Saturday, January 20, 2007

Remember, records are made to be broken...

http://news.com.com/2100-7349_3-6151546.html?part=rss&tag=2547-1_3-0-5&subj=news

Swedish bank hit by 'biggest ever' online heist

By Tom Espiner Story last modified Fri Jan 19 10:48:28 PST 2007

Swedish bank Nordea has told ZDNet UK that it has been stung for between seven and eight million Swedish krona--up to $1.1 million--in what security company McAfee is describing as the "biggest ever" online bank heist.

Over the last 15 months, Nordea customers have been targeted by e-mails containing a tailor-made Trojan, said the bank.

Nordea believes that 250 customers [$4,400 per customer. Bob] have been affected by the fraud, after falling victim to phishing e-mails containing the Trojan. According to McAfee, Swedish police believe Russian-organized criminals are behind the attacks. Currently, 121 people are suspected of being involved.

The attack started by a tailor-made Trojan sent in the name of the bank to some of its clients, according to McAfee. The sender encouraged clients to download a "spam fighting" application. Users who downloaded the attached file, called raking.zip or raking.exe, were infected by the Trojan, which some security companies call haxdoor.ki.

Haxdoor typically installs keyloggers to record keystrokes, and hides itself using a rootkit. The payload of the .ki variant of the Trojan was activated when users attempted to log in to the Nordea online banking site. According to the bank, users were redirected to a false home page, where they entered important log-in information, including log-in numbers.

After the users entered the information an error message appeared, informing them that the site was experiencing technical difficulties. Criminals then used the harvested customer details on the real Nordea Web site to take money from customer accounts.

According to McAfee, Swedish police have established that the log-in information was sent to servers in the US, and then to Russia. [Tracing e-criminals won't be easy... Bob] Police believe the heist to be the work of organized criminals.

Nordea spokesman for Sweden, Boo Ehlin, said that most of the home users affected had not been running antivirus applications on their computers. The bank has borne the brunt of the attacks and has refunded all the affected customers.

Ehlin blamed successful social engineering for the heist, rather than any deficiencies in Nordea's security procedures. [The bank had no control over their client's actions. But they could have prevented this... Bob]

... In an effort to combat fraud, most banks have a policy of monitoring the behavior of people claiming to be their customers, so that unusual transaction behavior can be investigated and halted if fraudulent.

Nordea was aware [suspected? Bob] that some of the attempted transactions were false because of the large sums involved. However, during a period of 15 months a large series of small transactions enabled the criminals to successfully transfer a huge sum overall.

"In some cases we saw the transactions were false, and in some cases we didn't," said Ehlin. "We can't look at every transfer, [Your computer system does. Bob] and it looked like our customers had made the transfer. Most of the cases were small amounts that we thought were ordinary. We lost approximately seven to eight million krona."

Nordea has two million Internet banking customers in Sweden. The police investigation is underway, and the bank is currently reviewing its security procedures.



Another new record?

http://techdirt.com/articles/20070119/090325.shtml

Ladies And Gentlemen, We May Have A New Winner For Most Credit Card Data Leaked

from the congrats-all-around dept

There was some talk yesterday about how TJX, the parent company for discount clothing stores T.J. Maxx, Marshalls and some others had lost some credit card data after their systems were hacked. Today, additional information is starting to come out suggesting that this may take the lead as the largest single set of compromised credit card data, reaching even beyond the 40 million or so records lost by CardSystems a few years back. Since those responsible for that data loss only got a slap on the wrist, perhaps it's not surprising that others haven't done much to beef up credit card security. In fact, another article on this story claims that, despite strict guidelines from Visa and Mastercard for how this type of data needs to be handled only 31% actually comply with the guidelines -- and apparently TJX is among those who don't comply (big surprise there). Since it's apparent that not much has happened in the past few years to better protect our data, expect plenty of fretting over what this means and how to do a better job... until enough people forget about it, and we're all set up for a year or two down the road when we'll have a new winner in the largest single data leak ever.



Does ANYONE think about what they are saying to the press?

http://www.kansascity.com/mld/kansascity/16493570.htm

Posted on Fri, Jan. 19, 2007

26 IRS tapes missing from City Hall

Records were delivered in August. Trail of where taxpayer data went is under investigation.

By LYNN HORSLEY The Kansas City Star

Twenty-six IRS computer tapes containing taxpayer information are missing after they were delivered to City Hall months ago.

Kansas City is one of hundreds of governmental entities that share taxpayer information back and forth with the Internal Revenue Service. City officials use the federal tax return information to enforce their collection of the 1 percent city earnings tax, which is paid by people who live or work in Kansas City.

City and IRS officials on Thursday either would not or could not say exactly what information is on the tapes or the number of taxpayers whose information is on the tapes. [Experience suggests the answer is “could not say” Bob]

But the information potentially could include taxpayers’ names, Social Security numbers and bank account numbers, or they could contain employer information.

The tapes require special equipment to read [a Tape Reader, available anywhere Bob] and software that is not commonly used, [Nonsense. Any programming language will do... Bob] so the average person could not access the information, said Assistant City Manager Rich Noll.

We have no reason to believe there was any foul play,” [and no evidence to the contrary Bob] Noll said, although he added he could not rule it out.

Special agents with the Inspector General’s office of the Treasury Department, along with city officials, are investigating the missing tapes, Noll said.

Several Kansas City Council members said Thursday that they had been briefed on the missing tapes but that the matter was too sensitive for them to comment further. [What an asinine statement. Bob]

... Employees in the city’s Office of Management and Budget and the Finance Department were sent home early on Jan. 3 and their offices were searched, but the tapes were not found. [This is a bit unusual, isn't it? Bob]

Noll said he did not think the tapes contained images of tax forms. He said he did not think there was significant risk that sensitive taxpayer information had been inappropriately released, but he could not say there was no risk.

When asked why the city couldn’t provide more information about what type of information was missing, city spokeswoman Mary Charles said the city had never received this type of tape before. [“...and the IRS won't tell us anything about them.” Bob]

The tapes were never reviewed, [“We seldom do our job,.” Bob] so we don’t know what’s on there,” she said.

The trail of where the tapes went in City Hall is what is under investigation, Charles said. There is no documentation to show that the tapes ever reached the Finance Department, [Control your sensitive data, people! Bob] where they would have been reviewed.



Follow-up. There seems to be a universal tendency to underestimate the loss – a lot!

http://www.wfaa.com/sharedcontent/dws/news/localnews/stories/012007dnmetutdhack.58085a1e.html

UTD says more put at risk of ID theft

Computer attack exposed personal data of up to 35,000 people

08:29 PM CST on Friday, January 19, 2007 By HOLLY K. HACKER / The Dallas Morning News

A computer attack at the University of Texas at Dallas was worse than officials first thought. They now say Social Security numbers and other personal information may have been exposed for up to 35,000 faculty, current and former students, staff and others, putting them at risk of identify theft.

Officials said Friday that the names and Social Security numbers of 29,000 library cardholders may have been exposed. That group mainly includes students, faculty and staff, along with a few hundred people who aren't affiliated with UTD but have used its library.

UTD officials first reported the computer attack in December and said 6,000 people were affected.

... There is evidence the attack was "somewhat automated," [Another meaningless phrase? Bob] said Ms. Rogers, who declined to elaborate.



If your were the CEO of TJX, this headline could give you a heart attack...

http://news.bostonherald.com/localRegional/view.bg?articleid=177931

Give her credit: AG fights off identity theft

By O’Ryan Johnson Friday, January 19, 2007 - Updated: 12:34 AM EST

Dude, you’re not getting a Dell, but you might be getting a cell - a jail cell.

A week before Martha Coakley was sworn in as attorney general, a cyber crook illegally used her credit card number to buy a Dell computer, and a rather pricey one at that.

I’m sure they didn’t know (she is the state’s top prosecutor) when they took the number,” Coakley said with a chuckle. “I wouldn’t go after the new AG.”

Coakley said she was leaving on a ski vacation a week ago Monday when she got the call from Dell saying someone had ordered a computer worth about $1,250 and had requested it be shipped to an address in Texas.

Coakley said she called Dell and canceled the shipment, telling them she did not order the machine. She said it appears someone stole the information off one of her credit cards and used it to buy the computer. She said the credit card number theft is not related to consumer information stolen from TJX Corp.

There was no damage done,” she said. “I was lucky to find out before someone went on a shopping spree.”

Coakley said she canceled the card and ordered a new one, and that appears to be the end of it.

She said the chances of catching the crook - even for the state’s top prosecutor - are slim to none, since even if they could link it to a person, jurisdictional issues would likely hamper an effort to prosecute.

I wasn’t a victim of the conventional form of ID theft, but still I think it’s something a lot of people suffer,” she said, noting that the crook didn’t use her Social Security number to set up lines of credit.

It can happen fairly easily.”



This is a new one to me...

http://www.financial-education-icfe.org/identity_theft_specialist/identity_theft_risk_management_specialist_certification.asp

Institute of Consumer Financial Education

The ICFE has developed the "ICFE Certified Identity Theft Risk Management Specialist" (CITRMS) educational and certification testing program. The main purpose is to comprehensively prepare and equip law enforcement professionals, financial planners and CPA's, resolution advocates, notaries, lawyers, credit and debt counselors, through education, testing and computer software training, with the knowledge and skills necessary to help consumers and businesses fully assess and minimize their present risk of credit and identity theft.



Think this might be useful?

http://www.ed.gov/news/pressreleases/2007/01/01182007.html

U.S. Department of Education Office of Inspector General Launches New DVD: 'Identity Theft: It's Not Worth It'

FOR RELEASE: January 18, 2007 Contact: Catherine Grant (202) 245-7023

Editor's note: For a free copy of the DVD, please contact the U.S. Department of Education, Office of Inspector General, at (202) 245-7023.

The U.S. Department of Education's Office of Inspector General (OIG) today announced the release of its second DVD on the issue of identity theft in the student financial assistance arena.

Entitled "Identity Theft: It's Not Worth It," the DVD tracks how OIG, together with the U.S. Attorney's Office, U.S. Marshals Service, U.S. Postal Inspection Service, and Truckee Meadows Community College stopped a $1 million financial aid fraud scam, spearheaded by 64-year old grandmother, Ann Armstrong.

Along with four of her children and three of her grandchildren, Armstrong was convicted of using the identities of more than 65 people to fraudulently obtain federal student aid at various colleges in Arizona, Colorado, Maryland, Nevada, and Texas.

From January 2000 to March 2004, the Armstrongs obtained personal identifying information for various people and used it to enroll in distance education/on-line classes at colleges in those states. They applied for federal student loans and grants through the schools using these identities, submitting all information via e-mail or fax.

Checks for the loans or grants were sent in the students' name to addresses provided on the applications which the Armstrongs then picked up, cashed, or deposited into bank accounts using false identification.

The fraudulent scheme was initially reported to the OIG by a financial aid officer at Truckee Meadows Community College in Reno, Nev. The financial aid officer observed that a number of students were applying for financial aid using the same addresses and telephone numbers. [Apparently not a check made at the federal level... Bob] OIG initiated an investigation, ultimately leading to the filing of a criminal complaint and issuance of arrest warrants against the conspirators.

... Since 2003, the OIG, together with the U.S. Department of Education's Office of Federal Student Aid, has conducted a public awareness campaign to alert students, schools, and other financial aid participants about identity theft via the OIG's special Web site, www.ed.gov/misused.

The site provides information on scams, suggestions for preventing identity theft, and resources on how to report identity theft involving federal education dollars.

In 2003 with the assistance of the Arizona Department of Public Safety, OIG produced its first DVD on this issue, entitled, "FSA Identity Theft: We Need Your Help." This report featured an individual incarcerated for student aid fraud who described the techniques he used to steal identities.

These DVDs are made available to schools and student groups, and the media upon request. For more information on the mission and activities of the Office of Inspector General, visit: www.ed.gov/about/offices/list/oig/.



What, me worry? It's not like someone would track me down and punch me in the nose – is it?

http://www.newassignment.net/blog/keith_axline/jan2007/17/how_to_nine_ways

Finding Those Local Blogs

by Keith Axline on January 18, 2007 - 11:40am.

The last step in the rise of the blog will be the connection of virtual and real space. Your favorite blogger might be in New York, but if you’re living in Oregon, chances are he’s not going to be covering local ordinances or missing dogs.

This is a crucial step for citizen journalism and the democratic process in general. When supporting local causes is as easy as checking your RSS reader, and when the paths of communication are transparent, the seemingly giant gap between an initial desire for change and actually seeing results evaporates.

So how do you find out who’s blogging in your neighborhood? Many hyperlocal blog directories are sprouting up and existing blog aggregators are growing local searches in order to fill this emerging demand. Here are a few of the better ones. (Don’t see your favorite local blog search here? Let us know in the comments of this post.)

    Placeblogger.com: The most recent and promising site on the scene, to which Jay Rosen serves as an advisor, Placeblogger has a slick interface and enough buzz to draw a healthy amount of contributors. The success of any of these sites rests on the amount of participation, and Placeblogger seems to have a lot of momentum. Most of the towns I typed in - large or small - had enough blogs listed to keep me interested. The launch package also included a list of the top 10 placeblogs in the country.

    Backfence.com: Though only available in a few cities at the moment, Backfence does a lot of things right. It’s easy to contribute to and navigate the site. The ‘Crime Log’ category and the photo gallery seemed particularly helpful. Backfence is currently in a state of transition, after losing , some of its original management team but is still attempting to expand into other cities as funding allows. If you like their format, you should write in and request they take a look at your city as a potential destination.

    Feedmap.net: Feedmap is a little rough around the edges, but it gets the job done. Just type in the location you’re looking for and a map pops up with geotagged feeds from local blogs. It also has tools for adding a local blogroll to your own blog and a map image of your location.

    Outside.in: This is my personal fave as far as design and content. It tends to only tap a few blogs in some of the more remote areas, but with more time I could see this becoming a great site. Started by Steven Johnson, co-creator of FEED magazine and Plastic.com, Outside.in is in good hands.

    Metroblogging.com: Instead of aggregating other blogs in a particular area, Metroblogging hand-picks a few bloggers in a specific city and sets them up on one of their pre-formatted blogs. While this site doesn’t exactly fit perfectly into this list, the quality of its blogs are excellent and they encourage your participation. You may find other blogs in your area by following your town’s Metroblog.

    Topix.net: This site is a great tool for narrowing in on any subject, whether it be local blogs or news stories on a specific subject. Topix works better as a local news aggregator than a blog finder, but I was able to find a few gems that weren’t listed elsewhere. Using their advanced search option you should be able to look up blogs by zip code, but the search results still produce local news sites in addition to great local blogs and the localized forums put you directly in touch with people from your neighborhood.

    Blogdigger Local: This site feels a little ghetto, but shared some of the same buzz last year that Placeblogger is enjoying now. It definitely has some unique sites registered, and it could fill some crucial holes in your local blog web.

    Technorati: Searching for local blogs is just one of the many features available at Technorati. If you’re specific enough, you can usually get excellent results, but it’s not explicitly geared towards that type of function, so the hits tend to not be as focused. A little work on your part could lead to a very local community of bloggers, but it’s not just sitting there for the taking.

    AmericanTowns.com: Recently featured in a New York Times article, American Towns has a great interface, but not much more … yet. There’s a lot of potential here if a wide variety of people actively contribute, but when I looked up San Francisco, for example, the only events listed were religious events posted by local churches.

Miscellaneous: Micah Sifry at Personal Democracy Forum has a great post about this topic, specifically for political blogs. A couple directories he mentions are LeftyBlogs for Democrats and Blogatorium for Republicans. CitizenJournalist.net also has some great links related to this topic, although it’s not a blog directory.

There is a lot of potential in these sites that hasn’t really solidified into a standard function or practice. It reminds me of when e-mail and Internet were available on local BBS’s but no one really knew what to do with them. The localized blog movement needs a MySpace or Friendster to get it going. So far, only Placeblogger seems like it might be that type of site. You can help catalyze the movement by registering as many sites as you can with these services and geotagging your own blog. Happy hunting.




For my Business Continuity students... Looks like you should never rely on computers in coastal California, the gulf coast, or Florida.

http://royal.pingdom.com/?p=79

January 19, 2007

Where NOT to keep your servers according to Mother Nature

If Mother Nature has anything to say, there simply are some places where you shouldn’t place a data center.

... We decided to look at heat maps for earthquakes, hurricanes and tornadoes in the U.S. to see exactly where the danger areas were located. In addition to that we also composited them to see get the full picture.



More to my liking than DRM – hold the consumer accountable for their actions, but don't restrict them.

http://yro.slashdot.org/article.pl?sid=07/01/19/1918221&from=rss

Startup Tries Watermarking Instead of DRM

Posted by Zonk on Friday January 19, @02:43PM from the commendable-actions-mean-profits dept. Movies Businesses Technology

Loosehead Prop writes "A U.K. startup called Streamburst has a novel idea: selling downloadable video with watermarks instead of DRM. The system works by adding a 5-second intro to each download that shows the name of the person who bought the movie along with something like a watermark: 'it's not technically a watermark in the usual sense of that term, but the encoding process does strip out a unique series of bits from the file. The missing information is a minuscule portion of the overall file that does not affect video quality, according to Bjarnason, but does allow the company to discover who purchased a particular file.' The goal is to 'make people accountable for their actions without artificially restricting those actions.'"



Why is Colorado the home of e-voting machine certification? (Why haven't any machines been ISO certified before?)

http://news.com.com/2061-10796_3-6151592.html?part=rss&tag=2547-1_3-0-5&subj=news

E-voting test labs get initial nod

January 19, 2007 11:25 AM PST

Two Colorado-based laboratories this week became the first companies to receive the initial go-ahead in their quest for federal approval to test electronic voting machines used by American voters.

In a letter (PDF) on Thursday, the National Institute of Standards and Technology (NIST) recommended that iBeta Quality Assurance of Aurora, Colo. and SysTest Labs of Denver be granted final clearance to test the systems.

... The federal law leaves it up to states whether to pay attention to the EAC accreditations, but many are expected to require that their equipment be tested by those companies. Before HAVA, test labs were certified by the National Association of State Election Directors, and 39 states required their machines to have undergone testing by labs accredited by that group.



You do not need to be a lawyer to participate! (...or for any other reason I can think of...)

http://www.bespacific.com/mt/archives/013647.html

January 19, 2007

Free Acrobat for Legal Professionals eSeminar on 1/25

Covers PDF creation, security, Bates numbering, redaction, eFiling and more. Sign Up Here.



...from the Forrest Gump (Stupid is as stupid does) school of burglary. Perhaps we could add GPS devices to all those laptops that get stolen?

http://news.yahoo.com/s/ap/20070119/ap_on_fe_st/stolen_gps

GPS devices lead to suspects' home

1 hour, 20 minutes ago

Three thieves who allegedly stole 14 global positioning system devices didn't get away with their crime for long. The devices led police right to their home.

Town officials said the thieves didn't even know what they had: they thought the GPS devices were cell phones, which they planned to sell.

According to Suffolk County police, the GPS devices were stolen Monday night from the Town of Babylon Public Works garage in Lindenhurst. The town immediately tapped its GPS system, and it showed that one of the devices was inside a house. Police said that when they arrived there, Kurt Husfeldt, 46, had the device in his hands.

Husfeldt was charged with criminal possession of stolen property. His 13-year-old son also was arrested on grand larceny charges.

Town officials said the boy committed the burglary with Steven Mangiapanella, 20, also of Lindenhurst. He was charged with grand larceny.

Babylon installed 300 GPS devices in snow plows, dump trucks, street sweepers and other vehicles last January.

Friday, January 19, 2007

It is probably reasonable to expect a physician to have 150 patients at one time. It's the guys with hundreds of thousands that I find hard to credit...

http://www.securitypronews.com/insiderreports/insider/spn-49-20070118TokyoDocLosesPatientInformation.html

Tokyo Doc Loses Patient Information

David Utter Staff Writer 2007-01-18

A physician with the University of Tokyo Hospital placed personal information about 150 patients on his home computer, only to have that data leaked online.

Private information and personal computers are not chocolate and peanut butter; they don't go together. But people keep thinking they won't be the ones to make the kind of mistakes other people have in inadvertently putting that data at risk.

The report in question said the doctor had a backup file containing patient information from about 10 years ago. [This is not reasonable for two reasons. 1) backups should be stored in a safe, environmentally controlled space – not on a home computer. 2) Even backup files should be deleted after they are no longer required for business purposes. Bob] He had treated the patients at the University and three other hospitals.

That file probably sat dormant all those years until someone placed file-sharing software on the computer.

After that, the data could be viewed for around a five hour period.

The information included names and birth dates, and medical records.

Details are not clear about the whole issue. On a ten-year old computer, it is difficult to imagine modern file-sharing software running on it, although ftp could be an option.

It seems more likely the patient information was ten years old, but placed on a newer computer.

No accounts of misuse of the data have emerged yet, according to the University hospital. They claimed that they "prohibit in principle" [Is this the same as “We may have suggested it once upon a time?” Bob] the practice of taking personal information out of the hospital.

Principles are good to have, but in an age where a little personal information can lead to a big identity theft, clearly defined policies against that usage need to be in place too. Maybe the doctor just didn't think about, or even forgot, the backup.

Security pros do need to think about these things. It may be a good idea to check with employees to find out if sensitive information has been removed from an enterprise.

Well-meaning workers who want to do a good job probably don't see the harm in doing so.

They should not be prohibited from working effectively. If there is a need for access to such data, the implementation of a managed solution like VPN should be used.

Control of the information needs to rest with the company, and not an individual employee. [...and there needs to be consequences! Bob]

In the United States, trends on identity thefts have indicated they will continue to spiral upward. A 250 percent rise in keyloggers and an ever-increasing number of phishing attempts figured prominently in 2006.



Will this impact their ability to buy the homes KB sells?

http://www.thestate.com/mld/thestate/business/16485189.htm

KB Home warns of ID theft risk

Home builder issues alert to customers after computer is stolen from company’s Charleston sales office

By KRISTY EPPLEY RUPON

krupon@thestate.com Posted on Thu, Jan. 18, 2007

Thousands of KB Home customers are being warned of the risk of identity theft after one of the home builder’s computers was stolen from a Charleston sales office.

The company sent letters to 2,700 people Friday advising them to put a fraud alert on their credit reports and to monitor their credit for the next couple of years.

Ken Fenchel, who bought his Lexington home from KB Home in May, is irritated the company is not offering to do more to help the customers avoid identity theft.

At a minimum they should (pay for) one year of fraud protection” for those customers, Fenchel said. “I’m not sure what else you can do.”

As a precautionary measure, KB Home officials say, they sent the letter to more people than they believe were affected.

The stolen computer likely had names, addresses and Social Security numbers only of people who had visited the sales office for Foxbank Plantation, a new home community in Berkeley County near Charleston, said Jeff Meyer, division president for KB Home South Carolina.

KB Home, which has a financing program for potential buyers, collects Social Security numbers from people who want to pre-qualify for a loan.

I don’t really expect that anybody from Columbia was on that computer, but we figure better safe than sorry,” Meyer said. “We think the action we took is a reasonable response.”

The computer was in a locked sales office with an alarm system when the wire to the alarm was cut and the computer was stolen Dec. 30, Meyer said. Nothing else of value was taken, he said.

The letter was sent Friday to anyone who had visited a KB Home sales office in South Carolina during a certain time period last year.

There is a risk to you of potential identity theft or misuse of information,” the letter states. “Nonetheless, our research reveals that computer thieves generally want only the hardware and customarily erase all data from the disk prior to illegal resale of the hardware.”

The personal information that was on the computer was password protected, according to the letter.

... Still, Meyer said, the risk “is fairly small.” KB Home recently decided to eliminate all Social Security numbers from their files to protect their clients. [Before or after? Bob]



Should have used Registered Mail? Are there “secure” shipping alternatives? Must be....

http://www.theglobeandmail.com/servlet/story/RTGAM.20070118.wcibc0118/BNStory/Business/home

CIBC loses info on 470,000 Canadians

SINCLAIR STEWART Globe and Mail Update

The personal information of nearly half-a-million customers at a CIBC mutual fund subsidiary has gone missing, prompting fears of a potential security breach and inciting an investigation from Canada's federal privacy commissioner.

A backup computer file containing application data for 470,000 investors at Montreal-based Talvest Mutual Funds disappeared in transit on the way to Toronto recently, the bank said in a news release Thursday.

The file contained everything from client names and addresses to signatures, birth dates, bank account numbers and Social Insurance Numbers. Officials at CIBC Asset Management Inc., a division of the Canadian Imperial Bank of Commerce, said there is no evidence of fraud, nor is there any indication that any data on this hard drive has been accessed. The company did not explain how it lost the drive.

Privacy Commissioner Jennifer Stoddart, who launched a probe of CIBC following a faxing snafu two years ago, said she has determined there are grounds for another investigation in the Talvest matter, even though the bank brought the problem to her attention.

Although I appreciate that the bank notified us of this incident and that it is working cooperatively with my office, I am nevertheless deeply troubled, especially given the magnitude of this breach, which puts at risk the personal information of hundreds of thousands of Canadians,” said Ms. Stoddart. “My office is committed to carrying out a thorough investigation into this matter and to ensuring that preventive and corrective measures are put in place so that this does not reoccur.”

The bank said it has taken immediate steps to rectify the problem, and has written letters to affected customers. The vast majority of these are clients of Talvest, rather than CIBC, which bought the mutual fund company in 2001.

The bank has promised to compensate customers for any loss, and is allowing them to enroll in a free credit monitoring program that can alert them if someone is trying to use their information without proper authorization.

... This is the second major security issue for Canadians in as many days. Wednesday, the U.S. retailer that owns discount chains Winners and HomeSense revealed it had been the victim of a massive computer hacking effort.

Sources told The Globe and Mail that the network break-in at TJX Cos. may have affected as many as 20-million Visa cards worldwide, and some estimates suggest as many as 2-million of these cards are Canadian. It's unclear how big that number will be for other card providers, like MasterCard, but the numbers suggest it could be one of the largest such breaches the country has ever seen, according to one person in the financial community. The RCMP is assisting U.S. authorities with that investigation.



Follow-up... Note the 20 Million (Visa alone) figure in the previous article!

http://home.businesswire.com/portal/site/google/index.jsp?ndmViewId=news_view&newsId=20070118005947&newsLang=en

January 18, 2007 05:25 PM Eastern Time

Massachusetts Bankers Association Responds to TJX Companies Data Breach

BOSTON--(BUSINESS WIRE)--The Massachusetts Bankers Association:

* MasterCard now Reporting Data Breaches to Banks

* Thus far, 28 Massachusetts Banks Report Compromised Cards

* Work of MBA Task Force is Underscored

* Has TJX been “Victimized?”

* Advice for Cardholders

The Massachusetts Bankers Association (MBA) said today that in addition to VISA USA, now MasterCard is contacting Massachusetts banks to report that some of their customers’ personal banking information may have been compromised due to the data breach reported by TJX Companies yesterday. Bay State banks are acting quickly to protect customers who have been red-flagged by the two card associations after doing business with TJX stores including TJMaxx, Marshalls, Winners, HomeGoods, TKMaxx, AJWright, and HomeSense.

After surveying its banks, the MBA is reporting that thus far 28 banks have been contacted by the card associations indicating that some of their card holders have had personal information that may have been exposed due to the TJX data breach. The MBA is cautioning, however, that the number is likely to grow higher as, thus far, only 48 out of 205 banks in Massachusetts have reported in to the Association.

In addition, the MBA is questioning the TJX’s self-characterization as being “victimized” by the intrusion in a news release issued yesterday by the retailer.

Daniel J. Forte, CEO and president of the MBA said, “We think it’s a little odd that they would characterize themselves as victims when it appears that they may have been capturing data that is unnecessary.”

Retailers, upon processing a debit or credit card purchase -- that is, verifying that the information on a card is correct, and that customers have money or credit in their accounts -- are prohibited by card network rules from retaining that information. “After the transaction clears,” said Forte, “there is no reason to store any data.”

TJX has not indicated what data it routinely captures, but the range of problematic data includes account numbers, expiration dates, personal identification numbers, and other verification information. “The company did indicate,” said Forte, “that driver’s license information may have been captured and exposed.”

... Forte added, “Bottom line, we believe it is critical that the card associations – Visa, MasterCard, etc. – and public officials carefully evaluate whether retailers should be held liable for a data breach, particularly when the information being stored is in violation of card network rules.”

... Although the MBA expects the number of banks and exposed cardholders in the TJX incident to rise, the MBA is telling customers not to worry. “You may not be in the affected group,” said Forte. “There is no reason to contact your bank. It will reach out to you if there is a problem. This is a situation that was not caused by your bank but you should know, if your information was exposed, we are working hard on your behalf. If you are notified that you are in the impacted group, remember just because your data was exposed, fraud may not occur. Nonetheless, it’s a good idea to check your statements and balances regularly, and order a credit report which you can receive free of charge once a year.”



Another resource...

http://www.pogowasright.org/article.php?story=20070118083758564

Friday, January 19 2007 @ 06:44 AM CST

The Buzz: Podcast on Privacy Issues

Thursday, January 18 2007 @ 08:37 AM CST - Contributed by: PrivacyNews - State/Local Govt.

Today's podcast on privacy issues (9 minutes, 13 seconds) focuses on public concerns over identity theft, the loss of personal information through private and public incidents of neglect, adults destroying the credit rating of children, protecting minors using the Internet and even "black boxes" that may be a part of your new car.

NCSL's Heather Morton and Pam Greenberg team up to provide the latest analysis on how legislatures are trying to address the wide-ranging complexities of privacy issues that seemingly get more complicated every day. Even though at least 35 states have enacted legislation to require disclosure when private records are lost, stolen or their whereabouts unknown when a laptop containing that information is missing, our experts say states will again be taking the lead in looking at stronger protection and disclosure laws.

Source - The Thicket at State Legislatures



Does this suggest the case is weak?

http://www.eweek.com/article2/0,1759,2085407,00.asp?kc=EWRSS03119TX1K0000594

CNBC: Prosecutors Offer Plea Deal to Ex-HP Chairman

January 18, 2007 By Reuters

SAN FRANCISCO (Reuters)—California state prosecutors have offered to drop felony charges as part of a plea deal with former Hewlett-Packard Co. Chairman Patricia Dunn and three other defendants in a boardroom leak scandal, CNBC reported Thursday.

The authorities were seeking a single guilty plea on one misdemeanor charge in the case, CNBC said.

A spokesman for the California Attorney General's office declined to comment. "We don't have anything to say on that (the reported plea deal) because we don't discuss plea negotiations publicly," said Nathan Barankin. Dunn's lawyer could not immediately be reached for comment.

The board-room leak scandal emerged in September 2006 when Palo Alto, California-based HP initially disclosed that it had undertaken an investigation to ferret out the source of board room leaks to the media.



Is denial of free speech a Democratic platform plank? Perhaps we need to watch the 43 in favor more closely?

http://yro.slashdot.org/article.pl?sid=07/01/19/0553211&from=rss

Bill to Treat Bloggers as Lobbyists Defeated

Posted by CowboyNeal on Friday January 19, @01:20AM from the common-sense-prevails dept. The Internet Censorship Politics

Lawrence Person writes "The attempt to require political bloggers to register as lobbyists previously reported by Slashdot has been stripped out of the lobbying reform bill. The vote was 55 to 43 to defeat the provision. All 48 Republicans, as well as 7 Democrats, voted against requiring bloggers to register; all 43 votes in favor of keeping the registration provision were by Democrats."


...there are enough pressures on bloggers as it is!

http://techdirt.com/articles/20070118/160351.shtml

The Importance Of Protecting Anonymous Speech Online

from the it-may-not-be-pretty,-but-it's-worth-it dept

There tends to be this feeling of entitlement that anything someone doesn't like must somehow be "illegal." This is especially true when it comes to anonymous speech -- even more so when it's anonymous speech that's "critical" of someone or some organization. The EFF is discussing an interesting case where the publisher of a newspaper is trying to uncover the identity of an anonymous blogger who runs a blog that has had several critical posts of the newspaper's strategy to stop its employees from unionizing. According to the EFF report, this publisher has taken a hard line against any critic, suing two newspapers for their coverage and threatening suits against people for daring to put pro-union signs in their windows. In particular, the publisher is apparently annoyed that an anonymous third party commented on the anonymous blog, suggesting "acts of cybersabotage" against the newspaper's management. The blogger quickly removed this comment, but the publisher claims that the comment itself influenced the union vote (the employees voted to unionize) and has sent a subpoena requesting information about the anonymous blogger. From the description, this sounds very much like an attempt at intimidation. The blogger in question wasn't even the person who put up the comment, and the comment itself was removed. Trying to figure out the identity serves no reasonable purpose. In fact, as the EFF points out, the only place that information might have been useful was at the hearing to see whether the comment unfairly influenced the union vote -- and that hearing already passed without the issue being mentioned. Anonymity can be messy, but that doesn't mean it shouldn't be protected.



I wonder how many people will be dedicated to watching the videos?

http://techdirt.com/articles/20070118/183551.shtml

Now You Too Can Be A Surveillance Camera!

from the digg-for-law-enforcement. dept

We've had plenty of stories in the past about the concept of "sousveillance" and David Brin's idea of the transparent society where everyone watches everyone else, and it seems like the world keeps moving in that direction. The latest is in New York City, where Mayor Bloomberg is apparently working on a plan where anyone can take camera phone photos or videos of suspicious activity and immediately send them off to the police. Of course, that only works if the police aren't flooded with bogus reports. Maybe this doesn't go far enough. The next step should be for them to make all the images and video publicly available somewhere, so that crowds of web surfers can vote on which images and videos are actually crimes, and which aren't worth bothering with. Think of it as a Digg for law enforcement.



Will this become commonplace in the “Bricks & mortar” world? Is it legal to deny the customer the right to ask questions or purchase a 'loss leader?'

http://www.sixwise.com/newsletters/05/03/01/the_unethical_but_mostly_legal_retail_shopping_tactics_of_devil_consumers.htm

The Unethical but (Mostly) Legal Retail Shopping Tactics of Devil Consumers

by www.SixWise.com

The age-old saying that "the customer is always right" may soon be put out to pasture. Why? Increasing numbers of stores are cracking down on what they call "devil" shoppers -- customers whose buying and returning practices, some legit, may actually cause the store to lose money -- and the stores believe they're better off without them.

Best Buy stores have gotten so fed up with their "devil" shoppers -- a group they say makes up 20 percent of their customer base -- that they're actively trying to eliminate them from their stores. These shoppers (see below for a description of some of their tactics) account for as many as one-fifth of Best Buy's 500 million customer visits each year, and according to Best Buy CEO Brad Anderson, "They can wreak enormous economic havoc."

So now Best Buy is fighting back. They've started training their employees to identify "angel" shoppers -- the ones who buy highly priced items like HDTVs or just-released DVDs without waiting for a markdown -- and cater to them while "blacklisting" the devil shoppers. The staff uses a quick interview of sorts to identify the different types, which they internally call:

* Barrys: High-income men who like action movies and cameras

* Jills: Suburban moms who want to help their families

* Buzzes: Male technology fans who want the latest high-tech gadgets

Other practices Best Buy has put into play include adding a 15 percent restocking fee and selling restocked items over the Internet as opposed to in stores.

But Best Buy is not alone. Some stores will go so far as to remove "bad" customers from their promotions mailing list or put them on long holds if they call stores with too many questions and no intent to buy. And stores like Express, KB Toys, the Sports Authority, Staples and Guess have all adopted a new technology called the Return Exchange to monitor customers' buying habits.

When a purchase is made, the device records the consumer's name, address, age and transaction details and sends it to The Return Exchange's database. The company says the device is meant to stop shoplifters and other fraud-doers, but it doesn't stop there. Each store inputs certain criteria, such as a high number of returns or a dollar amount on returns, after which a customer's return can be denied.

Said retail consultant King Rogers, retail stores lose some $16 billion a year because of fraud. "Consumers are going to find more stores with tighter, more restrictive return policies than they found last year. When you look at the economics of it, $16 billion a year in losses, they have to tighten up," he said.

... Already the Federal Trade Commission has been asked to investigate the legality of stores monitoring and denying customers' returns, and Sen. Charles Schumer (D-N.Y.) proposed legislation to require stores that do limit returns to warn shoppers of the practice.



There is a clear lack of something here. Perhaps because the strategy has noting to do with the stated intend of the suit?

http://linux.slashdot.org/article.pl?sid=07/01/18/2231200&from=rss

Judge Rules That IBM Did Not Destroy Evidence

Posted by Zonk on Thursday January 18, @06:26PM from the good-for-them dept. Caldera IBM The Courts Linux

UnknowingFool writes "From the latest in the SCO saga, Judge Wells ruled today that IBM did not destroy evidence as SCO claims. During discovery, SCO claims it found an IBM executive memo that ordered its programmers to delete source code, and so it filed a motion to prevent IBM from destroying more evidence. The actuality of the memo was less nefarious. An IBM executive wanted to ensure that the Linux developers were sandboxed from AIX/Dynix. So he ordered them to remove local copies of any AIX code from their workstations so that there would not be a hint of taint. The source code still existed in CVMC and was not touched. Since the source code was still in CMVC, Judge Wells ruled IBM did not destroy it. Incredulously, SCO's Mark James requested that IBM tell SCO how to obtain the information. IBM's Todd Shaughnessy responded that all during discovery (when IBM gave SCO a server with their CMVC database) SCO never once said that they were unable to find that information from CMVC. Judge Wells asked IBM to help SCO out in any way he could."

Thursday, January 18, 2007

...but, everything is politics. I wouldn't be able to call these idiots, idiots? We couldn't point out that the Emperor (see small print, micro-line two) has no clothes?

http://yro.slashdot.org/article.pl?sid=07/01/17/2030229&from=rss

Political Bloggers May Be Forced to Register

Posted by ScuttleMonkey on Wednesday January 17, @04:44PM from the papers-please dept. Censorship Politics

Thebes writes "Under Senate Bill S.1, political bloggers with a readership of over 500 who comment on policy matters or hope to incite 'grassroots' action amongst their readers would be forced to register with the Federal Government as lobbyists."



Perhaps this is why? Who wants to see Hillary Clinton rapping on Youtube?

http://www.bespacific.com/mt/archives/013634.html

January 17, 2007

Americans Increasingly Turn to Internet for Campaign Coverage

Pew Internet and American Life Project, rress release: "The number of Americans who cited the internet as their primary source of campaign news in 2006 doubled since the last mid-term election. Twice as many Americans used the internet as their primary source of news about the 2006 campaign compared with the most recent mid-term election in 2002. Some 15% of all American adults say the internet was the place where they got most of their campaign news during the election, up from 7% in the mid-term election of 2002." Election 2006 Online, January 17, 2007



What in the world caused them to do this? What significant benefit do they gain?

http://www.bespacific.com/mt/archives/013631.html

January 17, 2007

Oversight of Domestic Surveillance Program Shifts to Secret Court

In a letter today to Senators Leahy and Specter, Chair and Ranking Member, Senate Judiciary Committee, Attorney General Gonzales stated, "...a Judge of the Federal Intelligence Surveillance Court (FISA)issued orders authorizing the Government to target for collection international communications into or out of the United States where there is a probable cause to believe that one of the communicants is a member or agent of al Qaeda or an associated terrorist organization. As a result of these orders, any electronic surveillance that was occurring as part of the Terrorist Surveillance Program will now be conducted subject to the approval of the Foreign Intelligence Surveillance Court."

Related documents and information:



If a map is not the territory, a security plan – no matter how good – is no good until it is implemented. (all in all, a pretty good press release.)

http://home.businesswire.com/portal/site/google/index.jsp?ndmViewId=news_view&newsId=20070117005971&newsLang=en

January 17, 2007 03:22 PM Eastern Time

The TJX Companies, Inc. Victimized by Computer Systems Intrusion; Provides Information to Help Protect Customers

FRAMINGHAM, Mass.--(BUSINESS WIRE)--The TJX Companies, Inc. (NYSE:TJX) today announced that it has suffered an unauthorized intrusion into its computer systems that process and store information related to customer transactions. While TJX has specifically identified some customer information that has been stolen from its systems, the full extent of the theft and affected customers is not yet known. This intrusion involves the portion of TJX’s computer network that handles credit card, debit card, check, and merchandise return transactions for customers of its T.J. Maxx, Marshalls, HomeGoods and A.J. Wright stores in the U.S. and Puerto Rico, and its Winners and HomeSense stores in Canada, and may involve customers of its T.K. Maxx stores in the U.K. and Ireland.

... With the help of leading computer security experts, TJX has significantly strengthened the security of its computer systems. While no computer security can completely guarantee the safety of data, these experts have confirmed that the containment plan adopted by TJX is appropriate to prevent future intrusions and to protect the safety of credit card, debit card and other customer transactions in its stores.

... Actions Taken By TJX

* Upon discovery of the intrusion in mid-December, 2006, TJX immediately notified and began working closely with law enforcement authorities, including the United States Department of Justice and Secret Service and the Royal Canadian Mounted Police. The Company has coordinated its actions with these authorities and provided all assistance requested to seek to identify the criminals responsible for this incident. TJX maintained the confidentiality of this intrusion as requested by law enforcement.

* The Company immediately engaged General Dynamics Corporation and IBM Corporation, two leading computer security and incident response firms. TJX has been working aggressively with these firms to monitor and evaluate the intrusion, assess possible data compromise, and seek to identify affected information. These firms have assisted TJX in further securing its computer systems and implementing security upgrades.

* TJX promptly notified and began working closely with the major credit card companies (American Express, Discover, MasterCard and VISA) and entities that process our customers' transactions. The Company has been providing them information including all requested credit and debit card information.

Information About the Intrusion

Through its investigation, TJX has learned the following with respect to the intrusion:

... * To date, TJX has been able to specifically identify a limited number of credit card and debit card holders whose information was removed from its system and is providing this information to the credit card companies. In addition, TJX has been able to specifically identify a relatively small number of customer names with related drivers' license numbers that were also removed from its system, and TJX is contacting these individuals directly.



You don't suppose this is related to the previous story?

http://www.telegram.com/apps/pbcs.dll/article?AID=/20070117/NEWS/701170343/1002/BUSINESS

Jan 17, 2007

Debit cards canceled after security breach

Fitchburg Savings Bank replaces cards after warning from Visa USA

By Andi Esposito Business Editor aesposito@telegram.com

FITCHBURG— About 1,300 debit-ATM cards issued by Fitchburg Savings Bank were deactivated yesterday after the bank was told by Visa USA that a “large-scale data compromise” may have included its check cards.

... Mr. Connors said he was aware of at least one other financial institution in Worcester County with far more cards affected by the security breach. A broader problem was confirmed by the Massachusetts Bankers Association yesterday.

It appears that Visa has notified a number of banks in Massachusetts that a large-scale retailer has had a problem with some of its customer data,” [Bingo! Bob] said Bruce E. Spitzer, an MBA spokesman. “Quite a few banks are replacing cards or notifying customers to be extra vigilant in monitoring their accounts. If a card needs to be reissued, the bank will do it.”

Another source indicated that the breach may be broader than Visa cards.

... Visa is not required to report card security breaches to the state, said Mr. Cotney.

Visa is also not required to reveal the source of the breach to financial institutions.



Meanwhile, a bit farther east...

http://www.thisislondon.co.uk/news/article-23382060-details/Patients'%20details%20stolen%20in%20hospital%20computer%20theft/article.do

London, Wednesday 17.01.07

Patients' details stolen in hospital computer theft

17.01.07

Computers containing patients' details have been stolen from a disused hospital site, health officials have said.

About 30 new computers [...that apparently came preloaded with patient data? Bob] were taken from a storeroom at the now-closed Lymington Infirmary in Lymington, Hants, earlier this month.

... The PCT spokeswoman explained: "Following the theft our technical experts have been reviewing what was stored on, and moved from, each computer's hard drive.

"There were no complete medical records on the stolen machines. Our policy is that no information about individuals should be stored on the hard drives of computers. In order to ensure this was the case we had asked staff to remove any information from hard drives in September 2006 and given them written guidance about how to do this. This exercise was then repeated in December 2006.



...and this one out west. Why was the data still there?

http://www.signonsandiego.com/news/northcounty/20070117-9999-1mi17rincon.html

Customer data stolen from water district

By Linda Lou UNION-TRIBUNE STAFF WRITER January 17, 2007

ESCONDIDO – The credit-card numbers of about 500 customers in the Rincon del Diablo Municipal Water District were stolen yesterday in an early-morning break-in, officials said.

Thieves smashed a glass wall at the district's offices on North Iris Lane and stole two computers, one from the customer services department and the other from engineering, said Darlene Lynn, interim general manager.

Customers' names and credit-card numbers were contained in software on the customer services computer, but their Social Security numbers and birth dates were not on either computer, Lynn said. She said the number of stolen credit-card numbers could increase because officials are still determining the extent of information that was taken.

... To increase security, the district is working with a software provider to encrypt data [“We should be done in ten or twelve years...” Bob] on its computers and is planning to install fences around its building, according to a statement issued by the district yesterday.



...and one down south...

http://www.tcpalm.com/tcp/local_news/article/0,2545,TCP_16736_5286223,00.html

PSL attorney's sensitive documents found in Jensen Beach Dumpster

By GABRIEL MARGASAK gabriel.margasak@scripps.com Posted at 7:37 p.m. January 17, 2007

JENSEN BEACH — Deputies on Wednesday were investigating how a Port St. Lucie attorney's case files — with social security numbers, medical records and other personal information — ended up in a dumpster outside a Jensen Beach mechanic's shop.

The four boxes of private paperwork from Ronald M. Rowars were found Monday in the private dumpster of Hunter Marine Diesel in the 900 block of Northeast Industrial Boulevard.

Federal law states that businesses, including lawyers, must properly dispose of consumer reports such as credit history and medical records. Such sensitive documents fall under the Disposal Rule of the Fair and Accurate Credit Transactions Act of 2003, according to the FTC.

Rowars, who was in good standing with the Florida Bar Association, did not immediately return calls for comment Wednesday.



...and one... Where the hell is Iowa?

http://www.ketv.com/newsarchive/10775394/detail.html

Pile Of Sensitive Paperwork Found Outside Bluffs Cafe

Insured Man Worries About Identity Thief

POSTED: 2:43 pm CST January 17, 2007 UPDATED: 3:10 pm CST January 17, 2007

COUNCIL BLUFFS, Iowa -- A mound of discarded personal information was found dumped outside a Council Bluffs cafe this week, apparently the result of a cleaning crew's work inside an old insurance office.

Diane Bauer, of the Main Street Cafe, said when she found the pile of documents, the paper trail was evident. The documents had come from a filing cabinet abandoned outside the cafe in Council Bluffs.

"I told him, 'Put it inside our building, beings it had pertinent information pertaining to people we even know,'" Bauer said.

Bauer said she saw Social Security numbers, bank statements and title information. She said she took one look and knew they'd come from the insurance agency next door that had just shut down.

The piles Bauer found outside her business weren't the only documents left for anyone to find. A Dumpster full of files was nearby and more files were strewn up and down the alley.

"You wouldn't think she'd just abandon her office and go on her merry way and leave all this information behind," Bauer said of the insurance agent.

Bauer reached the agency's previous owner, who told Bauer that a cleaning crew disposed of the files.

... The Iowa Attorney General's Office and the state's insurance department said there are no laws governing how an insurance agency should dispose of old files, only a strong recommendation to shred personal information.



Mom. Dad, I want a Big Brother...”

http://yro.slashdot.org/article.pl?sid=07/01/18/0239226&from=rss

MySpace to Offer Spyware for Parents

Posted by samzenpus on Thursday January 18, @12:36AM from the think-of-the-children dept. The Internet Privacy

mrspin writes "Following continuing pressure from politicians (and parts of the media), MySpace is planning to offer parents the chance to download software which will monitor aspects of their children's activities on the social networking site. From a business point of view, the move appears to be a highly risky one. The young users of social networking sites are notorious for their lack of loyalty — and history suggests that a change like this could tempt many to abandon MySpace for the 'next cool thing'."



Will Calif still want to deport him?

http://news.com.com/2100-1014_3-6150997.html?part=rss&tag=2547-1_3-0-5&subj=news

HP investigator argues California can't try him

By Greg Sandoval Story last modified Wed Jan 17 18:03:16 PST 2007

An investigator charged with felonies connected to the Hewlett-Packard spying scandal told a judge Wednesday that he's immune from prosecution in California because he's already pleaded guilty to the same crimes in federal court.

Bryan Wagner is charged in California with four felonies, including identity theft and conspiracy.

... Wagner's attorney announced that he would file a motion to dismiss California's charges against Wagner, citing the state's double jeopardy laws, Barankin said.



http://www.govtech.net/magazine/story.php?id=103329

Reports on Online Identity Theft Trends

January 16, 2007 News Release

McAfee, Inc. announced the availability of a white paper titled "Identity Theft" highlighting global identity theft trends, including a dramatic increase in online and computer-based identity theft.

http://www.mcafee.com/us/local_content/white_papers/wp_id_theft_en.pdf



Is “Never mind!” really a legal term? (“We had to do it, thousands of people from New Jersey were moving in...”)

http://www.law.com/jsp/article.jsp?id=1168941736750

Pa. Court Withdraws Holding on Internet Viewing of Child Porn

Asher Hawkins The Legal Intelligencer January 17, 2007

The Superior Court of Pennsylvania has withdrawn its recent first-impression holding that merely to look at child pornography on the Internet -- without intentionally saving or downloading any images viewed -- does not amount to "knowing possession" of child pornography as proscribed under state law. The court also granted a prosecution request for an en banc re-argument.

Anthony Diodoro had admitted viewing several hundred photographs depicting child pornography after intentionally visiting specific Web sites for that purpose, according to Judge Richard B. Klein's November opinion.

However, the prosecution in Commonwealth v. Diodoro was never able to put forward any evidence that the defendant had intentionally downloaded or saved those images to his hard drive, or been aware that the images were being automatically added to his Internet browser's cache, Klein had reasoned.

"We note that it is well within the power of the Legislature to criminalize the act of viewing child pornography on a Web site without saving the image," Klein had written. "The language used in [the relevant statute], however, is simply 'possession.' Because this is a penal statute with an ambiguous term when it comes to computer technology, it must be construed strictly and in favor of the defendant.

"A defendant must have fair notice that his conduct is criminal. Because of the ambiguity, sufficient notice was not provided here. For this reason, we are constrained to reverse [Delaware County Common Pleas Judge Joseph P. Cronin Jr.] and leave it to the Legislature to clarify the language if it intends to make the mere 'viewing' of child pornography a crime."

Section 6312(d) of the Crimes and Offenses Code prohibits possession or control of any type of media -- including computer images -- that depict children under the age of 18 engaging in sexual acts.

Klein had been joined in his opinion by Judge John L. Musmanno and Senior Judge Patrick R. Tamilia.

But in an order filed recently, the Superior Court officially withdrew Klein's opinion and granted the Delaware County District Attorney's Office's petition for en banc re-argument.

Delaware County Assistant District Attorney Michelle Hutton has been handling the matter on appeal.

District Attorney G. Michael Green did not immediately respond to a call seeking comment.

In a statement, Green argued that physically manipulating a computer for the purposes of viewing child pornography is clearly outlawed under Section 6312's provisions.

Green's statement also noted that the Superior Court's next en banc session is not expected to take place until this September.

Diodoro's attorney in the matter, Media, Pa., solo practitioner Mark Much, did not immediately respond late Friday to a call seeking comment.



Another case that will never reach the Supremes... Where was the video camera when we needed it?

http://www.chicagotribune.com/news/local/chicago/chi-0701130195jan13,0,3172070.story

2 cleared in hot-tub case sue neighbors

January 13, 2007

COOK COUNTY -- A Cook County sheriff's lieutenant and her boyfriend filed a defamation lawsuit Friday against sheriff's officials and neighbors who accused them of having sex in a back-yard hot tub in 2005.

Lt. Kelly Mrozek of Lockport and her boyfriend, Mark Sumner of Orland Park, were found not guilty of public indecency in September.

... In reaching her verdict, Viola said "common sense tells you those acts occurred." But the judge said prosecutors had failed to prove that Mrozek's back yard was a "public place" where the couple should have expected to be seen.



Think of it as a scorecard! “Collect 'em all! In five years, no high school student will recognize any of these names...”

http://www.bespacific.com/mt/archives/013617.html

January 16, 2007

Guide to Presidential Contenders 2008

The Wall Street Journal's chart, Circling the Oval Office, available free, and updated as new candidates announce their intentions: "a look at who's in the race, who's out and who's somewhere in the middle for 2008."




We can, therefore we must! (If you are born poor, you must stay poor – it's the American way!) Even India is breaking down the caste system...

http://www.pogowasright.org/article.php?story=20070117165037651

The spread of the credit check as civil rights issue

Wednesday, January 17 2007 @ 04:50 PM CST - Contributed by: PrivacyNews - Workplace Privacy

Lisa Bailey worked for five months at Harvard University as a temp entering donations into a database. When the university made the job a salaried position, Ms. Bailey, who is black, saw a chance to lift herself out of dead-end jobs.

Bailey's superiors encouraged her to apply, she says, but turned her down after discovering her bad credit history.

Bailey, with her lawyer, has lodged a complaint against Harvard charging racial discrimination. The reason: Studies show that minorities are more likely to have bad credit, but credit problems have not been shown to negatively affect job performance.

Some privacy and minority advocates are now seeing credit as a civil rights issue as minorities start to fight employers and insurers who base decisions on credit histories. Their effort could slow the near doubling in credit checks by employers in the past decade, which impacts millions of Americans who are struggling with debt.

http://www.csmonitor.com/2007/0118/p01s03-ussc.html



This works particularly well if you are cute. (What, not politically correct?)

http://education.zdnet.com/index.php?p=776

January 17, 2007

Law students move towards online video resumes

Education Technology Higher Ed Careers

An enterprising entrepreneur has taken a good idea and made it better. David Schnurman, a recent law school graduate from New York Law School, has springboarded from interviewing prominent entrepreneurs on television to helping law students post their interviews on the W, reports Law.com

Schnurman is founder of "TrueNYC," a public access cable television program on the Manhattan Neighborhood Network that features interviews with prominent entrepreneurs. Taking the interviewing concept one step further, Schnurman is now helping law students create video resumes.

"The whole process of looking for a job is a daunting task," Schnurman says.

Searching for that first job fresh out of law school, job-seekers face a very competive market. It's difficult to pull away from the pack of applicants. That's where a professionally made video resume can come in handy.

Schnurman approached New York Law School's administration and they decided to beta-test his concept. Ten students signed up immediately.

Schnurman is going to use YouTube for mass distribution of the resumes and hopes to convince law schools in New York, New Jersey and Connecticut to incorporate this project into their career development offerings.

"I see more tools like what I'm doing," he says. "The younger lawyers are more in tune with how to use the Internet."



Important for those of us with “always on” Internet connections

http://it.slashdot.org/article.pl?sid=07/01/17/2338201&from=rss

Six Rootkit Detectors To Protect Your PC

Posted by samzenpus on Wednesday January 17, @10:05PM from the rate-them dept. Security Software

An anonymous reader writes "InformationWeek has a review of 6 rootkit detectors.This issue became big last year when Sony released some music CDs which came with a rootkit that silently burrowed into PCs. This review looks at how you can block rootkits and protect your machine using F-Secure Backlight, IceSword, RKDetector, RootkitBuster, RootkitRevealer, and Rookit Unhooker."