Saturday, May 26, 2007

Isolated incident? Or has Visa joined the MasterCard breach? Who is required to disclose the breach? The Restaurants, the processor, Visa or the banks?

http://www.sj-r.com/sections/news/stories/115219.asp

Debit card security breach at restaurant

A number of banks notify customers

By TIM LANDIS BUSINESS EDITOR Published Friday, May 25, 2007

Kyle Donaldson learned the hard way that his debit card account information had been compromised.

When he tried to pay for $20 worth of gasoline at a convenience store this week, "the card had been canceled on me," said the Springfield resident, who eventually paid with a credit card.

Several local bank executives confirmed Thursday that they have alerted customers, and begun issuing new debit cards in some cases, after someone apparently broke into the customer database of a Springfield chain restaurant.

The chain was not identified, but they said the security breach involved Visa debit cards and apparently affected institutions throughout the community. The FBI has been notified.

"What we've been told is that it was a national, chain-type restaurant, but they don't provide us much more information," said Mike Houston, president and CEO of Town & Country Bank of Springfield.

While bank security networks were not compromised, banks are responsible for notifying customers of the outside data breach.

... "This problem is nationwide, it's not just Springfield," she added.


MORE... IHOP named, but now it looks like many sources (which makes me think about the card processors, like in the MasterCard stories that are leaking out.)

http://www.sj-r.com/sections/news/stories/115309.asp

Online security was latest, says restaurant owner

Leak of debit card information may not be limited to one business

By TIM LANDIS BUSINESS EDITOR

Published Saturday, May 26, 2007

Springfield restaurant owner Gene Rupnik was confident his International House of Pancakes had the latest in online security when he opened the business last summer on Dirksen Parkway.

The Springfield restaurant was the source of at least some of the notices sent out by banks in the past week alerting customers that their debit card information had been compromised as the result of a breach at a local chain restaurant.

Law enforcement authorities also are said to be investigating the incident, which may have involved other restaurants or retail outlets, including some outside Springfield.

Rupnik said Friday that the company that handles credit and debit card transactions for his restaurant issued an alert in January that someone had hacked into the network from outside the company - and possibly outside the country.

... Springfield residents Lori and Kevin Fernandez were among those notified by their bank in the past week that her husband's debit card information has been compromised. Lori Fernandez said the letter from Security Bank of Springfield did mention IHOP.

"We would not have known if we had not got that letter," Fernandez said. The couple dined at the restaurant last fall. [Another case of keeping data far too long? Bob]

... Rupnik said he also wasn't sure why it took several months for the alert to reach banks and then customers, though it might be an indication that notices mailed in the past week involved other retailers.

... "I would like to sit here and tell you it couldn't happen again, but we thought it couldn't happen before." [Most honest statement I've seen! Bob]



Not much information, but it is amusing to see that the computer had the breach, not the DoT...

http://www.wral.com/news/local/story/1446009/

DOT Security Breach Affects 25,000 Employees

DOT Security Breach

Posted: May. 25 5:01 p.m. Updated: May. 25 6:28 p.m.

Raleigh — A computer server holding the names and Social Security numbers of about 25,000 North Carolina Department of Transportation employees, contractors and other state employees had a security breach, officials announced Friday.

The breach affects employees who were issued identification badges from 1997 until 2006. Officials have no evidence that the personal information was accessed, according to the DOT.



Wrap-up includes the little ones I skip and some follow-ups

http://www.pogowasright.org/blogs/dissent/?p=404

Data “Dysprotection” Weekend Roundup for Week Ending May 27th (update 3)

Friday May 25th 2007, 5:29 pm



Most interesting... If there is a readily available method to circumvent the “security” it is not “effective security” -- or am I generalizing too much?

http://www.turre.com/blog/?p=102

Finnish court rules CSS protection used in DVDs “ineffective”

May 25th, 2007 by Mikko

Below is the press release we sent and here’s more detailed analysis of the case and its potential implications.

Helsinki May 25, 2007 Turre Legal Free for publication immediately

Finnish court rules CSS protection used in DVDs “ineffective”

In an unanimous decision released today, Helsinki District Court ruled that Content Scrambling System (CSS) used in DVD movies is “ineffective”. The decision is the first in Europe to interpret new copyright law amendments that ban the circumvention of “effective technological measures”. The legislation is based on EU Copyright Directive from 2001. According to both Finnish copyright law and the underlying directive, only such protection measure is effective, “which achieves the protection objective.” [I love it! Bob]

... According to the court, CSS no longer achieves its protection objective. The court relied on two expert witnesses and said that “…since a Norwegian hacker succeeded in circumventing CSS protection used in DVDs in 1999, end-users have been able to get with ease tens of similar circumventing software from the Internet even free of charge. Some operating systems come with this kind of software pre-installed.” Thus, the court concluded that “CSS protection can no longer be held ‘effective’ as defined in law.” All charges were dismissed.

Defendant Mikko Rauhala is happy about the judgment: “It seems that one can apply bad law with common sense, which was unfortunately absent during the preparation of the law” he comments. Defendant’s counsel Mikko Välimäki thinks the judgment can have major implications: “The conclusions of the court can be applied all over Europe since the word ‘effective’ comes directly from the directive”. He continues: “A protection measure is no longer effective, when there is widely available end-user software implementing a circumvention method. My understanding is that this is not technology-dependent. The decision can therefore be applied to Blu-Ray and HD-DVD as well in the future.”

EU Copyright Directive, article 6(3)



What's the big deal? Isn't that what the RIAA wants Internet radio to do?

http://techdirt.com/articles/20070525/124604.shtml

Japan Looks To Allow Compulsory Licenses For Putting TV Content Online

from the one-way-to-do-things dept

Sounds like the entertainment industry may need to rush some lawyers over to Japan. Michael Geist points out that the Japanese government is looking to change copyright laws to allow anyone to repost broadcast TV online without permission -- just as long as they pay a compulsory license fee. The idea is to help promote the distribution of TV content. However, with entertainment companies like Viacom and NBC so focused on "control" over their content, this type of proposal can't make certain entertainment companies very happy -- even if they would get paid for their content every time people help promote it for them.



Ah! So that's why...

http://www.eweek.com/article2/0,1759,2136657,00.asp?kc=EWRSS03119TX1K0000594

Delayed Novell Report Contains MS Patent Agreement Documents

May 25, 2007 By Peter Galli

... The entire 10-K filing can be found here.

The text of the 144 page 10-K filing does not get into the specifics of the Microsoft deal but it does include, subject to some redactions, the full three Microsoft agreement documents: the second amended and restated technical collaboration agreement; the first amended and restated business collaboration agreement; and the patent cooperation agreement.

... In the 10-K filing, Novell says that "the overarching purpose of this partnership [with Microsoft] is to increase the utility, desirability and penetration of Linux by enabling its interoperation with Windows to a mixed environment that is easier to maintain.

... We will continue to be competitors of Microsoft, but it is our goal that through this set of agreements, Microsoft will serve as an important indirect source of channel sales for Novell's Linux sales," the company said.

... But Novell also recognized the potential harmful effects to its business if it lost access to third-party open source technology.




England is always at the cutting edge of “Big Brother-ology” What must the US do to catch up? (We don't have technology this advanced in our prisons!)

http://yro.slashdot.org/article.pl?sid=07/05/25/191253&from=rss

Using RFID and Wi-Fi to Track Students

Posted by Zonk on Friday May 25, @03:55PM from the scurry-little-ants-scurry dept. Privacy Politics Technology

An anonymous reader writes "The BBC reports on a proposal to use RFID and wi-fi to track students wherever they go on campus: 'Battery-powered RFID tags are placed on an asset and they communicate with at least three wireless access points inside the network to triangulate a location.' At The Wireless Event in London, 'Marcus Birkl, head of wireless at Siemens, said location tracking of assets or people was one of the biggest incentives for companies, hospitals and education institutions to roll out wi-fi networks.' The article points out that integration of RFID and wi-fi raises the possibility that RFID can be used for remote surveillance."



Berkeley? THE Berkeley? Maybe that stuff they smoke does rot their brains...

http://www.berkeleydaily.org/text/article.cfm?issue=05-25-07&storyID=27121

BHS to Give Student Data To Military Recruiters

By Riya Bhattacharjee

Berkeley High School administrators informed students this week about a change in board policy that requires all juniors and seniors who do not want their names and addresses released to the U.S. military for recruitment purposes to sign an “opt-out” form.



Well, they started it!

http://digg.com/general_sciences/Creationist_Periodic_Table_of_the_Elements

Creationist Periodic Table of the Elements

The Periodic Table made just for schools in Kansas.

http://richarddawkins.net/article,1171,n,n

[Mirror site: http://www.re-discovery.org/per_table.gif Bob]



Be careful what you ask for... Sure to be a Letterman Top 10

http://hosted.ap.org/dynamic/stories/C/CLINTON_THEME_SONG?SITE=VALYD&SECTION=HOME&TEMPLATE=DEFAULT

Clinton Asks YouTube Users for Song Help

By NATASHA T. METZLER Associated Press Writer May 26, 3:47 AM EDT

WASHINGTON (AP) -- Hillary Rodham Clinton wants YouTube viewers to pick her campaign theme song - and the response, so far, has been music to her ears.

[Okay, I can't resist... “Oops! I did it again” “Sorry!” “Karma Chameleon” Bob]



Would it be too much to hope they try the Koran next?

http://tominthebox.blogspot.com/2007/05/google-buys-out-all-bible-versions.html

Saturday, May 26, 2007

Google Buys Out all Bible Versions, Offers E-Tablet

No comments: