A very non-TJX response.
http://www.pogowasright.org/article.php?story=20080402065521527
Hannaford issues apology to shoppers
Wednesday, April 02 2008 @ 06:55 AM EDT Contributed by: PrivacyNews News Section: Breaches
Hannaford supermarket shoppers are getting an apology in their shopping bags for a security breach that was announced two weeks ago.
CEO Ron Hodge sent a message to customers online and through leaflets left in grocery bags.
Source - sunjournal.com
[From the article:
He says the company is also considering, on a case-by-case basis, the out of pocket expenses placed on customers who had to cancel their cards.
A very TJX response. “We ain't saying, 'cause we don't gotta.”
http://www.pogowasright.org/article.php?story=20080401204600988
EXCLUSIVE: 250,000 insured by Union Security Insurance Company had personal info stolen
Wednesday, April 02 2008 @ 07:46 AM EDT Contributed by: PrivacyNews News Section: Breaches
When a desktop computer containing names, dates of birth, Social Security numbers and "other personal information" was stolen from Administrative Systems, Inc. in December, ASI's web site indicated that "several" of its clients had been affected. But as more information emerged, it appeared that it wasn't just "several" clients. ASI's notification letters and exhibits to two states attorney general indicated approximately 40 companies or insurance carriers as clients that were affected.
Now a spokesperson for one of those clients, Union Security Insurance Company, has informed PogoWasRight.org that 250,000 of their customers had data on the stolen desktop.
Is the ASI incident yet another big breach that has managed to fly under the media radar? It's impossible to say until we find out more, but for those who track and analyze data losses, the ASI breach may serve as yet another useful example of why we need fuller disclosure and reporting laws. Could the number of unencrypted SSN on the stolen desktop run into the millions? Who knows? Unless there's some requirement that ASI reveal those numbers or unless all of the affected clients reveal their numbers, we may never find out how many individuals had their data exposed in this breach, even though the numbers are already significant and are likely much larger.
“We don't need no stinking backups!” (Let's hope this is an April Fools joke.) Clearly a case of “Undue Reliance”
http://hosted.ap.org/dynamic/stories/G/GRADES_GONE?SITE=VALYD&SECTION=HOME&TEMPLATE=DEFAULT
Apr 1, 6:47 PM EDT
Computer Erases Ind. Students' Grades
EVANSVILLE, Ind. (AP) -- A computer malfunction wiped out a month's worth of grades at three high schools and one middle school, giving struggling students a second chance but dismaying others.
... Upcoming report cards at the four schools will not be issued as scheduled. Instead, the final two weeks of the current six-week period will be combined with the final six weeks of the year into an eight- week reporting period.
... The school district's announcement said IBM engineers determined the loss of data was caused by "an unfortunate and very rare combination of hardware problems and backup configuration settings."
Follow-up: Creating the (im)perfect e-alibi?
http://seattlepi.nwsource.com/local/357260_craigslistcrime02.html
Police: Couple covered up theft with Craigslist post
THE ASSOCIATED PRESS Last updated April 1, 2008 9:10 a.m. PT
MEDFORD, Ore. -- It wasn't a hoax or revenge that cost a Southern Oregon man many of his belongings when people responded to a Craigslist posting and nearly emptied his rural home, officers say: It was a pair of thieves covering their tracks.
See how the other half legislates...
http://www.bespacific.com/mt/archives/017994.html
April 01, 2008
Cybercrime Legislation: EU Country Profiles
Cybercrime Legislation - Country profiles: "These profiles have been prepared within the framework of the Council of Europe’s Project on Cybercrime in view of sharing information on cybercrime legislation and assessing the current state of implementation of the Convention on Cybercrime under national legislation. They do not necessarily reflect official positions of the countries covered or of the Council of Europe."
Octopus Interface 2008 - Cooperation against Cybercrime,
Tuesday 1 - Wednesday 2 April 2008, Council of Europe, Strasbourg, France. "The 2008 Conference will focus on the cooperation between service providers and law enforcement, the state of cybercrime legislation and the effectiveness of international cooperation. In the face of the increasing vulnerability of societies to the threat of cybercrime the Conference provides a platform for enhancing cooperation among key stakeholders from around the world."
Interesting. I wonder if this impacts Metadata?
http://it.slashdot.org/article.pl?sid=08/04/02/0133212&from=rss
Blocking Steganosonic Data In Phone Calls
Posted by kdawson on Wednesday April 02, @03:18AM from the could-you-repeat-that-please dept. Encryption Science
psyced writes
"Steganography is a technique to encode secret messages in the background noise of an audio recording or photograph. There have been attempts at steganalysis in the past, but scientists at FH St. Pölten are developing strategies to block out secret data in VoIP and even GSM phone calls by preemptively modifying background noise (link is to a Google translation of the German original) on a level that stays inaudible or invisible, yet destroys any message encoded within. I wonder if this method could be applied to hiding messages in executables, too."
Quantity has a quality of its own...
Storage revolution shuffling IT jobs
Enterprises are creating data at an astounding rate, and the new technologies for dealing with that data are also creating new job types
By Stephen Lawson, IDG News Service April 01, 2008
... Demand for storage capacity has grown by 60 percent per year and shows no signs of slowing down, according to research company IDC. New disclosure laws, which require more data to be preserved and retrievable, also are making storage management a bigger job.
Total Information Awareness by any other name, smells... If access to Database X by State A is found to be “illegal, immoral, or fattening” they will humbly end that access – and State B will take over...
http://www.pogowasright.org/article.php?story=20080402062738429
Centers Tap Into Personal Databases
Wednesday, April 02 2008 @ 06:27 AM EDT Contributed by: PrivacyNews News Section: State/Local Govt.
Intelligence centers run by states across the country have access to personal information about millions of Americans, including unlisted cellphone numbers, insurance claims, driver's license photographs and credit reports, according to a document obtained by The Washington Post.
One center also has access to top-secret data systems at the CIA, [It only takes one to “share” that data. Bob] the document shows, though it's not clear what information those systems contain.
Dozens of the organizations known as fusion centers were created after the Sept. 11, 2001, terrorist attacks to identify potential threats and improve the way information is shared. The centers use law enforcement analysts and sophisticated computer systems to compile, or fuse, disparate tips [“I have evidence...” Joe McCarthy Bob] and clues and pass along the refined information to other agencies. They are expected to play important roles in national information-sharing networks that link local, state and federal authorities and enable them to automatically sift their storehouses of records for patterns and clues.
Source - Washington Post
[From the article:
The list of information resources was part of a survey conducted last year, officials familiar with the effort said. It shows that, like most police agencies, the fusion centers have subscriptions to private information-broker services that keep records about Americans' locations, financial holdings, associates, relatives, firearms licenses and the like.
What happened to “You data is safe with us?”
http://www.pogowasright.org/article.php?story=20080401130817175
UK national ID database tested with FBI criminal data
Tuesday, April 01 2008 @ 01:08 PM EDT Contributed by: PrivacyNews News Section: Fed. Govt.
THE HOME OFFICE is testing its identity scheme database with criminal data supplied by the FBI, the INQUIRER has learned.
The Identity and Passport Service said in a written statement that the FBI had agreed supply data from the Integrated Automated Fingerprint Identification System (IAFIS), its biometric criminal database .
"IPS has a Memorandum of Cooperation with the FBI which enables the FBI to provide IPS anonymised fingerprint data for the purposes of testing our biometric systems," said the statement.
The IPS did not say how many records or precisely what fields of the FBI database would be used to test the ID system. But it did say that the test data would be "available in the millions", and that it would include 10-print fingerprint records.
Source - The Inquirer
Comment: I kept looking to see if there was any reference to today's date or April's Fool, but it appears to be for real. -- Dissent
“Let us make your life better (and you easier to surveil)”
http://www.pogowasright.org/article.php?story=20080401180511476
Using Tire Pressure Sensors To Spy On Cars
Tuesday, April 01 2008 @ 06:05 PM EDT Contributed by: PrivacyNews News Section: Surveillance
Beginning last September, all vehicles sold in the US have been required to have Tire Pressure Monitoring System (TPMS) installed. An article up at HexView enumerates privacy issues introduced by TPMS, and some of them look pretty scary. Did you know that traffic sensors on highways can be adopted to read TPMS data and track individual vehicles?
Source - slashdot
[Original article: http://www.hexview.com/sdp/node/44 ]
Interesting but incomplete. I think this is inevitable as both employees and computers are viewed as commodities, but the issue is appropriate management and control – something most IT departments seem unable to accomplish.
IT heresy revisited: Let users manage their own PCs
Large companies such as BP and Google are rethinking the idea of IT controlling users' computers and sharing their lessons from the frontlines
By Tom Sullivan April 02, 2008
Users should choose and manage their own PCs.
Everyone?
April 1, 2008
Who needs more computer security education?
Filed under: Berkman, politics, code — wseltzer @ 5:34 pm
Berkman’s Stop Badware project just released a new study, in which they report the “paradox” that most users feel safe online, despite a rash of malefactors and potential mishaps:
A Zamzar competitor. (Another way to bypass YouTube filters?)
http://www.killerstartups.com/Video-Music-Photo/CatchVideonet---Download-Your-Fav-Youtube-Videos/
CatchVideo.net - Download Your Fav Youtube Videos
This site will convert your beloved YouTube video into any one of six formats (mpeg, mov, mp4, 3gp, mp3 or flv), so that you’ll be able to watch it whenever and wherever you want. That’s not all either. It’s also incredibly easy to use—a chimp could do it. Just enter the URL of the video you want, select your format and hit the ‘Convert and Download’ button. Listo. That’s it, you’re video’s ready to run.
I'm a big Monty Python fan, so I find this website both informative and amusing. Why don't more organizations do this? Thanks to Ralph Losey (http://ralphlosey.wordpress.com/) for providing a bit of comic relief.
... If you are ready for a humorous interlude at this point, see the video below of John Cleese providing his in depth analysis of Rule 26 [e-Discovery Bob] (thanks to his sponsor, Iron Mountain, and their funny website: friendlyadvicemachine.com).
No comments:
Post a Comment