Another server hack. Are they sure it was only one?
De: Theft of credit card data affects tens of thousands of Kartenhaus customers
The Hamburg ticket sales office Kartenhaus informed its customers on Thursday that still unidentified culprits had stolen credit card numbers and billing addresses. Some 66,000 customers who purchased tickets with a credit card from the Kartenhaus.de website between October 24, 2006 and September 30, 2007 were affected. The only exceptions were credit card purchases of tickets to sporting events featuring Hertha BSC, HSV Handball, and Eisbären Berlin.
The parent company, Ticketmaster, advised customers to "check your credit card bills as soon as possible to identify any irregularities or abuse".
Source - Heise
Probably Osama, checking to see that his name was spelled correctly.
UK: Laptop theft sparks ID fears
Hundreds of people have been placed at risk of identity theft after a laptop computer containing personal and financial details was stolen from a car, it was revealed today.
HM Customs and Revenue is investigating the incident after an employee's laptop was stolen from the boot of a car.
The computer contained sensitive financial details of at least 400 people which had been passed to the HMRC by several financial institutions as part of an audit.
Source - Manchester Evening News
Anyone believe this? Clearly, we would have access to the data sent to/from US banks and I doubt most allies would refuse to share. What does that leave unexamined?
SWIFT puts EU data beyond the immediate reach of the US
The supervisory board of SWIFT has approved the plans for the restructuring of the systems architecture of the financial messaging network the outlines of which had been known for some time. The core of the realignment is the creation of a global data processing center in Switzerland. To this will be added a command-and-control center in Hong Kong. The first step toward the realization of the project that has now been approved by the supervisory board will involve the expansion of the central news platform of SWIFT, in an attempt to aid the setting up of several processing zones.
By engaging in the restructuring effort that is scheduled to be completed by the end of 2009 the financial messaging network based in Belgium is trying to accomplish a score of targets aimed at satisfying the desires of customers. Thus by preventing immediate access by US authorities to international transfer data -- as is currently the case via the network's computing center in the United States -- data privacy concerns are to be dispelled. In addition SWIFT hopes that the new message architecture will boost the processing capacity of the system, improve reliability, lower information transfer costs and, into the bargain, open up new business opportunities in general.
Source - Heise
For your web masters...
The top 10 reasons Web sites get hacked
Experts say the people who actually build Web applications aren't paying much attention to security; a non-profit group is trying to solve that
By Jon Brodkin, Network World October 05, 2007
Ditto Cheap & Effective! (They'll probably fire the guy who thought of it!)
Getting Away Cheap After a Hack
DATE: 05-OCT-2007 By Lisa Vaas
A simple backup plan saved the California ARB from being shut down following a hack of the ca.gov domain.
... California was caught off-guard when the federal GSA (General Services Administration), which manages all ".gov" domains, moved to knock the ca.gov domain offline in an attempt to deal with a hacker having rigged redirects to porn pages onto the site for a Marin County transportation agency.
... Specifically, the ARB has a back-up site hosted on a separate domain. It's a simple static page on a free domain, not a mirrored site, that can be preloaded with instructions for employees or visitors on how to communicate outside of their usual domain.
The cost of security?
Financial institutions spending on security, governance
Deloitte & Touche's annual survey has found that 98 percent of financial institutions are putting more emphasis -- and money -- on IT security and governance
By Ellen Messmer, Network World October 05, 2007
... While 38 percent of the organizations surveyed did not measure their security budget on a per capita basis, of those that did, 7 percent said they spend more than $1,000 per person, 7 percent between $501 an $1,000 per person, 14 percent between $251 and $500, 23 percent between $100 and $250, and 11 percent under $100.
"Alice laughed: "There's no use trying," she said; "one can't believe impossible things."
"I daresay you haven't had much practice," said the Queen. "When I was younger, I always did it for half an hour a day. Why, sometimes I've believed as many as six impossible things before breakfast."
Alice in Wonderland.
Kim Jong Il: I'm an Internet expert
Fri Oct 5, 8:35 AM ET
SEOUL, South Korea - North Korean leader Kim Jong Il called himself an "Internet expert" during summit talks with South Korea's president this week, a news report said Friday.
You know, there are firms that specialize in payroll...
Los Angeles School District ERP Snarls Teacher Pay
By Renee Boucher Ferguson October 5, 2007
Thousands of LAUSD employees are overpaid, underpaid or going unpaid because of a faulty ERP system.
Enormous cost overruns associated with botched enterprise resource planning implementations are the stuff of legend in IT circles.
Now there's a new debacle to add to the list. Nine months after the Los Angeles Unified School District launched the SAP HR and Payroll modules—as part of a larger ERP rollout dubbed Business Tools for Schools, or BTS—tens of thousands of LAUSD employees at 700 schools have either gone unpaid or been overpaid or underpaid.
A new source of RIAA lawsuits?
If You Play Your Radio Loud Enough For Your Neighbor To Hear, Is It Copyright Infringement?
from the maybe-so dept
In the past, we've wondered about the business logic of various music performance societies suing restaurants and bars for playing a music without a license. However, we never denied that it was well within their legal rights to go after these places for not getting a license for performance rights. It just didn't seem very smart from the business side of things. Still, it's not hard to go from the question of whether or not restaurants should pay for performance rights when playing music to rather ridiculous situations. Take, for example, the case that reader El Nege points us to in the UK, where a car repair firm is being sued because its mechanics listened to their personal radios too loud.
It's not difficult at all to figure out what's going on here. The mechanics working out in the garage have radios playing while they work, and there's plenty of noise in the garage, so they're likely to turn those radios up. Customers in the enclosed area next to the garage are certainly likely to hear that music... but is it really a public performance? The Performing Rights Society in the UK certainly thinks so, which is why they're suing. The repair firm, Kwik-Fit, has a pretty weak response, saying that it's banned personal radios for ten years. Instead, it should be fighting back on the idea that this is a public performance in any way. Otherwise, you get into all sorts of trouble. If you have the windows open in your home and are listening to your legally owned music (or your TV!) and your neighbor can hear it, is that a public performance? What if you live in an apartment building with thin walls? What about when you're driving with the radio on and the windows open? What if you're in your cubicle and the folks in the cubicles around you can hear the music? At which point do we realize how silly this becomes? It's difficult to see how, with a straight face, anyone in the music industry can claim that any of these situations represents harm done to them.
But if you don't hold the data, you can't mine it! (nor can you have those nifty data spills like TJX!)
Retailers Fighting To No Longer Store Credit Data
Posted by Zonk on Friday October 05, @03:25PM from the just-going-to-get-stolen-anyway dept.
Technical Writing Geek writes with the news that the retail industry is getting mighty fed up over credit card company policies requiring them to store payment data. The National Retail Federation (NRF) has gone to bat for store owners, asking the credit industry to change their policies. The frustration stems from payment card industry (PCI) standards and new security measures going into place across the retail experience. Retailers are now trying to point out that many of the elements of the standard would not be a requirement if they didn't have to store so much payment data. "Even if the NRF's demands were immediately met, it would take several years before retailers could purge their systems and applications of credit card data, he said. Over the years, retailers have collected and stored credit card data in myriad systems and places -- including relatively old legacy environments -- and they are just now realizing the data can be a challenge, he said. Purging it can be a bigger headache because the data is often inextricably linked to and used by a variety of customer and marketing applications; simply removing it could cause huge disruptions."
So much for the reliability of DNA evidence...
Stem Cells Change Man's DNA
Posted by Zonk on Friday October 05, @05:21PM from the oh-man-science-is-weird dept.
An anonymous reader writes "After receiving umbilical cord stem cells to replace bone marrow as treatment for non-Hodgkin's lymphoma, Greg Graves temporarily had three different sets of DNA. Eventually, one of the two sets of cells transplanted into his bone marrow took root, leaving him different DNA in his blood from the rest of his body: 'If you were to do a DNA test of my blood and one from my skin, they'd be different,' Graves said. 'It's a pretty wild thing.'"
Minn. Court: Warrant Needed for Blood Tests in Drunk Driving Cases
The Minnesota Court of Appeals decided this week that police should have gotten a warrant before ordering a blood test from a suspected drunken driver in Dakota County, a ruling that could add extra steps for police going after intoxicated motorists.
The court said police need more than evidence of alcohol consumption to test blood without a warrant or consent of the driver. The decision, supported by two of the three judges who heard the case, upholds a lower court ruling that threw out a blood-alcohol test for Janet Shriner.
Source - Insurance Journal
There is a trailer
Surveillance Shot of Hollywood Filmmaker Sparks Movie about Spycams
By Kim Zetter EmailSeptember 25, 2007 | 7:40:52 PM
Here's how to make your own movie...
Security Bites Podcast: Hacking via security cameras
By CNET News.com Staff Published: October 5, 2007 11:28 AM PDT
This week, CNET's Robert Vamosi talks with Adrian Pastor, a London-based security researcher who has demonstrated how to hack into a corporate network using a surveillance camera.
Security cameras are everywhere. Popping up on city street corners. Certainly they're on most major corporate campuses. And we've all seen films where the bad guys fool the sleepy, overworked security guard by playing a static image on a security monitor while thieves break into the safety deposit boxes.
But how practical is that? Recently a few security researchers have said it's pretty easy--if the camera streams its images over an IP address. In a paper titled "Owning Big Brother" (PDF), Pastor shows how code entered through an ordinary Web browser, a cross-site scripting attack, can manipulate or even replace the streaming video content with something else. [Attention lawyers! Make your own evidence! Bob]
Pastor says hackers can use the camera as a stepping stone to attack the corporate or government network operating behind the camera.
Here's a movie suggestion...
Videos of Madrid prostitutes and clients put on YouTube
A Spanish neighbourhood watch association hopes that the video-sharing website YouTube can help clean up their streets of the prostitution that they say the local government has done nothing to curb.
... Hetaria, an association that defends the rights of prostitutes in Spain, has denounced the residents' actions for breaching the prostitutes' right to privacy. The Spanish Data Protection Agency has announced that it is investigating whether the recording of these videos breaks any privacy laws, especially now that the videos are available on the web. Residents could find themselves facing fines of up to €600,000 (£415,000).
Source - Guardian
If this is legal...
BookMooch.com - International Book Exchange
BookMooch is a book exchange site that, as you’ll find out when you pay them a visit, has got some really charming graphic work going on. The procedure is simple. Basically, if you’ve got a book or books you no longer want, you can list them on the site and give them away as you get requests. For every book you give away, you’ll receive one point which entitles you to get any book from any BookMooch member. BookMooch is totally free (you have to pay postage of course) and it’s international which means you’ll have a world of books to choose from. Sending a book abroad entitles you to three points, while it only costs the moocher 2 points to get it. If you’re so inclined, BookMooch lets you donate your points to charities, libraries, and African literacy programs among others. Keep a wishlist to be notified when a book you want becomes available.
...shouldn't this be too?
Zipidee.com - The Digital Marketplace
You’ve got eBay et. al for the selling and buying of boats, shoes, cocktail dresses, old hardware parts, anything really that you can get your hands on. Zipidee wants to be the eBay of digital goods. These are intangible bits, for the most part, that reside in the circuitry of your gadgets—things like mp3’s, e-books, wallpapers, ringtones and audio guides. With Zipidee merchants can create their own virtual stores to sell and list their wares for sale on Zipidee itself or through its widgets. Merch can be rented and sold via downloads or even streams. Prices are set by the seller and sales can be tracked with the analytics dashboard. Zipidee also offers its own DRM which sellers can use to protect their products. For their services, Zipidee will apply a dollar listing fee and they’ll take a small cut of the profits.
How to get arrested at the airport...
T-shirt shows off Wi-Fi muscle
ThinkGeek is selling a T-shirt with a built-in, battery-powered Wi-Fi signal detector that lights up like a cell phone signal strength indicator when it detects a nearby network
By Stephen Lawson, IDG News Service October 05, 2007