Sunday, May 11, 2008

I doubt Aon administers only one pension fund. Will this trickle out like SunGard? And why does it take these people so long to inform the victims? (see next article)

http://www.pogowasright.org/article.php?story=20080510100719224

Park National vendor loses laptop with employees' personal info

Saturday, May 10 2008 @ 10:07 AM EDT Contributed by: PrivacyNews News Section: Breaches

About 2,000 past and present employees of Park National Corp. are keeping their fingers crossed that they don't become identity theft victims after their pension administrator lost a laptop computer containing their personal information.

Aon Consulting Inc., which provides administration services for Newark-based Park's pension plan, lost the laptop in March. The bank has received no reports that data on the computer has been accessed and used by thieves, said Park spokeswoman Bethany White.

Source - Columbus Business First


Related “We had no plan, so we created one while keeping our clients in the dark.”

http://www.silive.com/news/advance/index.ssf?/base/news/1210497311187710.xml&coll=1

Hospital admits error in handling I.D. theft

Stolen SIUH computer has data for 88,000, and former patients have growing concern

Sunday, May 11, 2008 By GLENN NYBACK STATEN ISLAND

STATEN ISLAND, N.Y. -- As tens of thousands of Staten Island University Hospital patients seethe over the decision by hospital administrators to wait four months before informing them that a computer containing their personal information was stolen, SIUH's chief executive conceded officials could have handled the situation differently.

... He explained that the hospital decided that before notifying people, it chose to complete an eight-to-nine-week process to identify a credit-monitoring program [Plan Behind! (cover your ass) Bob] for all 88,000 patients with the national credit-reporting agency Equifax.

... Isabella Bertelli-Vecchio of Huguenot, whose 16-month-old son Pietro received a notification letter last week, said an Equifax representative told her the only way to find out if his identity is stolen is to monitor the situation. [Is this a sales pitch? The hospital already notified this person their data was stolen... Bob]



Another third party, “Our customers will notify you, we don't choose to” breach. How many companies in this one? “We much prefer the traditional courier method that the cheaper, faster, electronic transmission method.”

http://www.pogowasright.org/article.php?story=20080510102018900

Bank cannot find six backup tapes (BNY Mellon update)

Saturday, May 10 2008 @ 01:40 PM EDT Contributed by: PrivacyNews News Section: Breaches

More than 1,300 SAIC stockholders are at risk of identity theft after a box of magnetic backup tapes went missing in New Jersey earlier this year.

The tapes owned by Bank of New York Mellon, which acts as stock transfer agent for SAIC, contained names, addresses, Social Security numbers, stock account information, transaction activity and possibly bank account numbers [They must mean “A small percdentage definitely did...” as opposed to “We have no idea...” Bob] for 1,376 current or former shareholders, said the San Diego company also known as Science Applications International Corp.

.... Laura Luke, a spokeswoman for SAIC, said the tapes included information from a “very long list of clients” of Mellon in addition to those of SAIC.

Source - SignOnSanDiego

[From the article:

The bank said the tapes have not been found more than two months after they were lost. [“We were very careful to think this through before we made anyone nervous by telling them...” Bob]

... “We have been monitoring the affected accounts and reviewing reports from the credit monitoring service,” [What accounts could the legally “monitor?” None of the actual victims are their clients, so they are unlikely to have accounts with the bank. And are they suggesting they initiated credit monitoring on all the victims? Bob] Mellon said in a statement. “We have no evidence suggesting that any of the data has been inappropriately accessed or used.”



Tools & Techniques

http://www.pogowasright.org/article.php?story=20080510133931353

Boarding Passes and Identity Theft

Saturday, May 10 2008 @ 01:39 PM EDT Contributed by: PrivacyNews News Section: Breaches

After reading this article, I'll be more careful about throwing out boarding pass stubs -- Dissent

Can a simple airline stub, plucked out of a bin near Heathrow lead to a breach of security and possible identity theft? The answer might surprise you.

The traveler’s name was on the discarded British Airways boarding-pass stub. Its just a small section of the pass that displays your name and seat number. Very similar to the stub you probably throw away as soon as you leave your flight.

It said the traveler had flown from Brussels to London on March 15 at 7.10am on BA flight 389 in seat 03C. It said the man was “Gold” standard passenger and gave his frequent-flyer number. I picked up the stub, mindful of a report by a computer security expert two months earlier, and put it in my pocket.

.... We logged on to the BA website, bought a ticket in the travelers name and entered the frequent flyer number on his boarding pass stub, without typing in a password. [Aaaaargh! Bob] We were given full access to all his personal details - including his passport number, the date it expired, his nationality (he is Dutch, living in the UK) and his date of birth. The system even allowed us to change the information. [Is this enough to visit a consulate and replace a “lost” passport? Bob]

Source - Carrentals.co.uk



1) Why is there a camera on every new Mac? 2) If you can turn the camera on remotely, what's to keep hackers from doing it at random?

http://entertainment.slashdot.org/article.pl?sid=08/05/11/0133232&from=rss

"Back To My Mac" Catches a Thief

Posted by kdawson on Saturday May 10, @11:45PM from the don't-mess-with-an-apple-grrrl dept. It's funny. Laugh. Apple

robipilot writes

"Mac stolen, Mac comes online, owner connects using 'Back to My Mac,' owner takes picture of culprit, and voila, criminal caught. OK, it wasn't quite that simple, but here's an interesting story of using some built-in technology on the Mac to recover a stolen laptop."



What makes you think you can use this service any way you choose?

http://yro.slashdot.org/article.pl?sid=08/05/10/166204&from=rss

Microsoft IM Blocking YouTube Links

Posted by kdawson on Saturday May 10, @12:59PM from the walled-playground dept.

A number of readers are sending word that the blogosphere and Twittersphere are alight with reports of Microsoft's new block on messages containing YouTube URLs. Both MSN Messenger and Windows Live Messenger reportedly implement the block. One blogger sniffed the network to discover that such messages receive a NAK from Microsoft's servers. Microsoft has been blocking messages by keyword, as an anti-phishing measure, for some time, but *.youtube.com would not seem to provoke much worry about phishing. Instead, as B.E.T.A Daily speculates, "This block seems to be related to the recent launch of Messenger TV in 20 countries which allows for sharing video clips from MSN Video on messenger." Hard to get away with in an arena where you don't enjoy a monopoly.



This isn't even a recount (without paper, all you have is the total on the machine) it's politics as usual?

http://www.nytimes.com/2008/02/16/nyregion/16vote.html?ex=1361250000&en=f77e8a83729ad389&ei=5124&partner=digg&exprod=digg

Unofficial Tallies in City Understated Obama Vote

By SAM ROBERTS Published: February 16, 2008

Black voters are heavily represented in the 94th Election District in Harlem’s 70th Assembly District. Yet according to the unofficial results from the New York Democratic primary last week, not a single vote in the district was cast for Senator Barack Obama.

... City election officials this week said that their formal review of the results, which will not be completed for weeks, had confirmed some major discrepancies between the vote totals reported publicly — and unofficially — on primary night and the actual tally on hundreds of voting machines across the city.

In the Harlem district, for instance, where the primary night returns suggested a 141 to 0 sweep by Senator Hillary Rodham Clinton, the vote now stands at 261 to 136. In an even more heavily black district in Brooklyn — where the vote on primary night was recorded as 118 to 0 for Mrs. Clinton — she now barely leads, 118 to 116.



For my Hacking 101 students... (I'll expect my usual percentage...)

http://www.codingthewheel.com/archives/how-i-built-a-working-poker-bot

How I Built a Working Poker Bot, Part 1

Friday, May 09, 2008

Introduction

... If you're a poker player, and particularly if you're an online poker player, you've probably heard rumors about the rise of the poker bots. Unfortunately there's very little hard information out there (for obvious reasons) about how to build one of these bots.

... Well, I'm here to tell you that online poker bots are 100% real, and I know this because I've built one. And if I can build one, well. Anybody can build one. What's more, over the course of this multi-part article, I'll show you how.



Geek alert! Perhaps other operating systems could learn something here (Hint, hint Microsoft)

http://www.ibm.com/developerworks/linux/library/l-selinux/?ca=dgr-btw01SELinux

Anatomy of Security-Enhanced Linux (SELinux)

M. Tim Jones (mtj@mtjones.com), Consultant Engineer, Emulex Corp.

29 Apr 2008



Dilbert explains the logic of upgrading your computer

http://dilbert.com/strips/comic/2008-05-11/

No comments: