Sunday, April 20, 2008

Once upon a time, this strategy may have worked. In the pre-blog world, a story in the local paper stayed local. Today there is no local, so one wonders why a company doesn't bite the bullet and announce the total extent of the damage in one “swell foop.” (Perhaps they have not read 'The Prince?”)

http://www.pogowasright.org/article.php?story=20080419095610235

Student data compromised (Sungard update)

Saturday, April 19 2008 @ 09:56 AM EDT Contributed by: PrivacyNews News Section: Breaches

More colleges named as being affected by the stolen laptop

Personal data about students from at least three area colleges was compromised after a laptop computer was stolen, officials said Friday.

... About 1,500 people who included Brockport in their financial aid application process were affected. The school is still determining the number of enrolled Brockport students whose information was compromised. A letter will be mailed to these students, according to the statement.

Twenty MCC students had information on the stolen laptop, spokeswoman Cynthia Cooper said. Those students have been notified.

Source - Democrat & Chronicle

PogoWasRight.org editor's note: this was not the first time a laptop containing sensitive data was stolen from an employee of Sungard. The company reported the theft of a laptop from an employee's vehicle in February 2007; that laptop contained financial details. Sungard has not yet responded to questions concerning whether the most recent laptop theft occurred from an employee's vehicle or from some other location, and whether the employee was following corporate policies.


Have you noticed that the reports are moving east to west? Can Denver be far behind?

http://www.pogowasright.org/article.php?story=20080419212738616

Northwestern Michigan College reports data risk (Sungard update)

Saturday, April 19 2008 @ 09:27 PM EDT Contributed by: PrivacyNews News Section: Breaches

Northwestern Michigan College says a laptop computer that was stolen from a company that works with the school may have put the personal information of 1,600 students from 2003 at risk.

The school says Friday that the laptop belonged to a consultant at SunGard Higher Education, which provides NMC's core data management systems.

Source - mlive.com



Another self-serving announcement.

http://www.pogowasright.org/article.php?story=20080419103026287

NY: Retirees' information disappears

Saturday, April 19 2008 @ 10:30 AM EDT Contributed by: PrivacyNews News Section: Breaches

A portable storage device containing sensitive information about 600 Penfield Central School District retirees and retirees' spouses has disappeared from Monroe 1 BOCES.

The Monroe County Sheriff's Office is investigating the disappearance and the people affected have been notified and offered credit monitoring services.

The Penfield district contracts with Monroe 1 BOCES for certain record-keeping services and the missing storage device contains information about 360 retirees' health plans, including names, birthdates and Social Security numbers. Officials noticed that the device was missing on Thursday.

Source - Democrat & Chronicle

[From the article:

So far, BOCES has not heard of any complaints from retirees about their identities being stolen.

"To our knowledge, there has been no unauthorized use of the information," said Walker. [Apparently the PR flacks have no idea how ignorant this kind of statement makes them seem. Bob]



Oh boy, thanks Carnegie Mellon Research guys... (Automation takes all the fun out of hacking.)

http://www.cs.cmu.edu/~dbrumley/pubs/apeg.html

Automatic Patch-Based Exploit Generation

David Brumley, Pongsin Poosankam, Dawn Song, and Jiang Zheng

... What does this mean?

Attackers can simply wait for a patch to be released, use these techniques, and with reasonable chance, produce a working exploit within seconds. Coupled with a worm, all vulnerable hosts could be compromised before most are even aware a patch is available, let alone download it.



All terrorists breathe. You are breathing. You must be a terrorist!

http://blog.aclu.org/index.php?/archives/628-You,-With-the-Camera!-Stop-Acting-Suspicious!.html#comments

Friday, April 18, 2008

You, With the Camera! Stop Acting Suspicious!

Mike German, a former FBI agent who currently works as policy counsel for our Washington, D.C. office, wrote in our DailyKos Diary about how local law enforcement agencies across the country are gathering a curious kind of domestic intelligence on citizens, all in the name of, you guessed it, national security:

The Wall Street Journal and the Los Angeles Times both reported on the Los Angeles Police Department’s extensive list of "criminal and non-criminal" behaviors, which LAPD officers are instructed to report as "suspicious activities." The list includes such innocuous, clearly subjective and First Amendment protected activities as "taking pictures or video footage with no apparent esthetic value," "drawing diagrams and taking notes," "espousing extremist views," and "engaging in suspected coded conversations or transmissions."



That which is technically true is not always strategically wise.

http://www.pogowasright.org/article.php?story=20080419214504745

AU: Approval not needed for cancer data: Qld

Saturday, April 19 2008 @ 09:45 PM EDT Contributed by: PrivacyNews News Section: Non-U.S. News

Queensland's Health Minister Stephen Robertson says his department has found a way avoid a court battle [I wonder what odds they're giving in Vegas? Bob] with the cancer council over access to data.

Mr Robertson on Sunday said the Cancer Council Queensland would be able to get data from the state's cancer registry to researchers without the approval of the health authority and without breaching patient confidentiality.

The Cancer Council on Friday launched legal action in the Supreme Court against Queensland Health seeking routine access to cancer statistics from the registry.

Source - The Daily

[From the article:

Mr Robertson on Sunday said he was advised the council could share registry data with researchers with only minor changes to the current contract between the council and Queensland Health. [But no details were given Bob]



For my Computer Security students. The opposite of e-discovery?

http://www.bespacific.com/mt/archives/018137.html

April 18, 2008

Computerworld Guide to Removing Data From Your Hard Drive

"With stories surfacing on news channels regularly about lost or stolen data or the ability to recover data from discarded or resold computers and their hard drives, Computerworld decided to look at some cheap methods of removing that sensitive data from your hard drive permanently. And, what better place to look than YouTube?"



Using technology. Sounds good to me. (Has policy kept pace with this reality?)

http://yro.slashdot.org/article.pl?sid=08/04/19/2343210&from=rss

British Police Use Facebook to Gather Evidence

Posted by timothy on Sunday April 20, @03:39AM from the nothing-at-all-creepy-about-that dept. Privacy Social Networks

Amy Bennett writes

"Move over police scanner and most-wanted poster. The Greater Manchester Police force has created a Facebook application to collect leads for investigations. The application delivers a real-time feed of police news and appeals for information. A 'Submit Intelligence' link takes a Facebook user to the police Web site where they can anonymously submit tips. Another link leads to the videos on YouTube featuring information on the police force, ongoing investigations and other advisories."

As reader groschke writes, though,

"Their access to user data raises significant civil liberties problems. They may be able to see more of your data than your friends or network members can — and you also expose your friends' data when you add the application. All without needing a subpoena or warrant."



As goes computers, so goes DNA? (see next article)

http://www.pogowasright.org/article.php?story=20080419214912380

Computer searches as 21st Century general warrants

Saturday, April 19 2008 @ 09:49 PM EDT Contributed by: PrivacyNews News Section: Internet & Computers

I was reading a child porn computer search case today, posted elsewhere, that again made me think about how easy it is for police to put in a search warrant application that they want to search for a computer. So, let me go on a little about the need for computer searches just because there is a computer in the placed to be searched:

What is the "nexus" of the computer to the evidence to be sought, practically, realistically, and actually? Is it hypothetical or real? Even if it is hypothetical, is that enough to get over the good faith exception? The case law is not all that helpful. Basic search principles lead to one result, but computer searches almost seem to be in the process of subconsciously trying to divide off into their own little world so they become subject to different rules. If it happens, it is result oriented jurisprudence that fails to adhere to basic Fourth Amendment principles. If Kyllo’s thermal imaging is governed by basic Fourth Amendment rules applied to new technology, then why are not computer searched governed the same way? There is no way that they should not be. (The DOJ computer search manual is listed on the right margin.)

Source - FourthAmendment.com blog


Here comes a battle... Interesting article.

http://www.pogowasright.org/article.php?story=20080420062336881

DNA Tests Offer Deeper Examination Of Accused

Sunday, April 20 2008 @ 06:23 AM EDT Contributed by: PrivacyNews News Section: In the Courts

Twenty years after DNA fingerprints were first admitted by American courts as a way to link suspects to crime scenes, a new and very different class of genetic test is approaching the bench.

Rather than simply proving, for example, that the blood on a suspect's clothes does or does not match that of a murder victim, these "second generation" DNA tests seek to shed light on the biological traits and psychological states of the accused. In effect, they allow genes to "testify" in ways never before possible, in some cases resolving long-standing legal tangles but in others raising new ones.

Source - Washington Post

[From the article:

Already, chemical companies facing "toxic tort" claims have persuaded courts to order DNA tests on the people suing them, part of an attempt to show that the plaintiffs' own genes made them sick -- not the companies' products.

In other cases, defense attorneys are asking judges to admit test results suggesting that their clients have a genetic predisposition for violent or impulsive behavior, adding a potential "DNA defense" to a legal system that until now has held virtually everyone accountable for their actions except the insane or mentally retarded.

Some gene tests are even being touted for their capacity to help judges predict the likelihood that a convict, if released, will break the law again -- a measure of "future dangerousness" that raises questions about how far courts can go to abort crimes that have not yet been committed.



For the medicos

http://dsc.discovery.com/tv/human-body/explorer/explorer.html

Human Body Explorer



Well, it is a change. All change evokes resistance (fear)

http://entertainment.slashdot.org/article.pl?sid=08/04/19/1842208&from=rss

Dilbert Goes Flash, Readers Revolt

Posted by timothy on Saturday April 19, @04:06PM from the please-please-please-mr.-adams-pleeaaaase-no dept. It's funny. Laugh. The Internet The Media Entertainment

spagiola writes

"The Dilbert.com website just got an extreme makeover. Gone is the old, rather clunky but perfectly functional, website, replaced by a Flash-heavy website that only Mordac the Preventer of Information Services could love. Users have been pretty unanimous in condemning the changes. Among the politer comments: 'Congrats. Vista is no more lonely at the top in the Competition For The Worst Upgrade In Computing Industry, this web site upgrade being a serious contender.' You have to register to leave comments, but many seem to have registered for the express purpose of panning the new design."



I was once a Chemistry major so this caught my eye... Hope it is not too technical for you.

http://www.writeidea.org/2008/04/governmentium-described-as-element-on.html

Saturday, April 19, 2008

Governmentium - Described as an Element on Periodic Table

The element, Governmentium (Gv),

Research has led to the discovery of the heaviest element yet known to science. The new element, Governmentium (Gv), has one neutron, 25 assistant neutrons, 88 deputy neutrons, and 198 assistant deputy neutrons, giving it an atomic mass of 312.

These 312 particles are held together by forces called morons, which are surrounded by vast quantities of lepton-like particles called peons. Since Governmentium has no electrons, it is inert; however, it can be detected, because it impedes every reaction with which it comes into contact. A minute amount of Governmentium can cause a reaction that would normally take less than a second to take from four days to four years to complete.

Governmentium has a normal half-life of 2- 6 years; It does not decay, but instead undergoes a reorganization in which a portion of the assistant neutrons and deputy neutrons exchange places. In fact, Governmentium's mass will actually increase over time, since each reorganization will cause more morons to become neutrons, forming isodopes. This characteristic of moron promotion leads some scientists to believe that Governmentium is formed whenever morons reach a critical concentration. This hypothetical quantity is referred to as critical morass.

When catalyzed with money, Governmentium becomes Administratium, an element that radiates just as much energy as Governmentium since it has half as many peons but twice as many morons.

No comments: