Wednesday, January 16, 2008

Sound familiar? We may have another TJX! (Think of TJX as a “proof of concept” attack and now the crime group is selling attacks to order... May be related to cyber-espionage – see the article below.)

http://www.pogowasright.org/article.php?story=2008011513095682

"Major Retailer's" Data Breach Results In Wave Of Credit Card Fraud?

Tuesday, January 15 2008 @ 01:09 PM EST Contributed by: PrivacyNews News Section: Breaches

Anecdotal evidence suggests that a recently reported data breach by an undisclosed "major retailer" has resulted in a jump in consumers having their debit cards forcibly reissued, or calls from their bank to verify their recent purchase history. The problems seem to have started just around Christmas time and have continued into mid-January. [Starting right before Christmas may be strategic – Retailers want the Christmas business and therefore won't raise flags that could impact sales. Bob]

The thefts cut across all types of credit cards, but one of the common threads is that the cards are being used to purchase physical products in-store. This is a contrast to the big credit card reissue last year when stolen debit cards were being used to make fraudulent ATM withdrawals. Which retailer? Who's behind it? Nobody knows and we won't find out for some time, not until the cops catch the robbers. Until then, here's all the people on our site talking about the recent seeming surge of fraudulent activity..

Source - The Consumerist (blog)



There is always a cost to a data spill...

http://www.infoworld.com/article/08/01/14/Nashville-laptop-theft-may-cost-1-million-dollars_1.html

Nashville laptop theft may cost $1 million

With Social Security numbers at risk, county officials offer registered voters in Tennessee county a year of free identity theft protection at the cost $10 per account

By Robert McMillan, IDG News Service January 14, 2008

... County election officials began notifying residents of the breach on Jan. 2, and the local government is offering victims one year of free identity theft protection from Debix Identity Protection Network.

Debix says that 25 to 35 percent of victims of this type of breach typically request this service. With the city paying Debix just under $10 per account, the price tag for the laptop theft is expected to be in the $1 million range.

... "It is a very bad information-handling practice to keep sensitive information about individuals including their Social Security numbers on an unencrypted laptop or any other device that is removable," said Paul Stephens director of policy and advocacy with Privacy Rights Clearinghouse, a privacy advocacy group that has tracked the exposure of 217 million records in the United States over the past three years.



Associations like this will tend to implement “least common denominator” levels of security. (Why would members pay for more security here than on their own systems?)

http://www.pogowasright.org/article.php?story=20080115141952356

DMAChoice.org web site exposure of personal information

Tuesday, January 15 2008 @ 05:00 PM EST Contributed by: PrivacyNews News Section: Breaches

In response to a blog entry on Chronicles of Dissent discussing concerns about the Direct Marketing Association's method for opting out of mailing lists, a reader reported that the DMA's site was exposing users' personal details. A ccording to details subsequently provided, after registering at DMAChoice.org, the user logged in to his account. Once logged in, it was a simple matter to simply change the customerid that showed in the url to see other consumers' full names, addresses, email addresses, and passwords. The passwords were exposed in clear text.

According to the consumer, there were about 30,000 consumers' details in the database.

The site was taken offline shortly after they received his email alerting them to the problem. It is now back online using a different authentication system, but the consumer notes that the password cookie is still displaying/storing the password in clear text. [Apparently, they didn't read the entire email... Bob]

Attempts to get a statement from DMA have been unsuccessful, and it is not clear whether their other opt-out web pages/databases also suffered from the same vulnerability or if anyone attempted to access others' data via any of their databases. DMA did not respond to a separate email inquiry last week as to whether they store or purge the credit card number they require for identification verification.

Should they provide a statement or response, this post will be updated.

Thanks to Forrest for alerting me to this breach and for the additional detail he provided.



You knew this, right?

http://www.infoworld.com/article/08/01/15/Cyber-espionage-moves-into-B2B_1.html?source=rss&url=http://www.infoworld.com/article/08/01/15/Cyber-espionage-moves-into-B2B_1.html

Cyber-espionage moves into B2B

The SANS Institute says that cyber-espionage has spilled from governments into the private sector and that it will expand in international business in 2008

By Matt Hines January 15, 2008

... While the United States and Chinese governments, most notably, have accused each other in recent years of carrying out surreptitious hacking campaigns aimed at stealing strategic information from their respective IT systems -- and many security experts believe that both countries, and many others, are actively engaging in such electronic warfare -- leaders with SANS maintain that the practice has recently begun to spill over into the private sector with greater frequency.

According to the training institute's latest research, cyber-espionage efforts funded by "well-resourced organizations" -- including both government-backed and private efforts -- will expand significantly during 2008, in particular as overseas companies look to gain an upper hand in negotiating business deals with large companies based in the U.S. and Europe.

... SANS reported that the attack of choice in many cases of cyber-espionage is a targeted spear phishing campaign that attempts to dupe workers into opening tainted attachments made to appear as if they come from people they work with.



Pass this to your IT Department. (Good for AT&T!)

http://hardware.slashdot.org/article.pl?sid=08/01/15/2054248&from=rss

AT&T To Replace 17,000 Batteries

Posted by kdawson on Tuesday January 15, @05:05PM from the fire-to-the-node dept. Power Communications

An anonymous reader writes "After four fires in two years — see earlier Slashdot discussions for background — AT&T is going against its own independent lab findings and declaring that the Avestor batteries powering its U-verse network aren't safe and need to be replaced. This is the network that SBC was building out prior to acquiring AT&T. Following the latest broadband equipment cabinet explosion in Wisconsin, the carrier says it will swap out 17,000 batteries deployed in several states across its network."



Is “go to hell” a direction?

http://www.news.com/Is-GPS-liability-next/2010-1033_3-6226346.html?part=rss&tag=2547-1_3-0-5&subj=news

Is GPS liability next?

By Eric J. Sinrod Story last modified Wed Jan 16 04:00:03 PST 2008

An automobile driver recently was held responsible for crashing a rental car into a train after following global positioning system instructions that put his rental car onto the train tracks.

This raises the specter of automobile drivers pointing the liability finger at GPS providers and filing lawsuits against such providers when GPS instructions are not accurate.

The facts of the particular rental car-train crash were reported at LoHud.com (a news outlet for New York's Lower Hudson Valley) on January 3.



I would expect Pirate Bay will put the document online and ask a few thousand users to help review it – piece of cake.

http://yro.slashdot.org/article.pl?sid=08/01/16/0133213&from=rss

Pirate Bay Gets a 4,000-Page Complaint

Posted by kdawson on Tuesday January 15, @10:27PM from the ianal-but-that's-a-lot dept. The Courts

I Don't Believe in Imaginary Property writes "Swedish prosecutors appear to be close to finally pressing charges against The Pirate Bay, having served them with 4,000 pages of legal papers. While this might appear bad, the administrators have already moved some of the servers out of the country, so Swedish prosecutors can't shut it down, even if they want to. Moreover, the people of Sweden are decidedly on their side, with the Pirate Party, which is sympathetic to TPB's cause, being one of the top ten political parties in the country. Still, this looks like a dirty trick on the part of the prosecutors — like they're dumping all of this on the defendants in the hope that they won't have enough time to sort through it and defend themselves. For comparison, the second-biggest murder case in Sweden required only 1,500 pages." [Yeah, but knives and guns are old technology that doesn't take much explaining to a jury. Bob]



Steve does it again. Close to what I think the ultimate business model will be: Access to any movie, in any format, on demand, for a nominal price.

http://www.wired.com/gadgets/mac/news/2008/01/macworld_keynote

Apple Reinvents Film Biz With iTunes Movie Rentals

By Eliot Van Buskirk Email 01.15.08 | 3:30 PM

The new iTunes movie rentals service, announced Tuesday by Apple CEO Steve Jobs during his Macworld Expo keynote, is powered by deals with all the major film studios and stands to reinvent the way people rent and watch movies, analysts say.

"They really nailed it," Jupiter Research Vice President and Research Director Michael Gartenberg said of Apple's move into movie rentals. "This is going to be extremely disruptive, doing for movies what the iTunes music store did for music."

The new service will let anyone with iTunes or an iPod rent DVD-quality movies with stereo sound for $3 ($4 for new releases). HD movies with 5.1-channel sound cost a dollar more. The "completely reinvented" Apple TV -- sporting an upgraded user interface at a lower price -- allows viewers to place orders from their couches. Unlike Amazon Unbox, which doesn't allow movies to play until they are totally downloaded (generally taking a matter of hours), Apple's new service allows movies to begin just seconds after an order is placed.



Technology in Education. (Probably more fun than building a baking soda volcano.)

http://science.slashdot.org/article.pl?sid=08/01/16/034230&from=rss

High School Sophomores Discover Asteroid

Posted by kdawson on Wednesday January 16, @05:34AM from the october-sky dept.

Several readers sent us the story of three high school sophomores in Racine, Wisconsin who were just notified that a celestial body they had discovered during a science project has been verified as an asteroid. The students at Racine's Prairie School will be given the opportunity to name the asteroid in about four years. They used a telescope in New Mexico, belonging to a college in Michigan, that they controlled over the Net.



Increasingly common, but takes some mining...

http://www.bespacific.com/mt/archives/017165.html

January 15, 2008

UC eScholarship Repository exceeds 5 million full-text downloads

Press release: "The University of California announced this week that its widely used eScholarship Repository has surpassed the 5 million mark for full-text downloads of its open access scholarly content. This major milestone reflects the impressive adoption and usage rate the repository has enjoyed since its inception in 2002, with University of California academic units and departments from its 10 campuses publishing or depositing more than 20,000 papers and works."

No comments: