I wonder what the contract says about incidents like this?
Cat computer equipment stolen
Vendor-owned equipment contained personal employee data
Saturday, April 28, 2007
PEORIA - Caterpillar Inc. said Friday that computer equipment containing personal identity information about current and former employees was stolen from a vendor.
... "We deeply regret that this incident occurred," said Sid Banwart, vice president over Caterpillar's Human Services Division. "We are putting in place an enhanced level of protection for this type of personal data, [Isn't that the same as admitting they didn't get it right the first time? Bob] as part of our commitment to ensure the security of information that is entrusted to us. We take data privacy seriously, and we are committed to implementing additional safeguards regarding the handling of employee information by our vendors." [Ditto Bob]
Cost of security breach...
New York Settles First Security Breach Case
Company Delayed in Notifying 540,000 New Yorkers their Data Was Missing
April 27, 2007
New York Attorney General Andrew M. Cuomo has reached the first settlement under New York's Information Security Breach and Notification Law.
CS STARS LLC, a Chicago-based claims management company, failed to notify the owner of computerized data and approximately 540,000 New York consumers that their personal information was at risk for seven weeks.
... Under New York's Information Security Breach and Notification Law, any business which maintains private information which it does not own must notify the owner of the data of any security breach “immediately following discovery” of the breach and must notify all affected consumers in the “most expedient time possible.”
... The company also agreed to implement more extensive practices relating to the security of private information. CS STARS will pay the Attorney General’s office $60,000 for costs related to this investigation. [A dime a record? That's it? Bob]
Summary too long to list here. Sad, isn't it.
Data “Dysprotection:” Weekend Roundup
Friday April 27th 2007, 5:04 pm
Filed under: Privacy, Identity Theft, Data Protection, Medical Privacy
A recap of some of the breaches and follow-ups reported in the news section this week. This roundup may be updated over the weekend.
April 26, 2007
74 Percent of Security Executives Concerned About Impact of Payment Card Data Loss
LONDON --(Business Wire)-- Qualys, Inc., the leading provider of on demand security risk and compliance management solutions, today announced that 74 percent of European senior security executives see the impact of payment card loss on brand reputation as their biggest concern. In addition, the majority of European professionals -- over 90 percent -- are already preparing for deperimeterization.
... Results highlight key differences between security preconceptions of U.S. executives as compared to their European counterparts.
"The fact that the majority see the effect of data loss on brand reputation as their biggest concern not only demonstrates the awareness built by incidents such as the TJ Maxx data breach but clearly also reflects on the changing role of CSOs today. No longer are security professionals pure technologists. They are now taking on more responsibility on a corporate level and realize that security needs to be moved higher up the business agenda," said Philippe Courtot, CEO and chairman of Qualys, who opened the Jericho Conference earlier this week with a call to action for vendors to support Jericho by rising to the challenge of designing to the Jericho Blueprint.
... Over 50 percent of executives on both sides of the Atlantic see compliance as the biggest driver in their security strategy.
Other key findings from the survey show:
-- 69 percent of European executives believe that insider threats pose more serious problem than threats from outside the organization. Considering 80 percent of security budget is spent on strengthening the perimeter, this suggests a real need to shift the focus.
-- Europe is more reliant on ISO 17799 with over 82 percent of professionals using it within their company and 15 percent of these already certified.
-- In relation to security metrics, Europe was somewhat behind with 39 percent currently defining their metrics and only 29 percent with mature metrics in place.
Is there money in Privacy? Looks like an emerging field.
Eight Privacy Firms to Watch
April 27, 2007 (Computerworld) A handful of brave souls have bet the farm that North American companies have a lot of privacy work left to do and not enough staff to do it. So far, their hunches are paying off. But prospective entrepreneurs, take heed: The privacy market is still new and evolving, with little predictability.
Just seven years ago, there wasn't even a privacy market to speak of. The ink on most privacy laws wasn't dry yet, fewer than 50 people worldwide bore the title "chief privacy officer," and the International Association of Privacy Professionals didn't exist.
The people speak! (What are they actually saying?)
Clamp on access to personal documents doomed
5:00AM Friday April 27, 2007 By Paula Oliver
The Government appears headed for an embarrassing defeat over its proposal to tightly restrict access to birth, death and marriage certificates.
An outcry from historians, genealogists and researchers [Am I a researcher if I'm looking for ways to steal your identity? Bob] has prompted several of Parliament's smaller parties to revisit their stances on the Government's Births, Deaths, Marriages and Relationships Amendment Bill.
... "People are going to find that they're going to have some considerable difficulty getting access [Technically, that is referred to as “the point” Bob] to data," Mr Dunne said.
Google to buy TSA?
Denied Entrance Into The US Thanks To A Google Search Of Your Permanent Record
from the think-of-all-those-myspace-kids-who-will-never-be-able-to-travel dept
For a long time, people have talked about how Google has effectively created the infamous "permanent record" teachers always warned us about in school. And, now, it appears that it's not just being used for background checks on dates and job reference checks, but for official government purposes as well. Joe McEnaney writes in to alert us to a story of a Canadian man who was denied entrance to the US after border guards did a Google search on his name and discovered a peer-reviewed academic paper he'd written years earlier that mentioned his own LSD use over 30 years ago. Setting aside any thoughts one way or the other on whether or not that should be a criteria for entering the US, just think of what this means for teens today who are discussing their lives very publicly on sites like MySpace. We've already wondered what will happen once the MySpace generation runs for office, but right now they might just want to be careful leaving and entering the country.
We only passed that stupid law to bring lobbyists (with large expense accounts) to the state...
High-Tech Execs Meet With Lawmakers Over Web Search Keyword Law
By The Associated Press 04-27-2007
A Utah law that sets up a trademark registry aimed at restricting rival advertisers on the Internet likely won't be enforced when it takes effect Monday, lawmakers said after meeting with high-tech executives.
... The Legislature unanimously approved the Trademark Protection Act in February despite warnings from state lawyers that it could be overturned in court.
We don't base our Security choices on effectiveness, nor on efficiency! (Don't think of it as a bribe, think of it as a discount!)
And The Gold Medal For Stupidity Goes To...
from the greedathlon dept
We've discussed before the asinine level of special protection Olympic organizers regularly demand for their trademarks and even plenty of common words, as well as event sponsors. However, organizers of the 2012 summer games in London have set the bar for stupidity even higher by apparently decreeing that it will only use security technology provided by paid sponsors. Even with the ridiculously high level of concern over security at these events, organizers won't choose the best solutions, just those provided by companies that have paid to sponsor the games. This means that, apparently, matters of identity management and authentication will be left up to Visa. Yes, that's the Visa that's a credit-card company for which data leaks, identity protection and authentication are in no way a problem. While we're handing out medals for stupidity, let's go ahead and give the silver to the site on which the original article appears for its annoying registration scheme. Visit the page once, and everything's cool. Visit it again, and you get hit with a demand to register, which seems like a really, really great way to encourage new visitors to the site to read more keep coming back.
Economics close to home.
Colorado's Tech Industry Loses Some Luster
April 27, 2007 By Deborah Perelman
Colorado, once considered among the most promising hubs for technology companies, took a big employment and market share hit in recent years, finds the Cyberstates 2007 report, released on April 24.
After holding first place in tech concentration for nine years, Colorado fell to third place, according to the report by AeA, a Washington D.C., high-tech industry trade association. Colorado was surpassed by Virginia, where 8.9 percent of the work force is in the tech industry compared to 8.6 percent in Colorado.
... In addition, Colorado's venture capital investments were down 5 percent in 2006 to $622 million.
... "What's really strong for Colorado right now, and will be even if Intel sells, is that they're increasing their R&D and design work," Wright said. "There's a lot of good universities in-state, and they want access to these people. They're very high-level jobs. If you're an engineer or in the R&D segment, you're very employable in Colorado."
[Report is $125/250, at http://www.aeanet.org/PressRoom/prjj_cs2007_US1.asp Bob]
Again, the comments are as interesting as the article. Would you hire this kid? Should Cisco?
Student Attempting To Improve School Security Suspended
Posted by Zonk on Friday April 27, @05:13PM from the no-good-deed-goes-unpunished dept. Education Security IT
TA_TA_BOX writes "The University of Portland has handed a one-year suspension to an engineering major after he designed a program to bypass the Cisco Clean Access (CCA). According to the University of Portland's Vice President of Information Systems, the purpose of the CCA is to evaluate whether the computers are compliant with current security policies (i.e., anti-virus software, Windows Updates and Patches, etc.). Essentially the student wrote a program that could fool the CCA to think that the computers operating system and anti-virus were fully patched and up to date. 'In the design of his computer program, Maass looked at the functions CCA provides and identified vulnerabilities where it could be bypassed. He wrote a program that emulated the same functions as CCA and eliminated some security issues. He says that the method he chose is "one of six that I came up with." Maass says his intent was not malicious. Rather, the sophomore says he was examining vulnerabilities so that they could be fixed. "I was planning on going to Cisco with the vulnerability this summer," Maass says. '"
Perhaps we could start “The Political Chanel” -- selling ads should be a snap! (“You want a share of the pork, don't you?”)
NBC Believes They Own Political Discourse
Posted by Zonk on Saturday April 28, @03:25AM from the they-the-people dept. Television The Internet The Media Politics
PoliSciASU writes "MSNBC has established draconian rules regarding the use of the Presidential Primary Debates on the internet. Some examples: '5. No excerpts may be aired after 8:30 pm on Saturday, May 26th. Excerpts may not be archived. Any further use of excerpts is by express permission of MSNBC only. 6. All debate excerpts must be taped directly from MSNBC's cablecast or obtained directly from MSNBC and may not be obtained from other sources, such as satellite or other forms of transmission. No portions of the live event not aired by MSNBC may be used.' Kevin Bondelli talks about why this is 'shameful and wrong'. Voters are missing out on the ability to actually have an engaged conversation about the candidates and their debate performances because of NBC's greed."
Another tool for the virtual company.
Amazon To Offer Storage And Shipping On Demand
from the click-and-mortar dept
In the past year or so, Amazon has made a big push to position itself as a leading purveyor of web services, with the idea being that all of the computing infrastructure it has built up for its own needs can be rented out over the web to third parties. The recent brouhaha with Alexaholic notwithstanding, this strategy has done a lot to help disabuse people of the notion that the company is just a lumbering, "web 1.0" dinosaur, whose business model is not all that different from the brick-and-mortar retailers that it's sought to displace. Today, the New York Times has an interesting story about a new service from the company that will allow a third-party retailer (such as companies that sell through eBay) to use Amazon's physical distribution infrastructure to fulfill orders. Before, this was only open to retailers which sold their goods through Amazon, but now it can be used by people that sell on any site. Basically, the third party will ship their goods to Amazon, to be stored in Amazon's warehouse. At that point, Amazon will take care of storage, packaging, managing deliveries and handling returns. Although this will be an added cost to those retailers (because they will have to pay to ship the good to Amazon), Amazon hopes it will save them money by removing a lot of other headaches from the order fulfillment process. The thinking behind the service is basically the same as with its web services: the company has built up this big infrastructure for its own needs, so why not rent it out to anyone? Still, despite all of the hype about its burgeoning services business, it remains a small part of the overall picture for the company. The company recently reported excellent earnings, but all of that was from its traditional business. And while the company has been early to market with some of its computing-on-demand products, you have to assume that similar offerings are on the way from Microsoft and Google, which are investing heavily in massive data power plants. In a way, it's order fulfillment service might have brighter products, if only because none of its obvious competitors have built up a similar infrastructure.
Strategy is as strategy does?
Telcos' Biggest Marketing Strategy: Inertia
from the just-keep-paying-us dept
A new study says that half of the US households that moved in the fourth quarter of 2006 dropped their landline service. A quarter of them went wireless-only, 13% switched to cable operators, while 6% chose another type of VoIP provider. The trend away from landlines has been visible for a while, but it's interesting to note how moving accelerates it -- making it appear that many people hang on to their landline just because they already have it, rather than because they really want or need it. For many people, landline service isn't something they want or need, and moving appears to act as a prompt to make them consider that. The stat also helps explain why telcos do so many things they do, like hamstring VoIP providers with patent suits, resist naked DSL, and sell bundles geared towards forcing people to buy landline service they don't want.
Geek stuff (Toys for my web site class)
Over 300 Gorgeous Icons (they're free, licensed under creative commons)
Handy for anyone who wants to add some pretty icons to an app or website