Thursday, May 15, 2008

Can we conclude that TJX has established the model for dealing with a Security Breach?

http://www.pogowasright.org/article.php?story=20080514133055839

TJX Earnings Suggest that Data Security Doesn’t Worry Consumers

Wednesday, May 14 2008 @ 01:30 PM EDT Contributed by: PrivacyNews News Section: Breaches

Ben Worthen is singing my tune -- Dissent

TJX today reported increased sales for its fiscal 2009 first quarter, a sign that the public just doesn’t care about data breaches.

... For those of us who care about tech security – admittedly a smaller group than those who care about cheap clothes – the results are disheartening. And they raise two questions: 1) Why don’t customers avoid businesses that mishandle their personal data? 2) Why should businesses care about protecting customer information if the public doesn’t care?

Source - WSJ Blog


Peanuts!

http://www.pogowasright.org/article.php?story=2008051418364672

Banks agree to TJX breach settlement with Mastercard

Wednesday, May 14 2008 @ 06:36 PM EDT Contributed by: PrivacyNews News Section: Breaches

TJX Cos. has won support from Mastercard-issuing banks for a settlement that will pay them as much as $24 million to cover costs from a massive data breach.

The discount retailer said Wednesday it has won support from financial institutions representing more than 99 percent of MasterCard accounts affected in the breach worldwide. The settlement announced April 2 required at least 90 percent support to take effect.

A similar agreement reached in November with Visa-card issuing banks also was overwhelmingly approved.

Source - interactive investor

[From the article:

A similar agreement reached in November with Visa-card issuing banks also was overwhelmingly approved. That agreement set aside as much as $40.9 million to help banks cover costs including replacing customers payment cards and covering fraudulent charges. [I make that about $0.68 per card. Bob]


On the other hand...

http://www.pogowasright.org/article.php?story=20080515060240346

Data Breaches Mean More Than Bad Publicity

Thursday, May 15 2008 @ 06:02 AM EDT Contributed by: PrivacyNews News Section: Breaches

Over the last several years, corporate data breaches have been regularly splashed across the front pages of the nation's newspapers, causing nightmares for corporate executives. Ever-increasing digitization in areas such as business, banking and accounting has led multinationals to collect and retain inestimable quantities of personal information about employees, customers and counterparties.

.... Data-breach litigation typically alleges causes of action grounded in tort and contract: negligence, breaches of fiduciary duty, breaches of real and implied contracts, invasion of privacy and emotional distress. Some causes of action are grounded in state law, such as consumer protection acts, unfair trade practices acts and state data breach notification laws. Plaintiffs in these lawsuits seek damages arising from the fear of potential identity theft, including fraudulent charges to their accounts, credit monitoring costs, identity theft insurance costs, credit report costs, emotional distress from fear of fraud, damage to credit history and loss of privacy. Courts have been hesitant to permit suits for such speculative damages, thus dismissing suits where plaintiffs had not yet been victims of any identity fraud.

... While it is too soon to accurately predict the litigation landscape, the trend seems to be grounding more lawsuits in state law statutes, and for common law allegations, alleging more specific and provable damages. The better plaintiffs get on the damages front, the farther along the cases will be able to move. This could mean the potential for more costly discovery before a suit is resolved or settled. While the hurdles for plaintiffs remain high, these lawsuits have become a fact of life in today's litigious society. Corporations suffering data breaches thus must now routinely face an onslaught of civil litigation in addition to the negative publicity and regulatory scrutiny coming from data breaches and their announcements. Given the increasing digitization of the economy and society, companies should brace for these lawsuits when the almost inevitable data breach occurs.

Source - Law.com

[From the article:

As an initial and immediate matter, a thorough forensic investigation [discoverable? Bob] is critical to ascertain the scope and nature of the data breach. Only a complete assessment of the digital evidence will help to determine how the breach occurred, how recurrences can be prevented, and precisely what data -- and in what form -- was compromised, all of which will contribute to ascertaining the best course of action.



You know, this stuff is getting complicated.

http://www.pogowasright.org/article.php?story=20080515060541620

Theft Of Laptop Imperils School Employees' Data

Thursday, May 15 2008 @ 06:05 AM EDT Contributed by: PrivacyNews News Section: Breaches

A BB&T Insurance [Third party Bob] laptop containing the personnel information of some Harrisonburg City Schools employees was stolen May 1, according to company officials.

The information came from employees enrolled in the system's dental plan, although the company does not know how many employees' information is on the computer. [I wonder if other client data was on the laptop as well? (The do have other clients, right?) Bob]

The laptop, used by an outside sales representative [Not an employee of the third party Bob] to develop an insurance proposal for the school system, was stolen from a car in Ohio.

"It's a portion of the employees," said A.C. McGraw, BB&T's media relations manager, who added that several security methods are used for the laptops, including passwords. [If it had been encrypted, you wouldn't be reporting this! Bob] "The information contained names, dates of birth, Social Security numbers, and, in some cases, medical history."

Source - DNRonline.com



Hummm... Someone copied the password file?

http://www.pogowasright.org/article.php?story=20080514132845183

Photobucket Requests Password Change After Security Issue

Wednesday, May 14 2008 @ 01:28 PM EDT Contributed by: PrivacyNews News Section: Breaches

An unknown security issue on Photobucket earlier this month has prompted the photo Web site to request that all its users change their passwords.

"Photobucket has identified and immediately resolved an isolated security incident," according to a spokesman. "There was no impact to any financial information related to Photobucket Pro subscribers, and we have no reason to believe that any photos or video from private Photobucket accounts have been accessed."

Source - AppScout

[From the article:

The company also upgraded its policy to require passwords that are at least six characters long. [A passwords should start with “Insecure...” Bob]



http://www.pogowasright.org/article.php?story=20080514183742849

OSU admits computer security breach

Wednesday, May 14 2008 @ 06:37 PM EDT Contributed by: PrivacyNews News Section: Breaches

A breach in an Oklahoma State University computer server exposed names, addresses and Social Security numbers of about 70,000 students, staff and faculty who bought parking and transit services permits in the past six years.

OSU announced the breach and began notifying permit holders today, even though it was discovered in March. The server was shut down at that time and Social Security numbers removed from the site.

After a two-month investigation, OSU officials say they think an intruder's purpose was to use the server for storage and bandwidth capacity to distribute illegal content but they can't rule out that student information was accessed. [Turn on the logging that comes free with the system! Bob]

Source - NewsOK.com Related - KOCO.com



“If it's digital, we can hack it!”

http://www.pogowasright.org/article.php?story=20080514120120569

Identity fraud hits net telephony

Wednesday, May 14 2008 @ 12:01 PM EDT Contributed by: PrivacyNews News Section: Breaches

A new type of identity fraud, which sees hackers tapping into voice-over IP telephony accounts, has been highlighted by a VoIP equipment maker.

Usernames and passwords from voice-over IP (VoIP) phone accounts are selling online for more than stolen credit cards, Newport Networks has found.

The information allows someone to use the telephone service for free.

Net telephony fraud is still in its infancy, with eavesdropping on calls being the most common security flaw. [How crude. Bob]

Source - BBC

[From the article:

"90% of carriers don't offer a secure VoIP service," said Mr Gladwin. [Think there might be a market there, Sparky? Bob]

... "Most of the software out there has the capability of running in secure mode if the service providers would accept it," he said.



Not everyone learns from their mistakes, but it is encouraging to note that some do...

http://www.pogowasright.org/article.php?story=20080514114146722

OH: NBC 4 Investigates Stolen State-Owned Computers

Wednesday, May 14 2008 @ 11:41 AM EDT Contributed by: PrivacyNews News Section: Breaches

.... Four months before the now-infamous state intern vehicle break-in, Target 4 questioned what the state was doing to protect state-owned equipment and data.

At the time, the Ohio Department of Job and Family Services led state agencies in computer-related thefts.

In the course of three years, the agency had lost a total of nine laptops, three desktops, a tablet PC and a hard drive – one device contained Medicaid information on 20 people.

... Fifteen months later, NBC 4 came back to find ODJFS has lost five more laptops, a desktop and a flash drive. Two thefts took place inside employees' cars. One laptop was stolen in a home burglary.

But ODJFS isn't alone in losing electronics. In 2007, nine laptops were stolen from the Ohio Department of Transportation.

"There was one incident in which a number of laptops were stolen. So really maybe three thefts, but in one of those cases, six laptops were stolen at one time," said ODOT Deputy Director Scott Varner.

Surprisingly, ODOT's nine laptop thefts pale in comparison to the loss leader among state agencies, the Ohio Department of Health, where 26 laptops disappeared last year. The total value was nearly $40,000.

.... We searched through Ohio State Highway Patrol records and counted more than 80 computers and hard drives stolen from the state in 2007. More than we found in 2004, 2005 and 2006 combined.

So how many agencies have done something to recover the stolen computers? Only one -- the Department of Health -- which began electronically tracking more than 2,200 ODH laptops and desktops last summer.

Source - NBC4i.com

[From the article:

Reporter: "Why doesn't the state have this type of service in place for all computers?"

Edmondson: "We have been taking a serious look at that." [Translation: “I have no idea.” Bob]



Hey, stuff happens... The fact that I've had 286 checks deposited in my Swiss account (so far) has nothing to do with the hacking class I'm teaching – or the fact that some students have already locked in their “A”

http://www.pogowasright.org/article.php?story=20080514184206646

IRS: Some stimulus checks sent to wrong accounts

Wednesday, May 14 2008 @ 06:42 PM EDT Contributed by: PrivacyNews News Section: Breaches

Through the wonders of modern technology, some of those federal economic stimulus checks are being deposited directly into recipients' bank accounts.

But some are not -- and are instead winding up in the bank accounts of complete strangers.

"We do know of instances of problems; we've heard of situations where stimulus checks have gone to the wrong people's bank accounts," conceded Kevin McKeon, the Internal Revenue Service spokesman for the New York region. "We're getting a lot of calls to the toll-free number."

One local taxpayer, who asked not to be identified, reported that he had discovered an unexpected deposit of $1,800 in his bank account. He said a review of his bank records revealed that it was a deposit from the IRS bearing another taxpayer's Social Security number. He said he contacted the IRS and was told by an IRS agent that the deposit was one of 15,000 misrouted checks sent out incorrectly as a result of a computer programming glitch. [Don't blame the poor computer, fire the manager that relied entirely on it! Bob]

Source - Newsday



Tools & Techniques Another biometric

http://www.physorg.com/news129994737.html

Scientists are building database of bite marks

By TODD RICHMOND, Associated Press Writer Published: 20 hours ago, 14:38 EST, May 14, 2008

(AP) -- It has sent innocent men to death row, given defense attorneys fits and splintered the scientific community. For a decade now, attorneys and even some forensic experts have ridiculed the use of bite marks to identify criminals as sham science and glorified guesswork.



Is this a wise strategy? Probably will result in a “Hacker war” that will cost the ISPs a fortune and mess up the customer experience for everyone... (With the industry magazines egging both sides on...)

http://tech.slashdot.org/article.pl?sid=08/05/14/2227200&from=rss

Elude Your ISP's BitTorrent Blockade

Posted by samzenpus on Wednesday May 14, @09:13PM from the impossible-task dept. The Internet

StonyandCher writes

"More and more ISPs are blocking or throttling traffic to the peer-to-peer file-sharing service, even if you are downloading copyright free content. Have you been targeted? How can you get around the restrictions? This PC World report shows you a number of tips and tools can help you determine whether you're facing a BitTorrent blockade and, if so, help you get around it."



Interesting to say the least.

http://blogs.barrons.com/techtraderdaily/2008/05/14/at-the-churchill-club-the-top-10-tech-trends/

At The Churchill Club: The Top 10 Tech Trends

Posted by Eric Savitz May 14, 2008, 10:57 pm

I’m at the Fairmont Hotel in San Jose tonight, for the Churchill Club’s annual Top 10 Tech Trends Dinner. This is the club’s 10th annual tech trend panel.

... 7. Khosla: Fossilizing fossil energy. Oil and coal will have trouble competing with biofuels. 99% of discussion on the topic is completely irrelevant to the topic. In 4-5 years will have production proof that can sell biofuel at well below $2 a gallon at today’s tax structure and no subsidy. Can’t imagine how big oil can stay in business if that is an alternative. Zero land needed to replace 100% of our gasoline. The other major issue is electrical power generation, which is coal and natural gas. One of his companies signed deal for 175 MW solar plant at costs below natural gas. Cheaper and less subject to commodity pricing. All of the panelists agree on that one.



Asymmetric warfare. The return of the Computer Bug? Global warming? Illegal aliens?

http://news.slashdot.org/article.pl?sid=08/05/15/129244&from=rss

Swarming Ants Destroy Electronics in Texas

Posted by timothy on Thursday May 15, @08:34AM from the where's-tiny-ender-when-you-need-him dept. Bug United States IT

AntOverlords writes

"Voracious swarming ants that apparently arrived in Texas aboard a cargo ship are invading homes and yards across the Houston area, shorting out electrical boxes and messing up computers. They have ruined pumps at sewage pumping stations, fouled computers and at least one homeowner's gas meter, and caused fire alarms to malfunction. They have been spotted at NASA's Johnson Space Center and close to Hobby Airport, though they haven't caused any major problems there yet."

No comments: