Hey! We're looking out for you!
Hartford Financial misplaces back-up tapes with personal data on policy holders
Some 237,000 may be affected in the breach
Jaikumar Vijayan
October 30, 2007 (Computerworld) -- The Hartford Financial Services Group Inc. has notified about 237,000 policy holders of a potential compromise of their personal data.
The warning followed the loss of three backup tapes [There is no reason to have tapes. Backups can be sent electronically. Bob] containing the names, addresses, Social Security numbers and driver's license numbers of customers of the company's personnel lines claims center. The tapes were discovered to be missing on Sept. 27.
So far, there is no evidence that the tapes were stolen or that the information has been misused, a company spokeswoman said. Hartford Financial Services has no idea if the tapes were misplaced while in transit to another location or if they went missing inside the company. But the information contained on them could only be read with "the use of sophisticated and expensive equipment," she added. [Or you could have a “service” convert the tape to DVD for about $20 Bob]
... The Hartford breach is similar to scores of others [suggesting it could have been anticipated and avoided... Even without my class. Bob] in recent years involving the loss or theft of computers and media containing sensitive personal data. Security analysts have recommended that companies use encryption to mitigate potential data loss in such situations. Many companies that have been reluctant to do so because of cost concerns end up paying significantly more in notification and other costs when a breach occurs, analysts have previously noted.
We didn't encrypt. We didn't know what was on the laptop. We're USPS managers!
http://www.pogowasright.org/article.php?story=20071030080800653
USPS Stolen Laptop Held Hawaii Employee Information
Tuesday, October 30 2007 @ 08:08 AM EDT Contributed by: PrivacyNews News Section: Breaches
About 3,000 Oahu postal employees received letters in the mail this weekend warning them that their personal information may be compromised.
The employees' names, Social Security numbers and other information were on a laptop computer that was stolen in August.
... "It took so long to notify our employees because it took that long for investigators to determine that one file out of the thousands that were on the laptop contained personal identifying information.
Source - KITV
[From the article:
"It took so long to notify our employees because it took that long for investigators to determine that one file out of the thousands that were on the laptop contained personal identifying information. As soon as the one file was discovered, the notification process began," Gonzalves said.
This may become a trend. It is a quick, inexpensive way for a politically ambitious DA (is there any other kind?) to gain attention. Sort of like shooting fish in a barrel, but with media coverage.
http://www.pogowasright.org/article.php?story=20071030142634344
KY: Attorney general: Many businesses aren’t protecting personal records
Tuesday, October 30 2007 @ 02:26 PM EDT Contributed by: PrivacyNews News Section: Breaches
Attorney General Greg Stumbo displayed a large table of records Tuesday with personal information including Social Security numbers and medical information that his investigators had recovered from the trash of 121 businesses chosen at random in Lexington, Frankfort, Florence and Louisville.
... Stumbo said 33 of the 121 businesses [probably on one day... Bob] threw more than 500 records containing personal information about more than 1,250 people into publicly accessible trash receptacles.
Fourteen of those businesses tossed out more sensitive information about nearly 1,000 people, he said.
Source - Kentucky.com
An old (pre-Internet?) scam was to send “subscription renewal invoices” to managers, many of who would automatically forward them for payment. This sound similar, but with higher dollar amounts. Probably looking for one score and out. (Is $10,000,000 enough to retire in Brazil?)
http://techdirt.com/articles/20071029/222817.shtml
Phishing Scammers Convince Grocery Store To Give Them $10 Million
from the the-big-phish dept
By now, most people are familiar with how phishing scams work, usually preying on individuals and tricking them into handing over data that allows the scammers access to bank accounts or other useful info. However, scammers have been aiming a bit higher lately. One tactic is commonly referred to as "spear phishing," where scammers focus on business targets, and attempt to convince them that they're actually coming from partners or suppliers. Apparently one such spear phishing attempt nearly worked to the tune of $10 million. The scammers sent two emails [Perhaps each made the other look valid? Bob] to someone at the headquarters of the supermarket chain Supervalu, purporting to be from Supervalu suppliers American Greetings and Frito-Lay. Both emails claimed that their bank account info had changed and Supervalu now needed to deposit payments into different accounts. Someone at Supervalu followed the instructions, leading approximately $10 million to be deposited into the two accounts over a period of about 4 days. At this point, someone from Supervalu figured out there was a problem and alerted the authorities, who were then able to recover most of the money before the scammers withdrew it. However, it appears that no one has yet figured out who opened the accounts, though Supervalu has filed a lawsuit in order to try to get that information.
Useful! Find the original quote (Yes they stole some credit card data, but certainly not millions.”) and compare it to the facts (94 Million accounts)
http://www.bespacific.com/mt/archives/016375.html
October 29, 2007
Guide to Finding Old Web Pages
Greg R. Notess updated his guide, Finding Old Web Pages: "The Web changes constantly, and sometimes that page that had just the information you needed yesterday (or last month or two years ago) is not available today. At other times you may want to see how a page's content or design has changed. There are several sources for finding Web pages as they used to exist. While Google's cache is probably the best known, the others are important alternatives that may have pages not available at Google or the Wayback Machine plus they may have an archived page from a different date. The table below notes the name of the service, the way to find the archived page, and some notes that should give some idea as to how old a page the archive may contain."
Mothers: Give your children a leg up on the 2048 presidential campaign. Get them involved in “poster child” litigation as toddlers!
http://www.news.com/8301-10784_3-9807555-7.html?part=rss&subj=news&tag=2547-1_3-0-5
Mother protects YouTube clip by suing Prince
Posted by Greg Sandoval October 30, 2007 12:25 PM PDT
The pop star wanted YouTube to remove a clip of an infant boy dancing to his 1984 hit song "Let's Go Crazy." When the clip got scrubbed, the baby's mother cried foul and filed suit asking for damages. The woman's lawyers at the Electronic Frontier Foundation (EFF) say the dancing-baby clip is the poster child for fair use.
[Naturally, the 30 second video clip is available with the article and I wonder how anyone identified the song. Bob]
An indication the dominoes are starting to fall?
http://www.pogowasright.org/article.php?story=20071030170254508
Australian agency won't block Google-DoubleClick deal
Tuesday, October 30 2007 @ 05:02 PM EDT Contributed by: PrivacyNews News Section: Businesses & Privacy
The Australian Competition and Consumer Commission (ACCC) said today that it will not stand in the way of Google Inc.'s proposed acquisition of online advertising company DoubleClick Inc.
Source - Computerworld
Will articles like this encourage anyone to speed up their nets? Unlikely.
http://hosted.ap.org/dynamic/stories/B/BROADBAND_GAP?SITE=VALYD&SECTION=HOME&TEMPLATE=DEFAULT
Is U.S. Stuck in Internet's Slow Lane?
By PETER SVENSSON AP Technology Writer Oct 30, 6:34 PM EDT
NEW YORK (AP) -- The United States is starting to look like a slowpoke on the Internet. Examples abound of countries that have faster and cheaper broadband connections, and more of their population connected to them.
... In a move to get a clearer picture of where the U.S. stands, the House Energy and Commerce Committee on Tuesday approved legislation that would develop an annual inventory of existing broadband services - including the types, advertised speeds and actual number of subscribers - available to households and businesses across the nation.
... In South Korea, for instance, the average apartment can get an Internet connection that's 15 times faster than a typical U.S. connection. In Paris, a "triple play" of TV, phone and broadband service costs less than half of what it does in the U.S.
The Organization for Economic Co-operation and Development - a 30-member club of nations - compiles the most often cited international comparison. It puts the U.S. at 15th place for broadband lines per person in 2006, down from No. 4 in 2001.
On the Net: Columbia Institute for Tele-Information: http://www.citi.columbia.edu
A nice short summary of what you can log (right out of the box) if you choose to... Still current Of course, then you have to actually look at the logs, but the article points you to tools to automate that process.
http://articles.techrepublic.com.com/5100-6350_11-6083901.html
SolutionBase: Creating an effective audit policy for your organization
by Guest Contributor | Jun 19, 2006 Tags: Brien M. Posey MCSE
Logon events
... what is more important than knowing who is using your system and who has attempted to use your system?
Object access
... the most important type of auditing for file servers. The basic idea is that you can use object access auditing to watch over specific files and folders to see who is accessing them and when.
Account management
... refers to auditing the creation and modification of user accounts.
Policy change
... policy change auditing logs things like changes to user rights. Knowing when user rights change is definitely important, but more important is that fact that auditing policy changes helps to keep administrators honest. Think about it for a second. If you wanted to perform some sort of unauthorized administrative task, what's the first thing that you would do? Disable auditing? Well, disabling (or re-enabling) auditing is a type of policy change.
System events
Auditing system events creates an audit log entry any time the system is rebooted or when you do something that "affects the system security or security log" (in Microsoft's words).
Interesting student paper for us news-o-philes...
http://www.cs.cmu.edu/~jure/blogs/index.html
CASCADES project: Cost-effective Outbreak Detection in Networks.
by Jure Leskovec, Andreas Krause, Carlos Guestrin, Christos Faloutsos, Jeanne VanBriesen and Natalie Glance SCHOOL OF COMPUTER SCIENCE, CARNEGIE MELLON UNIVERSITY
Blog rankings
Rankings are based on the following question: Which blogs should one read to be most up to date, i.e., to quickly know about important stories that propagate over the blogosphere?
Winner of the Best Student Paper Award. [PDF] [extended version with proofs] [PowerPoint] [Presentation video]
No comments:
Post a Comment