Apparently a number of 'failures' must occur for Identity Theft to happen... Let's sue them all! (How easy was it to get all this information?)

http://torontosun.com/News/TorontoAndGTA/2008/05/18/5603146-sun.html

Jason Young plays private eye after buying a new car and running smack into a bad case of identity theft

By MARK BONOKOSKI Sun, May 18, 2008

The car that Jason Young has never owned, a 2001 Audi A4, can be found today under lock-and-chain in an OPP compound north of Toronto, having been seized following its abandonment in a still unsolved hit-and-run.

... Jason Young, it appears, would make a fine private eye.

He paid $20 for a used vehicle information package on the car he never owned, and found out that it had its beginnings in Ottawa and was passed along to various car dealerships in southern Ontario -- ending up at the Woodbridge used car dealership that, at this writing, is under investigation by the York Regional Police fraud squad, and being sold to one "Jason Young," and with its odometre reading rolled back more than 30,000 klicks.

He discovered that the downpayment cheque, while it carried his name, was actually an account belonging to someone else which, due to Privacy Laws, will now be left to the police to sort out through a warrant.

He tracked down the financing documents, then with Travelers, and pointed out that not only was the signature on the document not his, but neither was the social insurance number or the attached T-4 document supposedly proving income.

It was all bogus.

Not only that, he was supposedly a plumber, and working for a legitimate plumbing company in Mississauga.

Whoever was doing the due diligence for Travelers, however, was asleep at the switch because "Jason Young" got a loan despite a handwritten notation at the bottom of the loan application which noted the plumbing company could not possibly have "Jason Young" on its payroll.

"Spoke to owner," reads the notation. "He said he doesn't have any employees!"

Nonetheless, the $20,517 loan to "Jason Young" was approved, at an almost unimaginable interest rate of 29.9%. [That explains why... Bob]

In fact, the only thing that appeared to have a credible connection to Jason Young was a ninth-generation photo copy of his driver's licence which, to this day, Jason Young has no idea how it got into circulation.

Another example of multiple failures?

http://www.baltimoresun.com/business/bal-bz.ml.consuming18may18,0,6711338.column?track=rss

Comcast slow to act on hijacked e-mail site

Dan Thanh Dang Consuming Interests May 18, 2008

Early this year, Gary Brawerman's e-mail account was hijacked. As much of a nightmare that was, it didn't compare to the lack of concern he found when he called his Internet service provider, Comcast Corp., for help.

Brawerman noticed trouble Jan. 21 when he went to log on to the e-mail account he'd used for four years but could not access it. The system couldn't even find his e-mail address.

"That's when I knew something was wrong," said Brawerman, owner of a local mattress store. "I called Comcast and they told me they needed 24 hours."

Brawerman called the next day. A Comcast rep told him they needed another 24 hours.

"When I still had not heard from anyone, I called Jan. 24 and was told by someone named Michael that I should have been told they needed 24 to 72 hours," Brawerman said. "Michael told me he was going on vacation the next day at midnight, but said he could call me late Friday. He didn't call. On Jan. 25, I called and was told 'Your problem has not reached upstairs yet.'"

Three days later, someone named Byron from Comcast told him that "my e-mail was changed by another I.D. user, microsoft.team.206. I told him that's no one I know. Byron said, 'Uh-oh. Let me get back to you.' You guessed it, I never heard from him again."

Meanwhile, Brawerman was in full panic mode.

"I kept a lot of personal data in my e-mail account," Brawerman said. "Bank account numbers, credit card numbers, financial information, passwords, a list of phone numbers and birth dates. I had no idea if someone accessed that information or not."

... By May 5, when Brawerman contacted me, it had been 106 days since his initial call - and he still had not received any explanation of what happened to his e-mail address or what he should do.

He began getting some answers after I contacted Comcast May 7.

Spokesman Aimee Metrick said a spammer used Brawerman's e-mail account in January to set up numerous false e-mail addresses in a short amount of time. Metrick said Comcast's e-mail server was not compromised.

"In a very rare occurrence, it appears the spammer also used the customer's primary e-mail address to send spam and then dumped it, which sent it to our reservoir database of inactive accounts," Metrick said. "We do not believe there are any issues with identity theft, [Absent proof, do they have a duty to notify? Bob] as spammers are generally focused solely on the ability to use the account to set up additional e-mail addresses as a way to send spam."

... Comcast says the reason it took so long was because the problem was so rare. But wouldn't that alone have been enough reason to escalate the complaint? [Only if it was seen as a problem for Comcast. It was merely a 'customer service' issue, therefore safe to ignore. Bob] It doesn't jibe.

... Avi Rubin, Johns Hopkins computer science professor and founder of a computer security firm, said, "I know firsthand of several instances of people having their e-mail hijacked by spammers. It can't be that uncommon. … Why Comcast customer service couldn't give him back his account quickly is perplexing to me, too. They should have a mechanism to deal with emergencies. It should be instantaneous."

Since Comcast won't discuss what protocol it has in place to deal with security issues, it's hard to know if Comcast didn't have the technical know-how to deal with e-mail hijacking or if its employees dropped the ball. I'd like to believe the latter; the other scenario would not be too reassuring to its customers.

... Brawerman said Comcast offered him six months of free cable, but he declined. He wants a written apology and possibly money for what he spent for credit-monitoring services. In the meantime, Brawerman said he will never ever keep personal data in his e-mail account again. "I learned that the hard way," he said.

Everyone needs a hobby

http://www.usatoday.com/tech/news/computersecurity/hacking/2008-05-17-hackers-spain_N.htm

Five arrested in Spain for hacking government sites

By Daniel Woolls, Associated Press

MADRID, Spain — Spanish police have arrested five young computer hackers who allegedly disabled Internet pages run by government agencies in the U.S., Latin America and Asia, authorities said Saturday.

The National Police described the suspects as belonging to one of the most active hacker groups on the Internet and said two of the suspects are only 16 years old. The others are 19 or 20.

On the Internet, the group calls itself D.O.M Team, police said.

One of the group's techniques was to infiltrate websites and insert a page of its own, police said. A Google search turns up several hits with pages that fit this description.

The group attacked some 21,000 Web pages over the last two years, police said in a statement. The five were arrested this week in Barcelona, Burgos, Malaga and Valencia.

The statement did not identify which government websites the suspects are accused of tampering with.

The Spanish newspaper El Mundo reported in March that the group had infiltrated NASA's Web page, but a police official said Saturday she could not confirm this. The official spoke on condition of anonymity in line with department rules.

The group also hacked the Venezuelan national telephone company's page, and that of the Spanish telephone operator Jazztel, among others, the paper said.

El Mundo said it had contacted the group and it described itself not as a bunch of delinquents, but computer-lovers that raid websites to show system administrators the pages' vulnerabilities.

The Spanish investigation began in March after the Web page of a Spanish political party, Izquierda Unida, was disabled shortly after Spain's general election March 9.

The five suspects did not know each other personally, but rather just over the Internet. They were in contact with other members of the hacking group, mainly in Latin America, police said.

This could be an interesting approach to Network Neutrality: “Prove to us that your network is inadequate...”

http://tech.slashdot.org/article.pl?sid=08/05/17/2321231&from=rss

Canadian ISP Ordered to Prove Traffic-Shaping is Needed

Posted by timothy on Saturday May 17, @08:47PM from the offer-good-only-in-canada dept. The Internet Communications Government

Sepiraph writes

"In a letter sent to the Canadian Association of Internet Providers and Bell Canada on May 15, the Canadian Radio-television and Telecommunications Commission (CRTC) have ordered Bell Canada to provide tangible evidence that its broadband networks are congested to justify the company's Internet traffic-shaping policies. This is a response after Bell planned to tackle the issue of traffic shaping, also called throttling, on the company's broadband networks. It would be interesting to see Bell's response, as well as to see some real-world actual numbers and compare them to a previous study."

Apparently Global Warming has cooked his brain. (Other parts of the lawsuit are less crazy.)

http://blog.wired.com/27bstroke6/2008/04/prof-sues-note.html

Lawsuit Claim: Students' Lecture Notes Infringe on Professor's Copyright

By Ryan Singel April 04, 2008 | 1:48:14 PM

... Moulton and his e-textbook publisher are suing Thomas Bean, who runs a company that repackages and sells student notes, arguing that the business is illegal since notes taken during college lectures violate the professor's copyright.

Linux only (so far)

http://www.bespacific.com/mt/archives/018363.html

May 16, 2008

Secure web browsing with the OP web browser

Secure web browsing with the OP web browser, Chris Grier, Shuo Tang, and Samuel T. King, Department of Computer Science, University of Illinois at Urbana-Champaign

• "Current web browsers are plagued with vulnerabilities, providing hackers with easy access to computer systems via browser-based attacks. Browser security efforts that retrofit existing browsers have had limited success because the design of modern browsers is fundamentally flawed. To enable more secure web browsing, we design and implement a new browser, called the OP web browser, that attempts to improve the state-of-the-art in browser security. Our overall design approach is to combine operating system design principles with formal methods to design a more secure web browser by drawing on the expertise of both communities. Our overall design philosophy is to partition the browser into smaller subsystems and make all communication between subsystems simple and explicit. At the core of our design is a small browser kernel that manages the browser subsystems and interposes on all communications between them to enforce our new browser security features."