Utah makes Ohio look good!
Nevada governor accidentally posts Outlook password
Friday, July 20 2007 @ 03:45 PM CDT Contributed by: PrivacyNews News Section: Breaches
If you ever wanted to be Nevada's governor for a day, it doesn't seem to be that hard. In what could be a whopping security hole, Nevada has posted the password to the gubernatorial e-mail account on its official state Web site. It appears in a Microsoft Word file giving step-by-step instructions on how aides should send out the governor's weekly e-mail updates, which has, as a second file shows, 13,105 subscribers.
Source - C|net
Note: Declan notes in email that: The files have been deleted since my story went up, but, unfortunately for the governor's office, are still available on Google's cache: http://www.google.com/search?q=site%3Alistserv.nv.gov
You remember Ohio...
Ohio Inspector General releases report on state data theft; no referrals for criminal prosecution made
Friday, July 20 2007 @ 01:27 PM CDT Contributed by: PrivacyNews News Section: Breaches
An investigative report released this afternoon assigns "shared blame" for a series of decisions that led to the theft of a state computer device containing the personal information of more than 1 million Ohioans.
The report also revealed that the 22-year-old intern instructed to take the device home actually had two such devices in his car at the time, although only one was stolen.
Source - Toledo Blade
Related - State of Ohio OIG Report (pdf)
Do we have a data spill larger than TJX in the wings?
AU: Westpac scare snags cardholders
Friday, July 20 2007 @ 02:08 PM CDT Contributed by: PrivacyNews News Section: Breaches
THOUSANDS of credit card holders may find themselves in an embarrassing position the next time they go shopping.
Westpac confirmed yesterday it had cancelled thousands of Visa credit cards over the past week, due to a security scare. But a spokeswoman disputed a customer's claims the bank was leaving it up to cardholders to figure out whether they are affected, due to the sheer volume of cards involved.
Source - SMH
PogoWasRight.org Editor's note: wonder if this report could be linked to another story reported here yesterday out of upstate NY yesterday involving M&T Bank Visa
Fortunately Delaware is a tiny-tiny little state.
Computer data from Delaware courts stolen
Friday, July 20 2007 @ 01:25 PM CDT Contributed by: PrivacyNews News Section: Breaches
A computer hard drive containing personal information related to criminal cases in Superior Court, Family Court and the Court of Common Pleas has been stolen, Delaware’s judicial branch announced this morning.
The hard drive was in luggage stolen from an employee of Affiliated Computer Services Inc., which manages some of Delaware's information technology.
... More than 2,700 people will receive letters informing them that their personal information may have been contained on the stolen hard drive.
Source - Delaware Online
(update) SAIC: 900,000 health records possibly compromised
Friday, July 20 2007 @ 10:51 AM CDT Contributed by: PrivacyNews News Section: Breaches
The personal health care records of close to 900,000 troops, family members and other government employees stored on a private defense contractor’s nonsecure computer server were exposed to compromise, the company announced Friday.
... Although SAIC announced the data breach Friday, the company acknowledged it has known about the problems since May 29, when U.S. Air Forces Europe notified SAIC that it had detected “an unsecure transmission [The data wasn't encrypted! Bob] of personal information concerning uniformed service members and other individuals,” according to a SAIC press release.
However, SAIC had concerns about a potential problem even earlier. Two weeks before USAFE contacted the contractor, SAIC shut down the server “based on general concerns regarding the security of transmissions,” the press release said. SAIC confirmed that personal information had, in fact, been transmitted in a nonsecure manner and stored on an unsecured computer.
... Affected are service members and family members of the Army, Navy, Air Force, Marine Corps and the Department of Homeland Security. The breakdown includes 173,939 Army; 151,315 Air Force; 96,925 Navy; 26,171 Marine and 10,415 Coast Guard. All told, SAIC officials said, the breach involves data on 867,000 individuals.
Will Google follow? (Nope)
Ask.com To Launch AskEraser To Erase Search History & New Data Retention Policy
Jul. 19, 2007 at 5:36pm Eastern by Barry Schwartz
Ask.com announced that they will be launching "AskEraser" in the near future, a feature to allow you to erase your search history. Ask also said it will be implementing a new 18 month data retention policy, where searches will be disassociated from IP addresses or cookies that might possibly be used to link them back to searchers.
Tools & Techniques Yes Virginia, it is that easy! (You don't suppose this is what the FBI uses...)
Dirty e-Deeds Done Dirt Cheap
July 20, 2007 By Lisa Vaas
A security firm has uncovered an easy-to-use, affordable tool for making a variety of customized Trojans—from downloaders to password stealers—on sale at several online forums.
The tool, discovered by PandaLabs, is called Pinch, a tool that allows cybercriminals to specify what type of password they want their Trojans to steal—be it for e-mail or system tools.
Pinch also has encryption capabilities to ensure that nobody intercepts stolen data. [Something government contractors might consider... Bob] Pinch's interface also has a SPY tab that lets criminals turn Trojans into keyloggers. In addition, the tool can design Trojans that snap screenshots from infected computers, steal browser data and look for specific files on the target system.
... "Although it may look difficult to find Web pages where these tools are sold, it is not. All you have to do is search in browsers for forums where hacking services are rented or where Trojans are sold," said Luis Corrons, technical director for PandaLabs, in the release.
... Wondering whether purchasing malware at these prices can be profitable? PandaLabs ran a few calculations to find out. Say a cyber-crook were to purchase a Trojan for $500, a 1 million-address mailing list for about $100, a $20 encryption program, and a $500 spamming server. The total outlay would be $1,120.
Given a 10 percent success rate, which PandaLabs said is "really low," hackers could infect 100,000 people. If the criminals managed to steal bank details from 10 percent of infected systems, that means access to 10,000 bank accounts and funds therein.
"Just imagine the money a normal person could keep in the bank and multiply it by 10,000 to calculate the cybercrooks' profits," said the report.
... As for the custom Trojan maker, Pinch, other abilities include a feature called NET that lets attacks turn an infected computer into a proxy so that it can be used to perform malicious or criminal activities without leaving a trace. Trojans can also be turned into downloaders that download other executable files onto the compromised computer, PandaLabs said.
Pinch also has a BD tab that allows criminals to specify the ports that the Trojan will open on the infected computer, thus providing backdoors. A tab labeled ETC also allows the Trojans to be hidden through techniques including rootkits.
But one of the most dangerous features in Pinch can be found on the WORM tab, PandaLabs said. This allows users to add worm features to their Trojans, thus allowing the malware to replicate and spread via e-mail.
Other goodies Pinch can deliver: turning infected computers into zombie PCs; packing Trojans to make detection more difficult; and killing certain system processes, particularly those of security solutions.
Pinch also lets users define how stolen data will be sent: via SMTP, HTTP or by leaving stolen data in a file on the infected computer to retrieve it later through a port opened by the Trojan itself.
Pinch is powerful—scary powerful. But what's even more scary than its powerful features is that it's so easy to use.
Some speech isn't free. “Fire! Fire!”
Nearly Ten Percent of Companies Have Fired Bloggers, Survey Claims
By Ryan Singel EmailJuly 19, 2007 | 4:17:10 PM
Nearly ten percent of companies have fired an employee for violating corporate blogging or message board policies, and 19 percent have disciplined an employee for the same infractions, according to a new survey from Proofpoint, a messaging security company.
Get me a Patent Attorney! I would like to patent my process for protecting new processes so inventors can profit from them. Like a monopoly, but only for a few (hundred) years... Then I want to sue the lawyers who use that process.
Wish I Could Save Your Life, But That Kind Of Surgery Is Patented...
from the apparently,-it-will-never-stop dept
Patent madness keeps on growing as patent attorneys keep trying to convince people in all different professions that patents are an important strategy to "protect" their interests. It explains the ridiculous explosion in patents in areas that never would have bothered with patents in the past. That's why we see things like tax strategies being patented. Now, Marc has alerted us to an alarming rise in patents for surgery techniques, once again being pushed by patent attorneys. It seems that medical device companies were getting rich patenting their equipment and patent attorneys realized an even better route was to talk to surgeons themselves, convince them to patent any new kind of surgical technique and then sue any device maker who created devices for those types of surgeries. Never mind that lives may be at stake, there's more money to be made and the patent attorneys are thrilled.
Now get me a Copyright Lawyer! I've got a story (unpublished by copyrighted) about an evil client that wants his lawyers to sue even when there is no legal basis, and so I'm gonna sue anyone who writes stories like this one. Or any story about the RIAA... Or the MPAA... Or Major League baseball... Or...
Potter Publisher Says Selling Legally Obtained Copy Is Illegal
from the it's-magic-lawyer-speak-for-bullying dept
The hysteria over tonight's launch of the latest Harry Potter book has been covered to death in many places, but it still amazes us how ridiculous JK Rowling and her entourage are about the way they view intellectual property surrounding the books. Rowling has said she's against putting out an eBook because it would be pirated, even though that makes almost no sense. The book gets scanned and put online anyway, meaning anyone who finds it more convenient to read an electronic copy has to get an unauthorized copy rather than paying for a legitimate copy. And, of course, even booksellers are pointing out that they're unlikely to lose a single sale over scanned versions that are found online.
However, the Potter crew is still going nuts over the secrecy of the book, claiming intellectual property rights that they don't actually have. It's no secret that there's an extensive process that the publisher makes booksellers go through to avoid an "early" leak of the books, but what happens if a legitimate copy of the book actually does get out? That's what happened when an engineer received a copy of the book earlier this week when an online bookstore accidentally shipped it out early. He quickly (and smartly) put it up on eBay where the price shot up to $250... and then, JK Rowling's lawyer demanded eBay take the auction down as infringing on its rights. What rights? That's not clear. The book is legitimate. The sale to the guy was legitimate. The bookseller may have violated an embargo from the publisher, but that's between the bookseller and the publisher -- not the guy who ended up with the book. Once the book has gone out to the guy he has every right to sell it, and JK Rowling's lawyer was wrong for demanding it be taken down and eBay was wrong in agreeing to take it down. This is simply a case where they seem to be claiming copyright privileges that simply don't exist.
Of course there are other ways to misuse copyright law...
Prisoners Figure Copyright Abuse Is A Way To Get Out Of Jail
from the a-sign-of-the-times dept
Well, we've seen all kinds of companies abuse copyright law for a variety of purposes, and it seemed only a matter of time until outright criminals caught on as well. A group of inmates apparently copyrighted their names and then demanded millions of dollars from the prison they were in for using their names without permission. The claims were sent to the warden of the prison and when he didn't pay up, the prisoners were able to file claims against his property -- and then hired someone to seize the warden's property and freeze his bank accounts. At this point they then demanded to be released from prison before they would return the property. Instead, they were charged with extortion and "conspiring to impede the duties of federal prison officials." While the story is amusing, it does show how copyright law is being perceived these days. As intellectual property lawyers push more and more ridiculous positions concerning copyright law, people are beginning to realize that it can be used as a hammer for all kinds of ridiculous lawsuits that have absolutely nothing to do with creating incentives for the creation of new content.
On the other hand, some folks are getting the message...
CBS Aims to Spread Web Content
Broadcast Network Targets 400 Sites by Fall
By Linda Haugsted -- Multichannel News, 7/19/2007 3:59:00 PM
CBS television content will be available through 400 sites on the Internet by the fall, according to executives from the broadcast network's interactive division.
"CBS is al about open, nonexclusive partnerships," CBS Interactive president Quincy Smith said. "Just CBS.com is not the answer" to reaching viewers, he added, so the network is devoted to going out where the viewers are, not forcing them to CBS.com.
Those have already resulted in a huge lift in unique viewership to CBS.com -- from 21 million unique users per month in May to the current 134 million -- from people linking in from partners.
Each partner is displaying the content in a way that best suits its demographic, CBS executives said. For instance, Comcast's users are more affluent and highly educated than the norm for Web users, so that site will pick clips that speak to that audience.
So, they underpaid?
Journal Investment Group's Brad Greenspan Issues Open Letter to Dow Jones Shareholders Detailing Valuation Assumptions
Sometimes you have to use a two-by-four just to get their attention. Long (detailed) article well worth reading.
Real World Computing
I fought the law...
12th July 2007 [PC Pro]
Davey Winder reveals how he took on the government and won, and why incident disclosure is so important to your business...
Fortunately, this only happens with software..
Slot Machine with Bad Software Sends Players To Jail
Posted by Zonk on Friday July 20, @04:22PM from the can't-you-see-the-code dept. The Courts Programming Software The Almighty Buck
dcollins writes "Previous discussions here have turned into debates over who is liable for faulty software: the programmers, the publisher, etc. Yahoo has a new option: perhaps the users are criminally liable for using the software. From the AP: 'Prosecutors are considering criminal charges against casino gamblers who won big on a slot machine that had been installed with faulty software ... A decision on whether to bring criminal charges could come in a couple of weeks, said John Colin, chief deputy prosecutor for Harrison County. He said 'criminal intent' may be involved when people play a machine they know is faulty.' [Would that argument invalidate elections when voting machines were “suspect?” Bob] Would your average user be able to distinguish 'faulty software' from 'lucky'?"
...except when it doesn't.
Marketer copes with contest disaster
ROSWELL, [Them damned aliens again... Bob] N.M. (July 19, 2007) - A Georgia marketing company that mistakenly printed 50,000 winning scratch-off ads for a Roswell car dealer was there today trying to make good on the mess.
The ads promised a $1,000 grand prize, and 30,000 game ads were mailed before anyone realized they had all been printed as winners.
Google instructs the FCC on how to run its auction. (Hey, its cheaper than a lobbyist or a bribe...)
Google announces intent to bid on 700MHz spectrum auction, if...
By Eric Bangeman | Published: July 20, 2007 - 09:46AM CT
In a letter sent to the Federal Communications Commission today, Google CEO Eric Schmidt announced his company's intentions to enter the bidding for the 700MHz spectrum early next year—if Google's proposed auction rules are adopted. Earlier this month, a draft of Martin's proposed auction rules were released, rules which embraced some principles of open access, but left proponents of the principle wanting more.
Why would Google want to own the wireless spectrum you ask? (Can you say gPhone?)
Google invests in home cell-station vendor
The search giant participated in a $25 million round of venture funding for Ubiquisys, which makes femtocells -- small cellular base stations for homes and offices
By Stephen Lawson, IDG News Service July 20, 2007
Femtocells, an emerging technology for improving cellular coverage in homes and enterprises, have attracted the interest of none other than Google.
Maybe its time? I've been thinking about using only w3schools.com for my web site class, since I've been stealing... er... I mean, making fair use of all their stuff.
Professor Says Textbooks Are Too Expensive, Quits Using Them
Ron Hammond, Phd, professor at Utah Valley State College, has quit using textbooks in his classes. Why? They're too expensive. [...and they are obsolete by the time they are published. Bob]
Another good list...
100 Open Source Downloads
July 17, 2007 By Cynthia Harvey
All you have to do is find what you want.
Wed, 2005-07-06 08:47 — dcornwall
USA.gov Federal Podcasts listing - Official listing of federal podcasts by subject.