“Oh yeah, we log all that stuff, but we never look at the logs.” Step One: Turn on your logs, Step Two: LOOK AT THEM!

http://www.pogowasright.org/article.php?story=20070922083614736

NH: PSU discovers 2006 security leak

Saturday, September 22 2007 @ 08:36 AM EDT Contributed by: PrivacyNews News Section: Breaches

Plymouth State University information technology officials uncovered evidence that hackers infiltrated the university's Web servers more than a year ago.

University officials say no private information, including student, employee, or alumni records, was accessed or compromised, and the program has been removed.

According to university officials, system logs indicate that a malicious program was posted in a PSU Web application. The program affected Web page content and directed users and Web traffic to an international website promoting the sale of software.

Source - Citizen.com

Related: (Step Two is hereby ammended to read “Look at them immediately!”) Is 10 years a new record? Let's call Guinness and find out. (Will Data Spillers need to buy 10 years worth of credit reporting?)

http://www.pogowasright.org/article.php?story=20070922235359293

TX: Teachers could be ID theft victims

Saturday, September 22 2007 @ 11:53 PM EDT Contributed by: PrivacyNews News Section: Breaches

A 1997 Houston ISD security glitch could be linked to the theft of a Brazosport ISD employee’s identity.

The Houston school district’s records apparently were compromised in October 1997, and Brazoria County Sheriff’s Office investigators are looking into the theft of a Brazosport ISD employee’s identity. The employee is going through the considerable effort to repair their credit after being the victim of such activity, investigator Jimmy Miller said.

... “The only known instance of ID theft involving use of HISD employees’ personal information was investigated in 2006 and resulted in the arrest of three individuals,” Moore said. “This investigation has been closed and we are not aware of any other HISD employees affected by this incident.”

But Miller said a Brazoria County Sheriff’s Office investigation shows a connection to the Houston ISD theft. Whoever entered the Houston database apparently sold information which includes Social Security numbers, phone numbers and addresses.

Source - TheFacts.com

[From the article: “If anyone has applied to or worked for HISD since 1997, their ID was compromised,” Miller said. “Teachers need to protect their identities.”

ANOTHER state impacted by the Ohio backup theft. What is going on here? Suggestion was that the contractor brought all this data with them when they set up a database. Not sure I believe that. Testing with live data is not a Best Practice, and moving one client's data to another client's system is clearly a Worst Practice.

http://www.pogowasright.org/article.php?story=2007092208372731

(update, OH): Minnesota workers had information on stolen backup tape

Saturday, September 22 2007 @ 08:37 AM EDT Contributed by: PrivacyNews News Section: Breaches

Officials in Ramsey County, Minnesota, had a strange and unpleasant task yesterday.

They had to inform 584 county workers that their Social Security numbers were on a backup computer tape that had been stolen from a state intern's car in Ohio this summer.

"Certainly, there are a lot of questions about how this theft occurred and how this could happen," county Manager David J. Twa said.

Along with sensitive data for Ohio and Connecticut residents that previously was known to be on the tape, it was disclosed yesterday that the tape also had personal information for the Minnesota county workers and two employees of the Federal Deposit Insurance Corporation.

... It appears that the consulting firm Accenture did computer projects for those states and the FDIC and brought the out-of-state data to Ohio when it worked on Ohio's new payroll and accounting system.

Source - Columbus Dispatch

Is this the best we can do? (Somewhere there is a good paper waiting to be written...)

http://www.webpronews.com/blogtalk/2007/09/21/whats-a-good-privacy-policy

What's a Good Privacy Policy?

Submitted by Mike Moran on Fri, 09/21/2007 - 14:44.

I wrote a few days ago about privacy policies and got several people asking, "So who has a good privacy policy? Well, lots of companies have good privacy policies, but I think what people really want to know is "Who has made their privacy policy a marketing asset?" That narrows the field considerably.

... So I decided to get help—I went to the Electronic Frontier Foiundation's Web site to see whether they made any recommendations, and found this endorsement of BillMonk's privacy policy.

Related: Outcome creep

http://www.pogowasright.org/article.php?story=200709230007145

EPIC Testifies Before DHS Privacy Advisory Panel on Fusion Centers

Sunday, September 23 2007 @ 12:07 AM EDT Contributed by: PrivacyNews News Section: Fed. Govt.

The Data Privacy and Integrity Advisory Committee of the Department of Homeland Security held a series of panel discussions on the topic of "information fusion centers." EPIC's statement to the committee made specific recommendations on the need to create accountability, oversight, and greater transparency on the work of fusion centers. So far DHS has awarded over $380 million in grants to local and state law enforcement to build 43 of the planned 70 interconnected computer networks. The domestic surveillance project is compiling, analyzing, and disseminating detailed personal information for intelligence and other purposes. DHS says it wants to use fusion centers to prevent terrorism, but local and state police want the centers to support their efforts to anticipate, identify, prevent, and/or monitor crime.

Source - EPIC's statement (pdf)

Related: It's not the information (trivial) it's the fact the it's being published in Popular Mechanics! Is this the place to look for a Least Common Denominator? (“Your Honor, Everyone knows that. As proof I submit this article from Popular Mechanics...”)

http://www.pogowasright.org/article.php?story=20070922083939450

Is Your Boss Spying on You? Inside New Workplace Surveillance

Saturday, September 22 2007 @ 08:39 AM EDT Contributed by: PrivacyNews News Section: Workplace Privacy

More stealthy and prevalent than ever before, corporate security software is monitoring your every move inside and out of the office, whether it’s with your corporate computer, e-mail, phone or BlackBerry. As PM’s senior technology editor reports in his biweekly trends column, your employer has more powerful tools to watch over you than the cops—and there’s nothing you can do about it.

Source - Popular Mechanics

Related. This isn't all, but it is a start

http://www.netforlawyers.com/lacba_privacy_article.htm

Protecting Your Privacy on the Internet

Carole Levitt J.D., M.L.S. & Mark Rosch

How many of these will they face and when will their evil overlords call it quits?

http://yro.slashdot.org/article.pl?sid=07/09/23/0823201&from=rss

New Attorneys Fee Decision Against RIAA

Posted by Zonk on Sunday September 23, @04:20AM from the maybe-you-should-reconsider-your-strategy dept. The Courts Businesses Music The Internet

NewYorkCountryLawyer writes "The RIAA has gotten slammed again, this time in Oregon, as the Magistrate Judge in Atlantic v. Andersen has ruled that Tanya Andersen's motion for attorneys fees should be granted. The Magistrate, in his 15-page decision, noted that, despite extensive pretrial discovery proceedings, 'when plaintiffs dismissed their claims in June 2007, they apparently had no more material evidence to support their claims than they did when they first contacted defendant in February 2005.....' and concluded that 'Copyright holders generally, and these plaintiffs specifically, should be deterred from prosecuting infringement claims as plaintiffs did in this case.' This is the same case in which (a) the RIAA insisted on interrogating Ms. Andersen's 10-year-old girl at a face-to-face deposition, (b) the defendant filed RICO counterclaims against the record companies, and (c) the defendant recently converted her RICO case into a class action"

Should take a few years to settle in. (The comments are amusing)

http://yro.slashdot.org/article.pl?sid=07/09/22/0340219&from=rss

NSA Tasked With 'Policing' Government Networks

Posted by Zonk on Saturday September 22, @05:19AM from the grid-overwatch-division dept. The Internet Privacy United States Politics

Novus Ordo Seclorum writes "The NSA has a new assignment. No longer merely responsible for signals intelligence, the NSA now has the task of defending against cyber attacks on government and private networks. 'The plan calls for the NSA to work with the Department of Homeland Security and other federal agencies to monitor such networks to prevent unauthorized intrusion, according to those with knowledge of what is known internally as the 'Cyber Initiative.' Details of the project are highly classified. Director of National Intelligence Mike McConnell, a former NSA chief, is coordinating the initiative. It will be run by the Department of Homeland Security, which has primary responsibility for protecting domestic infrastructure, including the Internet, current and former officials said. At the outset, up to 2,000 people -- from the Department of Homeland Security, the NSA and other agencies -- could be assigned to the initiative, said a senior intelligence official who spoke on condition of anonymity.'"

Tools & Techniques

http://www.360is.com/00-introduction.htm

The Magnificent 7

... The consultants at Three Sixty Information Security have picked out their most frequently recommended pieces of software and investigated them in more detail, the people behind them, how they came about, and what makes them worth using.

For those of you familiar with the applications, perhaps already deploying them, skip on to the end of the document where we gather the threads together and answer the question:

What makes this software so uncommonly good?

Constitution Day has passed, but these might be useful next year

http://www.bespacific.com/mt/archives/016059.html

September 22, 2007

Pillars of the First Amendment: Foundation of the Constitution

U.S. Courts: "This package of First Amendment cases provides examples of the six pillars of the First Amendment considered the foundation of the Constitution. Each freedom – religion, speech, press, assembly, petition, and association – is illustrated by a high-profile case that has an impact on today's teens. These cases are presented in a way that prepares students to explore the issues in a variety of formats in a courtroom – as a civil discussion, an Oxford style debate, a Supreme Court oral argument, or a Supreme Court case conference after oral arguments."

A Niche is a Niche is a Niche...

http://www.researchbuzz.org/wp/2007/09/22/database-of-historic-wallpaper/

Database of Historic Wallpaper

22nd September 2007

One of the real joys of doing ResearchBuzz is learning about other people’s passion for stuff that I have never really thought about. Did I ever consider that some people love old wallpaper? Nope. Could I have imagined that there’s an online database containing information about over 4000 samples of old wallpaper? No way. But there is, and beyond that there’s a great resource that links together many old wallpapering resources.

The historic database is available at http://www.spnea.org/wallpaper/catalog/search.htm.