Just as it is possible to limit who can access a file, it is possible to limit access to other resources, for example servers on the Internet. Because they didn't bother to do that, the employee(s) who process the applications also had access to the server.
http://www.pogowasright.org/article.php?story=20080412084943733
Interbank FX security breach leaves some customers files unsecured -- for 9 months
Saturday, April 12 2008 @ 08:49 AM EDT Contributed by: PrivacyNews News Section: Breaches
Through their lawyers, Interbank FX [pdf] has notified the NH DOJ of a security breach.
According to their notification letter sent to those affected, a file dated April 2, 2007 which contained personal information of those who had applied for an Interbank FX account prior to that date was uploaded to a computer server accessible via the internet. The file was uploaded on or about April 2, 2007. [and no one noticed for almost a year? Bob] Personal information in the file may have included SSN, driver's license, passport information, and might also include the individuals' Interbank FX account information.
The files remained outside of the firewall [Clearly access to these servers should be very tightly controlled... Bob] until the problem was detected on March 28, 2008. Within hours of that discovery, all files containing sensitive personal infomlation were removed from the server and secured.
Interbank FX reports that "We also terminated the employee's access to all personal information in Interbank FX's files." [suggesting that the employee should not have had that access in the first place? Bob]
The total number of affected customers was not included in the notification to NH, but 16 NH residents were affected.
The company offered free credit monitoring, insurance coverage in the event of ID theft, and offered to reimburse customers for the price of putting a freeze on their credit file.
1) Organized crime or terrorists building false Ids? 2) method allows long term access 3) specific targets 4) Atlanta – New York begs the question, “where else is this going on?”
http://www.pogowasright.org/article.php?story=20080412162053716
(update) Man Charged in ID Theft at NY Hospital
Saturday, April 12 2008 @ 04:20 PM EDT Contributed by: PrivacyNews News Section: Breaches
A man who worked in the admissions department at a prestigious Manhattan hospital has been charged with stealing and selling information on nearly 50,000 patients.
Dwight McPherson, 38, a former worker at New York-Presbyterian Hospital/Weill Cornell Medical Center, was arrested Friday night, shortly after the hospital announced the security breach.
[...] Prosecutors said McPherson exploited his access to the hospital's computer registration system to acquire lists of patient names, phone numbers and Social Security numbers over a two-year period.
Authorities became aware that something was amiss when printouts of patient records were discovered in Atlanta during an investigation by postal inspectors, according to a complaint filed by prosecutors Saturday.
Source - AP
Comment: Curiously, those who recruited McPherson specifically wanted information on male patients born between 1950 and 1970.
[From the article:
Hospital spokeswoman Myrna Manners said Friday evening... ...that the hospital was unaware of any instance where the information had been used to scam individual patients. [Interesting choice of words. Bob]
I wondered if anyone had noticed... (Not the first time I've been impressed by this Commissioner
http://www.pogowasright.org/article.php?story=20080413081630176
Ca: Letter to the Minister of Public Safety and Emergency Preparedness Canada
Sunday, April 13 2008 @ 08:16 AM EDT Contributed by: PrivacyNews News Section: Non-U.S. News
The Privacy Commissioner of Canada, Jennifer Stoddart, sent the following letter to the Minister of Public Safety and Emergency Preparedness Canada, regarding her concern about remarks made by the U.S. Secretary of Homeland Security suggesting fingerprints are not “personal data”.
[...]
I am writing to express my concern about remarks U.S. Secretary of Homeland Security Michael Chertoff made yesterday while in Ottawa, suggesting fingerprints are not “personal data”.
As you know, Canadian privacy legislation defines fingerprints as personal information. In Canada, we have traditionally taken a more restrained approach to the collection of fingerprints, largely restricted to cases were individuals are charged with or convicted of certain criminal behaviour.
In contrast, the U.S. has increasingly relied upon the collection of biometric data, including fingerprints, from a broad range of individuals for border control purposes and in order to identify and track suspected terrorists. Fingerprints constitute extremely personal information for which there is clearly a high expectation of privacy. Canadian courts have held that, absent lawful authority, compelling persons to provide fingerprints may violate their rights under the Charter of Rights and Freedoms.
No one doubts the need to strengthen information-sharing among nations. We all share a common goal of ensuring our national security. However, as Privacy Commissioner, I strongly urge the Government of Canada to ensure that the privacy rights of individuals are respected and protected at all times.
Canadians rightly expect their government to respect their civil liberties and safeguard their personal information from abuse. The challenge lies in finding the balance between the protection of civil liberties and the need for national security.
As Privacy Commissioner, I certainly expect to be consulted if the Government of Canada is considering new programs to share biometric information – or any personal information – with foreign governments.
I expect your assurance that adequate oversight and control mechanisms are built into the collection, use and safeguarding of personal information that may be shared with other governments, and I expect the opportunity to review these mechanisms.
I know that our respective staffs have built a solid working relationship in matters of security and privacy, and expect that the concerns identified above will be addressed as programs are expanded or new programs are considered.
Source - Office of the Privacy Commissioner of Canada
Vindication! This appears to be exactly the model I proposed several years ago! Why allow a monopoly when you can encourage competition?
http://tech.slashdot.org/article.pl?sid=08/04/12/2354236&from=rss
Name For a Community-Owned Fiber Network?
Posted by kdawson on Saturday April 12, @10:06PM from the community-owned-first-mile-fiber-network dept. Networking
CleverMonkey writes
"I'm a town representative to a newly created municipal group creating a new type of telco. This group has formed to build and operate a FTTH network, and provide both triple-play services and access to other providers, to over 20 mostly rural towns in East-Central Vermont. The project is novel because of the size of the network (a cable pass down every road within 600 square miles), the low-density of the area served, and the public-ownership/private-financing model that is being used. Some of the towns included in this group currently have nothing beyond 14.4 dial-up on a good day. This project began as a grassroots effort in a couple of towns and the name they chose was ECFiber — East-Central Fiber — or sometimes the East-Central Vermont Community Network. We hope that this network will grow beyond one corner of this state, and we would like a name that is both descriptive and flexible. What would you name a community-owned, cutting-edge, G-PON fiber-optic network covering every remote corner of two-dozen contiguous towns?"
The lectures are that boring?
http://www.bespacific.com/mt/archives/018080.html
April 12, 2008
University of Chicago Law Removes Classroom Web Access
Jerry Crimmins, Chicago Daily Law Bulletin, April 10, 2008: " The University of Chicago Law School has removed Internet access in most of its classrooms because of a growing problem of students surfing the Web on laptops during lectures... Law students' use of laptops to surf the Web, read and write e-mail and play computer games during class has brought changes at a number of schools, including Harvard, Yale and Stanford."
Related? (Perhaps a new category: Schools is crazy?)
http://www.foxnews.com/story/0,2933,350988,00.html
Texas School Suspends Student for Answering Call in Class From Dad in Iraq
Saturday, April 12, 2008
Cove High School in Texas, where half the students have at least one parent deployed, justified the punishment against Brandon Hill by saying he had violated the no-cell-phone policy when he took the call from his father, who is serving in Iraq.
Is the underlying assumption that “kids is crooks?” Looks more like making sure every square inch of England is covered by Big Brothers watchful eye...
CCTV and fingerprinting could NOW be used in exam halls as schools launch crackdown on cribsheet cheats
By COLIN FERNANDEZ Last updated at 01:15am on 12th April 2008
Schools are considering introducing CCTV cameras and fingerprint checks to trap exam cheats.
... It also hopes to cut the number of claims from pupils that they were given the wrong instructions by invigilators.
... The association said gymnasiums - where most exams are held - are often the last part of schools to be fitted with closed-circuit TV cameras.
See? You can find anything on the Internet.
http://tech.slashdot.org/article.pl?sid=08/04/12/1712258&from=rss
Internet Community Catches a Car Thief
Posted by kdawson on Saturday April 12, @01:47PM from the crowdsourcing-justice dept.
COredneck sends us a NYTimes story (registration may be required) about an Internet community solving a crime in less than 48 hours. An auto dealer in Calgary lends a car for a test drive — a 1991 Nissan Skyline GT-R. The test driver and another person don't return the car. The dealer then files a police report, but also posts a message about the stolen car on Beyond.ca, an automotive fan board. Many people who read the board keep their eyes out and find the car. They also use Facebook to find the suspect and his high school; and they use Google Maps to pinpoint the thief's location. They film the collar and post the video on Beyond.ca. The dealer says, "This guy has worldwide recognition for being a car thief for the rest of his life. The Internet is not going away."
[From the article:
But his post set off a cyberworld dragnet — a process definitely not recommended by the police — in a case the arresting officer called “a bizarre file.”
... In a little more than 24 hours from the time of Mr. Ironside’s first post on the stolen Skyline, members of the forum had spotted the car and assembled a name, photo, home address and Facebook profile for the person seen behind the wheel of the Skyline.
What to do if Google doesn't make you giggle?
http://www.researchbuzz.org/wp/2008/04/12/custom-search-engines-in-a-variety-of-categories/
Custom Search Engines in a Variety of Categories
12th April 2008, 03:26 pm
... Search engine tool Topicle http://www.topicle.com/ currently has over 1100 user-made search engines to browse through. You may also make your own.
For my web site students
http://www.killerstartups.com/Video-Music-Photo/My-i-Sizecom---Easily-Resize-Your-Photos/
My-i-Size.com - Easily Resize Your Photos
This free online image resizer works within instants to give you crisp, clean and neatly resized photographs which aren’t distorted or oddly formatted.
For my web site students
http://www.killerstartups.com/Web-App-Tools/Pagealizercom---Webpage-Performance-Analytics/
Pagealizer.com - Webpage Performance Analytics
What good is knowing how many hits your web page receives if you have no idea what visitors do once they reach your site? Pagealizer is a webpage performance analytic service that provides you with useful information that goes much deeper than the number of visits your page receives. With Pagealizer, you can know how long each visitor spent on your page, how far people scrolled down the page, and which links, forms, and images receive the most clicks. You can also get average statistics and see helpful charts and graphs illustrating your site’s statistics. Using Pagealizer on your site is as simple as pasting a small JavaScript code on your page. Basic service is free,
Could this have any value for Criminal Justice students?
No comments:
Post a Comment