Saturday, June 30, 2007

Another case where the organization states that (between the time they detected the problem and this announcement) they have instituted changes to prevent this from happening. (I hope they mean they will call the cops quicker, too.) Makes you wonder what they were thinking in the years before this happened...

http://www.pogowasright.org/article.php?story=20070629063355699

Hard Drive With Shands Patients' Info Stolen

Friday, June 29 2007 @ 06:33 AM CDT Contributed by: PrivacyNews News Section: Breaches

JACKSONVILLE, Fla.

... The computer was used by medical residents and contained the medical and personal history of 956 patients. Channel 4 obtained a police report, which states the computer was stolen May 30. However, police were not told about the incident until June 6 -- seven days after the alleged theft.

According to the police report, a hard drive was missing and later determined to be stolen. No report was made initially, however, the report goes on to say, it was learned there was patient information and then police response was requested. Police said there was no way to investigate because there was such a delay in reporting the incident.

Source - News4Jax



If you thought delaying a week was bad...

http://www.statejournal.com/story.cfm?func=viewstory&storyid=25748

Stolen Computers Leave Harrison County School Workers at Risk for ID Theft.

Posted Thursday, June 28, 2007 ; 05:20 PM Updated Thursday, June 28, 2007 ; 05:21 PM

The computers were stolen from a risk management firm in Charleston last February.

CHARLESTON -- Someone has stolen several computers that contained the personal information, including social security numbers, of several Harrison County school employees.

The Attorney General's Office said the thefts happened last February at MSI Risk Management in Charleston, which handles workers comp claims for the school board.

MSI recently notified the Harrison County School Board that the computers had been stolen.



But to really screw up...

http://www.pogowasright.org/article.php?story=20070629163333420

(follow-up) Report criticizes VA data security

Friday, June 29 2007 @ 04:33 PM CDT Contributed by: PrivacyNews News Section: Breaches

An Alabama VA hospital that lost sensitive data on more than 1.5 million people in January repeatedly failed to follow privacy regulations leading up to the incident, according to an internal report.

The employee directly responsible for the data initially lied to investigators and deleted files from his computer in an effort to hide the magnitude of the problem, the VA's inspector general wrote. [Question for my “Intro to Management” students: How do you prevent this? Bob]

Source - Business Week

Related - Birmingham News: VA releases inspector's report on missing hard drive
Related - Dept. of Veterans Affairs OIG Report (pdf)



How does your organization measure up? (Can you do better than the government?) Might be the basis for a “Guidelines” paper – which I think is sorely needed.

http://www.bespacific.com/mt/archives/015320.html

June 29, 2007

DHS Privacy Policy Guidance- Safeguarding Policies and Procedures for Personnel-Related Data

DHS Action Memorandum Review of Safeguarding Policies and Procedures for Personnel-Related Data, June 13, 2007 with attachments. (PDF, 10 pages)

  • Attachment 1: Review of Personnel-Related Data Policies and Procedures and Self-Assessment (PDF, 13 pages)

  • Attachment 2: Protecting & Handling Personnel-Related Data – Quick Reference Guide (PDF, 2 pages)
    Attachment 3: Verification and Confirmation Memorandum Templates (Self-Assessment and Training Certifications), (PDF, 2 pages)

  • Attachment 4: DHS Employee Communication from Scott Charbo and Maureen Cooney regarding Data Security and Privacy, June 8, 2006 (PDF, 2 pages)

  • Attachment 5: DHS Deputy Secretary Memo, April 26, 2007 regarding Advance Notice to Leadership on Unintentional Release of Privacy Act Protected Information

  • Attachment 6: OMB Memorandum 07-16, Safeguarding Against and Responding to the Breach of Personally Identifiable Information, May 22, 2007 (PDF, 22 pages)



From the Terrorist Training Manual: After a while, they get bored and revert to acting like a bureaucracy...

http://www.bespacific.com/mt/archives/015321.html

June 29, 2007

DOD IG Memo on Threat and Local Observation Notice (TALON) Report Program

Report Number 07-INTEL-09 The Threat and Local Observation Notice (TALON) Report Program (U) (56 pages, PDF)



Good news, bad news Bad News: CEOs are notorious for not understanding technology risks and a high proportion could fall for this. Good news: Most CEOs never see their e-mail. They “have people for that.”

http://www.eweek.com/article2/0,1759,2152780,00.asp

MessageLabs Reports Rise in Targeted E-Mail Attacks

June 29, 2007 By Brian Prince

Cyber-thieves have set their sights on C-level executives with sophisticated social-engineering techniques designed to steal data, according to security researchers at MessageLabs.

In its monthly report, MessageLabs recorded a sudden spike in the number of targeted attacks June 26, intercepting some 500 attacks that used e-mails with Microsoft Word document attachments containing malicious code.

... In the case of the blast of 500 e-mails June 26, the attacks were so precise that the name and job title of the recipient were included in the subject line. Roughly 30 percent of the e-mails targeted CIOs, while CEOs and presidents were targeted about 11 percent and 9 percent of the time, respectively.

In the report, MessageLabs officials stated researchers also uncovered e-mails where the recipients were relatives of the actual target. For example, an e-mail would be sent to the spouse of the CEO.

"The intent is to compromise the family computer and indirectly gain access to confidential correspondence and intellectual property relating to the target," according to the report.



Wow! The propaganda channel! Why haven't we done this?

http://www.infoworld.com/article/07/06/29/YouTube-to-create-EUtube_1.html?source=rss&url=http://www.infoworld.com/article/07/06/29/YouTube-to-create-EUtube_1.html

EU turns to YouTube to create EUtube

EC plans to disseminate information and explain policy to its citizens through a new video-sharing channel

By Peter Sayer, IDG News Service June 29, 2007

The European Commission is turning to video-sharing Web site YouTube.com to disseminate information about the workings of the European Union to its citizens, through a new channel on the site called EUtube, it announced Friday.

The EUtube channel bears the tagline "Sharing the sights and sounds of Europe." At launch, the showcased video was a 40-second animated cartoon entitled "Everyone Can Save The Planet." Other featured videos include a series entitled "And if Europe didn't exist..." and a documentary on the troubled Galileo project to build a European satellite navigation system.

... It will help YouTube users learn more about the workings of the E.U.'s institutions, by leading them to information they weren't necessarily looking for. [and distracting them from the information they need... Bob]

... Setting up the channel has not cost the E.U. anything, Dowgielewicz said.



Oh look! Free advertising for (whatever he is calling himself this week)

http://techdirt.com/articles/20070629/163147.shtml

Music Retailers Flip Out That Prince Wants To Give Away His Music

from the it's-madness! dept

For years, some have been saying that the real problem holding back the music industry from embracing digital distribution hasn't been the record labels so much as the record stores. In fact, in the Rolling Stone article about the suicide of the recording industry, one of the key stumbling blocks was that the music retailers threatened the record labels if they embraced digital distribution such as Napster. So, it shouldn't come as much of a surprise that music retailers are spitting mad over Prince's plans to give away his latest album. Prince has actually been on the cutting edge of new music business and distribution models for many years, so this doesn't come as much of a surprise. What's interesting, is that he's actually linking two troubled industries: recording and newspapers in a way that helps both. His latest CD will be available for free with a newspaper in the UK -- and the newspaper is thrilled because it's going to seriously increase circulation for that week. This is a perfectly reasonable idea: it adds value to the newspaper and makes it a more worthwhile purchase, while at the same time getting Prince a lot of attention and many more people hearing his latest works (which opens up many more opportunities for him to make more money through concerts, back catalog, merchandise, appearances, sponsorships, etc.).

However, the music retailers are freaking out that someone else might distribute music instead of them. Apparently they haven't been paying much attention to all that online distribution of music that goes on these days and the fact that the business model of the traditional record shop is pretty much dead and buried. Instead, they blame Prince for actually getting more fans to hear his music. "It would be an insult to all those record stores who have supported Prince throughout his career," claimed one. Another said: "The Artist Formerly Known as Prince should know that with behaviour like this he will soon be the Artist Formerly Available in Record Stores." Of course, that's the funniest one, since it's pretty clear that Prince has already realized he's better off without the record stores. Then there's the head of HMV: "I think it would be absolutely nuts. I can't believe the music industry would do it to itself. I simply can't believe it would happen; it would be absolute madness." Basically, what you're reading here is an industry in complete and total denial over the fact that their service (delivering plastic discs to willing buyers) is a business model that's increasingly obsolete.



I (heart) NY! But I don't have any pictures to show you... (Comments are worth browsing...)

http://yro.slashdot.org/article.pl?sid=07/06/30/0644201&from=rss

Permit May Be Required For Public Photography in NYC

Posted by Zonk on Saturday June 30, @07:04AM from the land-of-the-free dept.

G4Cube passed us a link to a New York Times article about a troubling development in public photography rights. New York City is considering requiring a permit for photographers, film-makers, and even possibly tourists who want to shoot imagery in the Big Apple. "New rules being considered by the Mayor's Office of Film, Theater and Broadcasting would require any group of two or more people who want to use a camera in a single public location for more than a half hour to get a city permit and insurance. The same requirements would apply to any group of five or more people who plan to use a tripod in a public location for more than 10 minutes, including the time it takes to set up the equipment. Julianne Cho, assistant commissioner of the film office, said the rules were not intended to apply to families on vacation or amateur filmmakers or photographers. Nevertheless, the New York Civil Liberties Union says the proposed rules, as strictly interpreted, could have that effect. The group also warns that the rules set the stage for selective and perhaps discriminatory enforcement by police."



No more “Take my car... Please” Note that the government is paying for this...

http://it.slashdot.org/article.pl?sid=07/06/30/0617245&from=rss

Winnipeg Demands Immobilizers on High-Risk Cars

Posted by Zonk on Saturday June 30, @02:23AM from the tough-claims-agent dept.

mytrip writes with a Reuters article about a new, unusual insurance requirement for drivers in Winnipeg, Manitoba. Apparently Winnipeg is one of the worst cities in Canada for auto thefts. New and 'high-risk' cars will now be required to install an electronic immobilizers in order to qualify for car insurance. "Chomiak said cars are stolen twice as often in Winnipeg as in other Manitoba cities, while a 2005 report from Statistics Canada said the city had a higher per-capita car theft rate than larger cities like Vancouver, Montreal and Toronto. The province, where cars are insured through Manitoba Public Insurance, will fork over C$15 million ($14 million) so that owners without immobilizers can have them installed."



Just an interesting quote. Perhaps this is the future of my “ubiquitous surveillance” rant?

http://www.pbs.org/cringely/pulpit/2007/pulpit_20070629_002360.html

June 29, 2007

An AIR of Invisibility: Adobe has Microsoft in its sights

Al Mandel, who helped market the original LaserWriter at Apple and later had several high-level positions at AOL, used to say, "The step after ubiquity is invisibility," by which he meant that once a technology had reached the point where everyone had it, then people simply forgot about it and from then on assumed it would be there. Invisibility is a good thing because it means there will always be a market for your product. Invisibility is a high-tech annuity.



Wasn't this obvious?

http://hbswk.hbs.edu/item/5722.html

First Look

June 29, 2007

How does a commercial firm compete with a free open-source product? A study by Harvard Business School's Deishin Lee and Stanford professor Haim Mendelson examines several angles: the motivations of developers, benefits to consumers, and effects on first-mover advantage. As they found, "if the open-source product is available first, all participants are better off when the commercial and open-source products are compatible." The resulting article, "Divide and Conquer: Competing with Free Technology under Network Effects," is described in a forthcoming issue of Production and Operations Management Journal.



Free is good! Note GIMP works under Windows too

http://www.maximumpc.com/article/bring_out_the_gimp_part_1_gimp_basics

Bring Out the GIMP Part 1: GIMP Basics

Posted 06/29/07 at 11:26:13AM | by Robert Strohmeyer

No matter which Linux distro you run, chances are it came with a magnificent little image editor called GIMP (GNU Image Manipulation Program). Unlike Paint and other free-with-your-OS image editors, GIMP is a full featured graphics app with a broad range of capabilities that rival those os Adobe Photoshop. (Note: GIMP does lack many features of its $749 rival, but it has the distinct advantage of costing absolutely nothing.) In this, our first of several posts about this powerful Linux app, we'll give you a quick-and-dirty intro to GIMP's most basic features. Note that there are multiple ways to accomplish these basic tasks in GIMP, but these methods require the fewest steps. In later tutorials, we'll show you more advanced (and more efficient) image editing techniques.

No comments: