“The full extent of our lack of knowledge has yet to be determined...”
http://www.pogowasright.org/article.php?story=20080411061619133
ME: Possible information 'breach’ exposes student files
Friday, April 11 2008 @ 06:16 AM EDT Contributed by: PrivacyNews News Section: Breaches
Due to what Information Technology (IT) is calling a "possible breach," confidential information was accessible to anyone with a Bowdoin username and password for an unknown length of time. [Translation: Access was limited to “everybody” Bob] The data included student Social Security numbers, insurance information, lists of students on medical and disciplinary leave, internal health center contracts and employee reviews, yearly budgets, and e-mails.
A folder containing the private files of Caitlin Gutheil, the former student health program administrator who departed Bowdoin last month for another job, was discovered unsecured on the College's "Microwave" server. The Orient became aware on Wednesday that private student data was exposed after receiving a tip. The editors immediately notified IT, which professed no prior knowledge of the breach. The folder was no longer accessible as of Thursday night.
Source - The Bowdoin Orient Related - Information breach (editorial)
[From the article:
The files included every enrolled student's insurance company, policy number, and policy holder—often a parent.
... "We have no reason at this time to believe that any of the information was actually accessed, transferred to, or used by anyone off campus," Davis wrote in the e-mail. [Translation: “We don't know what happened.” Bob]
Related. Update to the story involving Rep. Joe Barton. Remember: “The situation looks darkest just before it goes entirely black.”
http://www.washingtonpost.com/wp-dyn/content/article/2008/04/09/AR2008040903680.html
Stolen NIH Laptop Held Social Security Numbers
By Rick Weiss and Ellen Nakashima Washington Post Staff Writers Thursday, April 10, 2008; Page A05
Social Security numbers for more than 1,200 participants in a National Institutes of Health study were stored on a stolen laptop containing their medical records, putting those patients at risk of identity theft, agency officials said yesterday.
NIH officials had initially assured the more than 3,000 patients whose records were on the laptop that the computer's contents -- unencrypted, in violation of federal policy -- did not contain any information that could put their identity or finances at risk.
But an ongoing review of the computer's last-known contents, [relying on a review of backups means anything since the last backup (or anything not specified for backup) is unknowable. Bob] performed on data backed up from the laptop before it was stolen, has found a file that, unbeknownst to the lead researcher, had been loaded onto the laptop by a research associate.
That file included Social Security numbers for at least 1,281 of the 3,078 patients enrolled in the multi-year study, which is sponsored by the NIH's National Heart, Lung and Blood Institute (NHLBI).
If security is not an issue, you don't need to know where your data resides and you have no reason to plan a response to an incident.
http://www.pogowasright.org/article.php?story=20080411063109705
(follow-up) Georgia Patients’ Records Exposed on Web for Weeks
Friday, April 11 2008 @ 06:31 AM EDT Contributed by: PrivacyNews News Section: Breaches
A company hired by the State of Georgia to administer health benefits for low-income patients is sending letters to notify tens of thousands of residents that their private records were exposed on the Internet for nearly seven weeks before the error was caught and corrected, a company spokeswoman said on Thursday.
The records of as many as 71,000 adults and children enrolled in the Medicaid or PeachCare for Kids programs were inadvertently posted on Feb. 12, said Amy Knapp, a spokeswoman for the company, WellCare Health Plans Inc., whose headquarters are in Tampa, Fla.
The company learned [Translation: Someone outside the company told them. Otherwise the wording would read, “The company discovered...” Bob] on March 28 that the information was publicly accessible, Ms. Knapp said, and it took five more days to remove all the data, [Translation: “We didn't think it was important enough to just cut the internet connection.” Bob] which included names, Social Security numbers, birth dates, Medicaid or PeachCare for Kids numbers, and dates of eligibility for insurance programs.
Source - Tuscaloosa News
Are you smarter than the combined resources of the Government-who-hate-the-USA club?
http://it.slashdot.org/article.pl?sid=08/04/10/2235215&from=rss
Inside the Secret War Against Internet Spies
Posted by Soulskill on Thursday April 10, @07:07PM from the war-on-malware dept.
ahess247 brings us a lengthy BusinessWeek story on the increasing amount of attacks against the US government's online presence as well as its contacts in the private sector. Hackers are gaining a greater awareness of where valuable data might reside, and that awareness is leading to more precise, more sophisticated attacks. Quoting:
"The U.S. government, and its sprawl of defense contractors, have been the victims of an unprecedented rash of similar cyber attacks over the last two years, say current and former U.S. government officials. 'It's espionage on a massive scale,' says Paul B. Kurtz, a former high-ranking national security official. Government agencies reported 12,986 cyber security incidents to the U.S. Homeland Security Dept. last fiscal year, triple the number from two years earlier. Incursions on the military's networks were up 55% last year, says Lieutenant General Charles E. Croom, head of the Pentagon's Joint Task Force for Global Network Operations. Private targets like Booz Allen are just as vulnerable and pose just as much potential security risk. 'They have our information on their networks. They're building our weapon systems. You wouldn't want that in enemy hands,' Croom says. Cyber attackers 'are not denying, disrupting, or destroying operations--yet. But that doesn't mean they don't have the capability.'"
Will the government give me a cell phone so I can be alerted too? All terrorists have cell phones, so they will get the alert. Or maybe the government will require proof that I am not a terrorist before alerting me? Fortunately none of these questions will impact the strategy: sell more cell phones.
http://www.technewsworld.com/rsstory/62537.html
National Mobile Alert System Gets Legs, Head Still Missing [and therefore the brain... Bob]
By Chris Maxcer TechNewsWorld 04/10/08 11:26 AM PT
The Federal Communications Commission on Wednesday laid the groundwork for a national mobile alert system that would send participating citizens text messages on their cell phones in the event of a national or local emergency.
New technologies require new or amended procedures. If your strategy is revenue these make sense, if not, this is attempted murder.
http://techdirt.com/articles/20080410/011257809.shtml
Cities Caught Illegally Tampering With Traffic Lights To Increase Revenue Of Red Light Cameras
from the this-again? dept
Just last month there was the latest in a rather long line of reports noting that red light cameras tend to increase the number of accidents because people slam on their brakes to stop in time, leading to rear-ending accidents. Time and time again studies have shown that if cities really wanted to make traffic crossings safer there's a very simple way to do so: increase the length of the yellow light and make sure there's a pause before the cross traffic light turns green (this is done in some places, but not in many others). Tragically, it looks like some cities are doing the opposite! Jeff Nolan points out that six US cities have been caught decreasing the length of the yellow light below the legal limits in an effort to catch more drivers running red lights and increasing revenue. This is especially disgusting. These cities are actively putting more people in danger of serious injury or death solely for the sake of raising revenue -- while claiming all along that it's for safety purposes. Is it any surprise that one of the six cities is Dallas? Remember, just last month Dallas decided it wasn't going to install any more red light cameras because fewer tickets had hurt city revenue.
The technique one firm describes for “anonymizing” personal identification is worthless... But then, how would they deliver a “personalized ad” to you if they don't know who you are?
http://www.pogowasright.org/article.php?story=20080410174206856
American ISPs already sharing data with outside ad firms
Thursday, April 10 2008 @ 05:47 PM EDT Contributed by: PrivacyNews News Section: Businesses & Privacy
Multiple American ISPs are sharing customer data with outside firms that deal in so-called behavioral ad targeting, and according to one of these firms, the Silicon Valley-based NebuAd, roughly 10 per cent of all US web surfers are affected.
These ad companies, which also include the Sonora, California-based Front Porch, won't say which ISPs have adopted their services. But two internet service providers, the Georgia-based Knology and the Sprint-spin-off Embarq, admit to using such platforms on a test basis, and according to multiple users who've posted their stories to Broadband Reports, NebuAd is tracking data on Wide Open West, an ISP serving the Chicago area.
Source - The Register
Ah for the good old days...
http://news.bbc.co.uk/2/hi/technology/7340315.stm
Computer viruses hit one million
The number of viruses, worms and trojans in circulation has topped the one million mark.
The new high for malicious programs was revealed by security firm Symantec in the latest edition of its bi-annual Internet Security Threat Report.
The vast majority of these programs have been created in the last twelve months, said Symantec.
Related. More depressing statistics.
Top botnets control 1M hijacked computers
SecureWorks survey estimates the top 11 botnets are capable of flooding the Internet with more than 100 billion spam messages every day
By Gregg Keizer, Computerworld April 10, 2008
... Joe Stewart, director of malware research at SecureWorks, presented his survey at the RSA Conference, which opened Monday in San Francisco. The survey ranked the top 11 botnets that send spam; by extrapolating their size, Stewart estimated the bots on his list control just over a million machines and are capable of flooding the Internet with more than 100 billion spam messages every day.
Perhaps MLB's lawyers are on steroids? In a few years it won't matter, since baseball is a dying sport.
http://techdirt.com/articles/20080409/175754805.shtml
Why Should Newspapers Agree To MLB's Rules On How They Can Report On Baseball Online?
from the no-need-to-compromise dept
Back in February, we noted that Major League Baseball (MLB) was following the NFL down the extremely slippery slope of putting in place restrictions concerning how reporters could report on baseball online. This included things like only very short video clips could be posted online, no more than 7 photos, and all non-text content had to be removed in 72-hours. If that all sounds like preventing reporters from doing their job, you'd be correct. As I suggested at the time, the answer should be for newspapers to simply ignore the rules and if MLB pulls their press passes to buy their reporters tickets to the games (rather than using press passes) or see how the teams feel without press coverage. While it appears that newspapers certainly were upset about these restrictions, rather than doing anything serious about it, they've apparently negotiated a "compromise." [Because being non-confrontational is more important than ethics... Bob] The compromise allows newspapers to now host more video and audio content than the original restrictions, but everything still needs to be removed within 72-hours unless there's a special exemption.
This is, of course, absolutely ridiculous. While it's perfectly legal (reporters don't need to get press passes, so the team can restrict them), it sets a tremendously bad precedent that journalists are allowing any outside control over how they can report on a game. This is all stemming from MLB's incorrect belief that it "owns" everything having to do with Major League Baseball -- and then wanting to artificially limit it so it can sell it to fans. Note that we're not just talking about actual game data here -- but interviews with the players that are conducted by the journalists. [If MLB asserts that they own these interviews, that means neither the players nor the news organization have an ownership interest, right? Bob] There's simply no legitimate reason why newspapers should allow MLB to dictate what it can do with that content or how it can report on it. All that this will do is serve to limit the kind of innovative reporting and community building that the MLB should be encouraging. It's a top down approach by an organization who thinks that only it can decide how people get access to news and info about the game. But it's going to stop newspapers from putting in place their own, perhaps more useful, services for fans, and that will only serve to limit the fanbase. It's upsetting that MLB would even try to do this and it's a travesty that newspapers acquiesced, even to the supposed "compromise" solution. It's opening the door to the MLB telling them what they can report on and any newspaper person should know better.
I suspect this could also be useful in record retention (with an eye for e-discovery) with only minor additions..
http://www.bespacific.com/mt/archives/018072.html
April 10, 2008
PREMIS Data Dictionary for Preservation Metadata, version 2.0
News release: "Together with its supportging documentation, the PREMIS Data Dictionary provides a comprehensive, practical resource for implementing preservation metadata in digital archiving systems. Preservation metadata is defined as information that preservation repositories need to know to support digital materials over the long term. This document is a revision of Data Dictionary for Preservation Metadata: Final report of the PREMIS Working Group, issued in May 2005. The PREMIS Data Dictionary is a specification that emphasizes metadata that may be implemented in a wide range of repositories, supported by guidelines for creation, management and use, and oriented toward automated workflows. It is technically neutral in that no assumptions are made about preservation technologies, strategies, syntaxes, or metadata storage and management."
Related? Could this also be an e-discovery tool?
http://www.economist.com/displaystory.cfm?story_id=11002939
Start making sense
Apr 9th 2008 From Economist.com
Big and small companies are getting into the business of building an intelligent web of linked data
... The idea is that any website can send a jumble of text and code through Calais and receive back a list of “entities” that the system has extracted—mostly people, places and companies—and, even more importantly, their relationships. It will, for instance, be able recognise a pharmaceutical company's name and, on its own initiative, cross-reference that against data on clinical trials for new drugs that are held in government databases. Alternatively, it can chew up a thousand blogs and expose trends that not even the bloggers themselves were aware of.
These will be useful in my Statistics class...
http://science.slashdot.org/article.pl?sid=08/04/10/2055222&from=rss
Psychologists Don't Know Math
Posted by Zonk on Thursday April 10, @05:32PM from the one-plus-one-equals-your-mother dept. Math Medicine The Almighty Buck
stupefaction writes
"The New York Times reports that an economist has exposed a mathematical fallacy at the heart of the experimental backing for the psychological theory of cognitive dissonance. The mistake is the same one that mathematicians both amateur and professional have made over the Monty Hall problem. From the article: "Like Monty Hall's choice of which door to open to reveal a goat, the monkey's choice of red over blue discloses information that changes the odds." The reporter John Tierney invites readers to comment on the goats-and-car paradox as well as on three other probabilistic brain-teasers."
No comments:
Post a Comment