Friday, May 11, 2007

Perhaps the TJX hackers have moved to Sweden? (Perhaps the Swedes just read the hacker manual/Wall Street Journal article?)

http://www.thelocal.se/7245/20070509/

Fraudsters hijack SEB credit cards

Published: 9th May 2007 08:10 CET

Credit and debit card numbers belonging to at least 10,000 SEB customers could have been hijacked by fraudsters, the bank has admitted.

"Other banks are hit by this too," bank spokeswoman Kerstin Ottosson said.

Eurocard announced on Tuesday that 1,000 customers were hit by a similar fraud attempt.

SEB received the first indications that something was amiss about ten days ago. The bank says that hackers broke into a national computer system handling card payments for shops, hotels and other retailers.

Ottosson said that card information should never be stored by payment systems, but said in this case it had been.

"That's a criminal act, pure and simple," she said. [It's a crime in Sweden? Bob]



Question for my computer forensic associates: How did they know the computers on e-bay were theirs?

http://www.democratandchronicle.com/apps/pbcs.dll/article?AID=/20070510/NEWS01/70510012/1002/NEWS

Hospital computers stolen, sold on eBay

(May 10, 2007) — Highland Hospital officials and police say they believe patient information contained on a stolen computer is safe, after the computer was erased and sold over eBay.

Two laptop computers were stolen from a Highland Hospital business office at 175 Corporate Woods Boulevard on April 13. One of those computers contained information on 13,000 former patients, including Social Security numbers.

... Because of the nature of the crime, it’s believed the thieves were out to make a quick profit, [News flash: selling the information required for Identity Theft is profitable! (and it takes less time to copy the files than to pack the computers for shipping.) Bob] and not use the patient information for other means, according to hospital officials.

The computers were sold and shipped to Lakeland, Fla. and Calexico, Calif. The computer from Lakeland has been recovered.

... Highland said it is investing $200,000 to install encryption software on 2,000 computer devices by Aug. 1.



It could have been one laptop or one CD. (No one noticed the trucks backed up to the door?)

http://www.ocregister.com/ocregister/homepage/abox/article_1690870.php

Personal data missing from UCI Medical Center

Police are investigating the disappearance of medical files that contained personal histories and social security numbers for about 300 patients.

By BLYTHE BERNHARD The Orange County Register Friday, May 11, 2007

Police are investigating the disappearance of medical files containing personal information for nearly 300 patients from UCI Medical Center, university officials said Thursday.

About 1,600 file boxes stored in an off-site university warehouse were discovered missing [so that's 1600/300 = 5.33 boxes per patient? I can see why they want to keep their records digitally... Bob] in the last two months. The files are generally held in storage for seven years according to state law prior to being destroyed, officials said.

The missing boxes represent about 2 percent [1600/.02 = 80,000 boxes (15,000 patients) Bob] of the hospital's records stored at the facility.

... University police were notified March 6 when the first boxes were discovered missing.

... 287 patients whose identifying information was contained in the boxes were sent letters on Monday notifying them of the situation.

... The hospital has used the storage facility for more than 12 years, officials said. The remaining documents will be moved to an outside company that specializes in document security.



No indication of numbers, but another case of “lost luggage.” If the feds are keeping our medical records, the least they could do is receive them electronically. Even the White House uses email!

http://wkrn.com/node/94405#top

[May 9, 2007, 8:18 pm]

"HCA Information Lost"

Some Mid-State hospital patients are learning their personal information was lost in the mail.

Hospital Corporation of America, HCA, sent out a letter to inform Summit Medical Center patients about the problem.

The Hermitage hospital sent a compact disc with names and social security numbers of people treated in 2006 to federal record keepers but the disc never arrived.

UPS tracked the disc to the Nashville distribution center but can't find it.



Will we be required to do this?

http://www.thestate.com/426/story/60829.html

No more secrets in the city

Now you can track your neighbors’ violations on the Web, how they’re being addressed

By GINA SMITHgnsmith@thestate.com Posted on Fri, May. 11, 2007

Oh sure, you can peek out from behind your curtains and spy on your neighbors.

But the city of Columbia is now offering a way-cooler, technology-driven method of snooping.

Log on to the city’s Development Services Department Web site to find out which of your neighbors failed to bring in their roll carts this week, whose cars are illegally parked in their yards and whether Mr. Smith is in trouble for his weed-filled, overgrown yard.

Street maps of all of the city’s neighborhoods can be found on the Web site along with:

A table that lists addresses where violations have occurred, the type of violation and the status of each case

Dates when the violation was reported and when the city will next review the case. A “review” could simply be a check back by a code officer to see if the problem has been resolved. Or it could mean a car will be towed or a citation issued.

The name and phone number of your neighborhood’s code enforcement, housing, and zoning inspectors. Call them if you have any questions about violations.

The Web site will be updated approximately every 60 days, according to the city.

This is a giant step forward for people who want to know what’s going on in their neighborhood,” said Marc Mylott, the city’s director of development services.

... For the record, we checked. None of the seven City Council members have violations at their home addresses. [Perhaps an updated admonition, like that given to Caesar's wife would be in order? Bob]



This is one hack I was certain was coming. The potential for damage is HUGE!

http://www.infoworld.com/article/07/05/10/hackers-hijack-Windows-Update-downloader_1.html?source=rss&url=http://www.infoworld.com/article/07/05/10/hackers-hijack-Windows-Update-downloader_1.html

Hackers hijack Windows Update's downloader

Component of Windows XP, Server 2003, and Vista bypasses firewalls, could be used to pass malicious code downloads to PC

By Gregg Keizer, Computerworld May 10, 2007

Hackers are using Windows Updates' file transfer component to sneak malicious code downloads past firewalls, Symantec researchers said Thursday.

The Background Intelligent Transfer Service (BITS) is used by Microsoft's operating systems to deliver patches via Windows Update. BITS, which debuted in Windows XP and is baked into Windows Server 2003 and Windows Vista, is an asynchronous file transfer service with automatic throttling -- so downloads don't impact other network chores. It automatically resumes if the connection is broken.

"It's a very nice component and if you consider that it supports HTTP and can be programmed via COM API, it's the perfect tool to make Windows download anything you want," said Elia Florio, a researcher with Symantec's security response team, on the group's blog. "Unfortunately, this can also include malicious files."

Florio outlined why some Trojan makers have started to call on BITS to download add-on code to an already compromised computer. "For one simple reason: BITS is part of the operating system, so it's trusted and bypasses the local firewall while downloading files."

... Although BITS powers the downloads delivered by Microsoft's Windows Update service, Friedrichs reassured users that there was no risk to the service itself. "There's no evidence to suspect that Windows Update can be compromised. If it has a weakness, someone would have found it by now. [but not necessarily told Microsoft about it. Bob]

... Florio noted that there's no way to block hackers from using BITS. "It's not easy to check what BITS should download and not download," he said, and then gave Microsoft some advice. "Probably the BITS interface should be designed to be accessible only with a higher level of privilege, or the download jobs created with BITS should be restricted to only trusted URLs."



You need to “sign in” but no PII required. I wonder if law schools will have to add a “technology for lawyers” class?

http://www.bespacific.com/mt/archives/014841.html

May 10, 2007

Seventh Circuit Practitioner's Handbook Posted on Judicary Wiki

The Wiki of The United States Court of Appeals for the Seventh Circuit provides Electronic Access to Seventh Circuit Case Information, Rules, Procedures and Opinions. This is the first public wiki launched by the federal judiciary. According to Chief Judge Frank Easterbrook, who spearheaded the wiki project, and reported by the National Law Journal, "The wiki will welcome comments from lawyers across the nation because issues of federal practice, especially in the appellate courts, are common ones..."



Kinda like pretexting, but apparently not. (Isn't there an implied attorney-client relationship?)

http://www.topix.net/news/privacy/2007/05/murder-verdict-upheld-despite-dna-trick

Murder Verdict Upheld Despite DNA Trick

Police didn't violate any privacy laws when they posed as lawyers to get a man's DNA sample from an envelope he licked, the state Supreme Court ruled Thursday, upholding the man's murder conviction.

John Athan was sentenced to at least 10 years in prison for the 2004 Seattle killing of a 13-year-old girl in 1982, when Athan was 14.

Police suspected him at the time but lacked the evidence to arrest him, and the case went unsolved for two decades. In 2003, police sent Athan a letter on the stationery of a fictitious law firm, asking if they could represent him in a class-action lawsuit. Read more



Our world, she is a changin' (Remember, the goal is to generate cheap content.)

http://hosted.ap.org/dynamic/stories/O/OUTSOURCING_THE_NEWS?SITE=VALYD&SECTION=HOME&TEMPLATE=DEFAULT

Calif. Web Site Outsources Reporting

By JUSTIN PRITCHARD Associated Press Writer May 11, 12:08 AM EDT

PASADENA, Calif. (AP) -- The job posting was a head-scratcher: "We seek a newspaper journalist based in India to report on the city government and political scene of Pasadena, California, USA."

... James Macpherson, editor and publisher of the two-year-old Web site pasadenanow.com, acknowledged it sounds strange to have journalists in India cover news in this wealthy city just outside Los Angeles.

But he said it can be done from afar now that weekly Pasadena City Council meetings can be watched over the Internet. And he said the idea makes business sense because of India's lower labor costs.

... This is not the first time media jobs have been shipped to India.

The British news agency Reuters runs an operation in the technology capital of Bangalore that churns out Wall Street stories based on news releases.

... Macpherson posted the help-wanted ad Monday on the Indian edition of craigslist.org. Within days, he said, he had hired two Indian reporters, one a graduate of the journalism school at the University of California at Berkeley.

... On the Net:

The news site: http://www.pasadenanow.com

The ad: http://bangalore.craigslist.org/wri/325542906.html


Ditto?

http://www.macworld.co.uk/news/index.cfm?RSS&newsID=17988

Disney sells 24 million TV shows through iTunes Store

Latest Disney results confirm steady iTunes media sales

Jonny Evans Thursday, 10 May 2007

Walt Disney this week confirmed it continues to enjoy strong sales of its television shows and films through iTunes.

Company CEO Bob Iger confirmed the company to have sold 23.7 million episodes of its television shows and an additional two million films through Apple's media service.

In November 2006, Iger confirmed Disney to have sold 500,000 films and 12 million television show episodes since such content reached iTunes. Disney hit 1.3 million films sold in February.

... Iger also confirmed Disney to be satisfied with iTunes prices – the company makes as much from an online sale as it does from a physical one, he explained.



We're the government. We can do (or not do) anything we want!” (What would this do to admissibility of evidence?)

http://www.upi.com/Security_Terrorism/Analysis/2007/05/10/analysis_airlines_buck_fingerprint_plan/1885/

Analysis: Airlines buck fingerprint plan

RSS Feed - Security & Terrorism – Analysis Published: May. 10, 2007 at 5:06 PM

By SHAUN WATERMAN UPI Homeland and National Security Editor

WASHINGTON, May. 10 (UPI) -- U.S. air carriers have angrily rejected Homeland Security Department plans to make their staff collect fingerprints from foreign visitors leaving the United States, writing to the White House in what executives say is an effort to squash the proposal.

The department "has decided, without consultation with the airline industry, to relieve itself of the responsibility of collecting biometric information upon departure and, instead, to direct airlines to do so," James C. May, president of the Air Transport Association, wrote to President Bush's homeland security adviser, Fran Townsend, Tuesday.



Too cool. Think of the possibilities!

http://www.evilmadscientist.com/article.php/candyfab

Solid freeform fabrication: DIY, on the cheap, and made of pure sugar

In February we gave a sneak preview of our project to construct a home-built three dimensional fabricator. Our design goals were (1) a low cost design leveraging recycled components (2) large printable volume emphasized over high resolution, and (3) ability to use low-cost printing media including granulated sugar. We are extremely pleased to be able to report that it has been a success: Our three dimensional fabricator is now fully operational and we have used it to print several large, low-resolution, objects out of pure sugar.



I am shocked! What happened to the First Amendment right to embarrass/blackmail your congressman?

http://www.washingtonpost.com/wp-dyn/content/article/2007/05/10/AR2007051001450_pf.html

Judge Orders Lid On Phone Records

Release Likened to Witness Intimidation [That too! Bob]

By Carol D. Leonnig Washington Post Staff Writer Friday, May 11, 2007; B03

Deborah Jeane Palfrey, the woman accused of being the D.C. madam, can't release any more phone records that would reveal patrons of her Washington escort service, a federal judge said yesterday.

No comments: