Wednesday, April 09, 2008

The TJX model?

http://www.pogowasright.org/article.php?story=20080408213000153

Hannaford Bros. yanks ads from TV station for reporting

Tuesday, April 08 2008 @ 09:30 PM EDT Contributed by: PrivacyNews News Section: Breaches

The Hannaford supermarket chain says it's pulling advertising from WGME-TV.

The Scarborough-based company says it's doing that for what it calls "aggressive" reporting of a security breach that put the credit and debit card information of millions of consumers at risk.

Source - WCAX

[From the article:

WGME says it asked Hannaford if its coverage included any factual errors, but Hannaford only says the coverage has been too "aggressive." The station says it made several attempts to ask Hannaford for more information, but got no response.


...and as hardware gets smaller it becomes easier to steal...

http://www.pogowasright.org/article.php?story=20080408123529384

Stolen hardware basis for most breaches

Tuesday, April 08 2008 @ 12:35 PM EDT Contributed by: PrivacyNews News Section: Breaches

While the number of unique variants of malicious software more than quadrupled in 2007, lost laptops and storage devices -- not malicious software -- were the most common cause of a data breaches, security firm Symantec said in its latest Internet Security Threat Report released on Tuesday.

The report, based on data from more than 40,000 network devices and 120 million systems running Symantec software, found more than 700,000 new threats in the 2007, an increase of 468 percent over 2006. The attacks increasingly focused on stealing confidential information, with 68 percent of the top-50 threats targeting confidential information in the second half of 2007, up from 53 percent during the same period in 2006.

Source - Security Focus



Forgive me if I translate this from Gov-Speak

http://www.infoworld.com/article/08/04/08/Chertoff-says-DHS-project-will-lock-down-federal-computers_1.html?source=rss&url=http://www.infoworld.com/article/08/04/08/Chertoff-says-DHS-project-will-lock-down-federal-computers_1.html

Chertoff: DHS project will lock down federal computers

At the RSA conference, DHS head Michael Chertoff discussed the 'reverse Manhattan Project' to secure U.S. government computer systems

By Robert McMillan, IDG News Service April 08, 2008

U.S. Homeland Security Secretary Michael Chertoff said his agency is working on a "reverse Manhattan Project" to help secure the federal government's computer systems. [The security of our computers is abysmal... Bob]

... Chertoff said he would like to see the federal government develop an early warning system that could mitigate cyber attacks before they occur. [There is a place for psychics in government. Bob]



Once Privacy has been breached, there is no going back?

http://www.pogowasright.org/article.php?story=20080409054305970

UK: Formula 1 boss loses 'orgy' video legal battle

Wednesday, April 09 2008 @ 05:43 AM EDT Contributed by: PrivacyNews News Section: In the Courts

The High Court today refused to grant an injunction stopping the News of the World putting a 90-second extract of an "intrusive and demeaning" video involving motorsport boss Max Mosley and five prostitutes on its website.

Mr Justice Eady, in London, said the events, which were chronicled in the newspaper last month under the heading "F1 boss has sick Nazi orgy with 5 hookers", had received massive worldwide coverage, both in newspapers and on various websites.

Anyone who wished to access the footage could easily do so, and there was no point in barring the News of the World from showing what was already available.

Source - The Independent

[The link to the video is in the article. Not that I would ever watch such a thing (at least until the site recovers from the volume of hits) Bob]



Question: Was this a smart edit (never challenge a hacker) or is it an indication that they have already been hacked? Might make one of those interest (ever so polite) “questions” for the Prime Minister: “Would the PM kindly explain the Big-Brother-like revisions his respected but clearly incompetent minister made recently...”

http://www.pogowasright.org/article.php?story=20080409054022795

UK: Transcript disappears minister's 'hack-proof' ID register claim

Wednesday, April 09 2008 @ 05:40 AM EDT Contributed by: PrivacyNews News Section: Non-U.S. News

At the end of February Home Office minister Meg Hillier explained the UK ID scheme security system to the Home Affairs Committee. "The National Identity Register, essentially," she said, "will be a secure database; ...hack-proof, not connected to the Internet... not be accessible online; any links with any other agency will be down encrypted links."

Except she didn't, apparently, because by the time the Committee session transcript was published, here, Hillier words had become: "The National Identity Register, essentially, will be a secure database; it will not be accessible online; any links with any other agency will be down encrypted links."

Source - The Register



What chance this will have an impact in the US?

http://www.theusdaily.com/articles/viewarticle.jsp?id=354137&type=Internet

Google defends user data policy after EU report

By Eric Auchard 04/08/08

SAN FRANCISCO (Reuters) - Google Inc on Monday defended a policy of retaining data on Web users for up to 18 months as necessary to improve search results, responding to an EU report that saw no need for search services to keep personal data beyond six months.

... The long-anticipated set of recommendations for how European data protection laws should be applied to Web search services was published on Friday and can be found at http://tinyurl.com/5yukzm.



Tools & Techniques You can find all kinds of fun stuff on the Internet...

http://www.news.com/8301-10784_3-9914896-7.html?part=rss&subj=news&tag=2547-1_3-0-5

Breaking into a power station in three easy steps

Posted by Elinor Mills April 8, 2008 6:58 PM PDT

"I will tell (you) how to break into a nuclear reactor," Ira Winkler, president of security firm ISAG said as he launched into his presentation on "How to Take Down the Power Grid" at RSA 2008 on Tuesday night.

... Below is a video showing a staged cyber attack on a power station that Winkler showed during his presentation:



Hacking: too easy to be a question on the final exam. (Doesn't a telecom provider have a “duty” to protect access to user accounts?)

http://consumerist.com/376845/flawed-security-lets-sprint-accounts-get-easily-hijacked

Flawed Security Lets Sprint Accounts Get Easily Hijacked

We found you can hijack a Sprint user's account as long as you know their cellphone number, just a smidge about them, and have half a brain. Once inside, you have total access to their account. You could change their billing address, order a whole bunch of cellphones sent to a drop location, and leave the victim paying the bill. There's also the stalker's wet dream: add GPS tracking to their cellphone and secretly watch their every movement from any computer.



Tools & Techniques (Creating and maintaining second class citizens) Mission creep.

http://techdirt.com/articles/20080407/174926781.shtml

Special License Plates Let Certain California State Employees Avoid Tolls, Red Light Cameras

from the abusing-the-system dept

With all the fuss recently over red light cameras, Boing Boing points us to a fascinating story about how somewhere around one million Californians have special license plate that basically shield them from toll booth transponders and red light cameras. Basically, the system was originally designed for police, putting their license plate info in a special secret database to shield home addresses from criminals who might want to hurt them. That system is no longer needed because DMV records are all now private. But one of the unintended consequences of the system was that it became nearly impossible to send a remotely recorded ticket (such as via a toll booth reader or a red light camera) to the guilty party -- since you couldn't get their address. It even works in some cases when people are pulled over by police, because once the plate is looked up the record indicates that the plate is in this protected category, so officers often let the driver off for being "protected."

To make matters worse, California has made it quite easy for state employees of all different types to get their license plate on the list, and from the sound of it, at least a few folks are abusing the privilege. The article found some who owed tens of thousands of dollars in unpaid fines for abusing toll lanes. It seems clear that many state employees are aware of these "benefits." The article notes that museum security guards actually made sure to include a clause in a recent labor agreement that would allow them to get these secret plates. At this point, it would appear there's simply no reason to keep these secret license plates in existence, but they're still there basically just to be used by folks who want to disobey traffic laws and get away with it for free, no matter how often they're caught.



Dilbert explains how to deal with the generation gap

http://www.unitedmedia.com/comics/dilbert/archive/images/dilbert2006112580409.gif

No comments: