead to malpractice suits.

No comments: