Wednesday, May 14, 2008

It looks like the “journalistic formula” for reporting is starting to change to include more negative reaction to the security failures the organization admits to. See the article

http://www.pogowasright.org/article.php?story=2008051405595341

Ca: Customer data on stolen laptop

Wednesday, May 14 2008 @ 05:59 AM EDT Contributed by: PrivacyNews News Section: Breaches

The theft of a laptop computer containing hundreds of clients' confidential information from a Calgary bank employee's vehicle has raised concerns for Alberta's privacy commissioner.

In a letter sent yesterday to its customers, First Calgary Savings said a vehicle parked in a secured underground parkade was vandalized and the bank employee's laptop and cellphone stolen last month.

... Soon after the theft occurred, police were notified and potentially vulnerable accounts numbering "in the hundreds, not thousands" had been red-flagged to prevent abuse and there's been no unusual activity detected, said First Calgary privacy officer Rod Banman.

And while he said the data was protected by a password, it doesn't appear to have been encrypted [Translation: We don't know Bob] and could be vulnerable to a determined computer hacker.

Source - Calgary Sun

[From the article:

A recipient of the letter, 14-year First Calgary client Doug Gablehaus, said he was "livid" to hear personal information would have been left in a vehicle.

"It's unacceptable ... that's the way identity theft goes," said Gablehaus, adding he might now take his business elsewhere.

"In today's society, I don't think confidential information should be on someone's laptop and kept in their car."



I still don't recall this one, and with the Colorado connection I probably should.

http://www.pogowasright.org/article.php?story=20080513132150264

Statement from Dave & Buster's (follow-up)

Tuesday, May 13 2008 @ 01:21 PM EDT Contributed by: PrivacyNews News Section: Breaches

Dave & Buster's has learned that the United States Department of Justice has charged and will prosecute the individuals responsible for the theft of credit and debit card numbers from 11 of our locations. These thefts occurred on an intermittent basis from May through August of 2007. Although the stolen data was never retained or stored by Dave & Buster's, the data was illegally accessed from the Dave & Buster's computer systems during the card verification and transmission process. No personal information such as names, addresses, phone numbers, bank account numbers, pin numbers, or social security numbers was stolen. The data that was captured consists of "track 2" data that includes the credit or debit card number and expiration date, but no other identifying data.

Dave & Buster's was alerted to the potential [“Minimize, minimize, minimize.” PR bad news mantra Bob] data intrusion in late August 2007, and immediately contacted the United States Secret Service. Dave & Buster's worked closely with both the Secret Service and Department of Justice and assisted them in their investigation. In addition, Dave & Buster's immediately retained outside security experts who identified the source of the data compromise. As a result the Company has implemented additional security measures to prevent any such incident from occurring in the future. The stores that were compromised were: Westminster, CO; Islandia and West Nyack, NY; Utica, MI; Downtown Chicago, IL; Columbus, OH; Jacksonville, FL; Frisco, Dallas (2) and Austin, TX.

Source - PR Newswire



Drive-by ID Theft? Took mail from mailboxes and processed it right in their car! Lesson: Drive more carefully!

http://www.pogowasright.org/article.php?story=20080514061531646

NE: Metro Mail-Theft Ring

Wednesday, May 14 2008 @ 06:15 AM EDT Contributed by: PrivacyNews News Section: Breaches

For the second time in a week, authorities in Nebraska say they've caught crooks, who steal identities and cash. The latest bust was in Saunders County, but the victims are from all over the metro.

"This is some of the equipment they used for manufacturing the fake IDs," Sheriff Kevin Stukenholtz points out. What looked like another couple of criminals creating false identities, turned out to be a bust into a massive ID theft ring. "We found bags that literally include thousands of pieces of correspondence that belonged to individuals other than the people that were in the car."

Thousands of stolen bank statements, checks, and credit card payments were found in the suspect's car. All documents that were ripped off from mailboxes across the metro.

Source - Action3 News



Another change in procedure?

http://www.pogowasright.org/article.php?story=20080513201908838

Five IRS Employees Charged With Snooping on Tax Returns

Tuesday, May 13 2008 @ 08:19 PM EDT Contributed by: PrivacyNews News Section: Breaches

Five workers at the Internal Revenue Service's Fresno, California, return processing center were charged Monday with computer fraud and unauthorized access to tax return information for allegedly peeking into taxpayers' files for their own purposes.

"The IRS has a method for looking for unauthorized access, and it keeps audit trails, and occasionally it will pump out information about who's done what," says assistant U.S. attorney Mark McKoen, who's prosecuting the cases in federal court in Fresno.

... The five charged this week are Corina Yepez, Melissa Moisa, Brenda Jurado, Irene Fierro and David Baker. Only 13 taxpayers were compromised -- each worker allegedly peeked at one to four tax returns, in incidents from 2005 through last year.

Source - Wired

[From the article:

The age of some of the incidents suggests the Inspector General's office is breaking out new algorithms to find anomalies in audit trails going back years. The office declined to comment, as did the IRS.

Workers caught in a UNAX are typically subject to disciplinary measures like unpaid leave, and less commonly charged with misdemeanor violations of the Taxpayer Browsing Protection Act and the Computer Fraud and Abuse Act.


Related? Did the UCLA 'scandal' prompt others to look at what employees were doing? If so, good! (Oops, they did it again...)

http://www.pogowasright.org/article.php?story=20080514062410693

13 more involved in file breach

Wednesday, May 14 2008 @ 06:24 AM EDT Contributed by: PrivacyNews News Section: Breaches

The UCLA Medical Center has been in the spotlight lately for its recent issues with patient privacy, and a fourth report on the issue recently revealed new information.

The California Department of Health Services report revealed that 13 additional people, ranging from physicians to a volunteer, have been identified as accessing Britney Spears’ health records without proper authorization.

Source - Daily Bruin

[From the article:

Spears had an alias while in the hospital, but after her stay there the alias was abandoned so that all of her medical information would remain together, according to the department’s report. [“We will protect your identity until it becomes inconvenient.” Bob]



Social engineering – so easy a convict can do it... (What happened to the “This is a collect call from jail “ message?)

http://www.pogowasright.org/article.php?story=20080513131046755

NY: Upstate jail inmate charged with identity theft scam

Tuesday, May 13 2008 @ 01:10 PM EDT Contributed by: PrivacyNews News Section: Breaches

... Cayuga County authorities are charging 24-year-old Eddie Camacho with conspiracy, criminal impersonation and unlawful possession of personal identification information.

. Camacho is accused of telephoning people from the jail and impersonating members of the district attorney’s office to obtain personal information, including Social Security numbers. Deputies say Camacho used the information to obtain credit and services in the names of six victims.

Source - pressconnects.com



Tools & Techniques Attention stalkers!

http://online.wsj.com/public/article/SB121063460767286631.html?mod=blog

New Sites Make It Easier To Spy on Your Friends

By VAUHINI VARA May 13, 2008; Page D1

If you are still relying on Google to snoop on your friends, you are behind the curve.

Armed with new and established Web sites, people are uncovering surprising details about colleagues, lovers and strangers that often don't turn up in a simple Internet search. Though none of these sites can reveal anything that isn't already available publicly, they can make it much easier to find. And most of them are free.

Zaba Inc.'s ZabaSearch.com turns up public records such as criminal history and birthdates. Spock Networks Inc.'s Spock.com and Wink Technologies Inc.'s Wink.com are "people-search engines" that specialize in digging up personal pages, such as social-networking profiles, buried deep in the Web. Spokeo.com is a search site operated by Spokeo Inc., a startup that lets users see what their friends are doing on other Web sites. Zillow Inc.'s Zillow.com estimates the value of people's homes, while the Huffington Post's Fundrace feature tracks their campaign donations. Jigsaw Data Corp.'s Jigsaw.com, meanwhile, lets people share details with each other from business cards they've collected -- a sort of gray market for Rolodex data.

... Zaba CEO Nick Matzorkis says the dissemination of public information online is "a 21st century reality with or without ZabaSearch." [Good point. Bob]



Perhaps perception has progressed from impossible to probable? I believe that a web site (even a 'kill-a-tree' book) would be an extremely useful resource for organizations. Might make a simple business model...

http://www.eweek.com/c/a/Security/Preparation-Key-to-Managing-Data-Breaches/

Preparation Key to Managing Data Breaches

By Darryl K. Taft 2008-05-14



Great quotes if you are looking for a grant, but somehow I doubt the basis for such claims...

http://www.pogowasright.org/article.php?story=20080514061140169

One in four data breaches involves schools

Wednesday, May 14 2008 @ 06:11 AM EDT Contributed by: PrivacyNews News Section: Breaches

Cyber criminals are becoming bolder and more sophisticated in their operations, federal computer security experts say. And that's bad news for schools, because educational institutions reportedly account for approximately one of every four data security breaches.

... "The education sector accounts for the majority of data leakages with 24 percent of all breaches, followed closely by the government," revealed Foster. " And unfortunately, theft and loss are still the [top] reasons that data leakages occur."

Source - eSchool News

[From the article:

"Threats are becoming more sophisticated and are occurring on a global level," said Garcia. According to DHS statistics, more than 1 million malicious codes have been written, an increase of 500 percent since last year. On any given day, 40 percent of those codes are "botnets"--a collection of software robots, or bots, that run autonomously and on groups of "zombie" computers controlled remotely.

In fact, according to these same statistics, more malicious code is written than regular code--and more than 80 percent of organizations affected by botnets are not aware they've been compromised.

... Foster said companies and organizations today send more than 70 percent of their intellectual property through eMail, which is risky, considering that 40 percent of all malicious code trends deal with the sharing of executable files and 32 percent with eMail file attachments.

... DHS plans to provide ongoing professional development to all IT staff in the nation with a new resource in development called the "Essential Body of Knowledge (EBK): A Competency and Functional Framework for IT Security Workforce Development." [Already out there, at: http://connect.educause.edu/Library/Abstract/InformationTechnologyITSe/45241?time=1210770042

Bob]



On the other hand, you could just give away your information...

http://www.bespacific.com/mt/archives/018332.html

May 13, 2008

Harvard Law faculty votes for 'open access' to scholarly articles

News release: "In a move that will disseminate faculty research and scholarship as broadly as possible, the Harvard Law School faculty unanimously voted last week to make each faculty member’s scholarly articles available online for free, making HLS the first law school to commit to a mandatory open access policy." [John Palfrey via Darlene Fichter]



This article points to a letter criticizing the 'opt out' process, but my concerns would be: what information do they keep; how long do they keep it; who do they share it with? Not to mention that this method does not segregate my personal and professional uses of the Internet, so I'll get adds for math textbooks... Ugh.

http://www.pogowasright.org/article.php?story=20080513130451896

Charter To Begin Tracking Users' Searches And Inserting Targeted Ads

Tuesday, May 13 2008 @ 01:04 PM EDT Contributed by: PrivacyNews News Section: Businesses & Privacy

Charter Communications is sending letters to its customers informing them of an "enhanced online experience" that involves Charter monitoring its users' searches and the websites they visit, and inserting targeted third-party ads based on their web activity. Charter, which serves nearly six million customers, is requiring users who want to keep their activity private to submit their personal information to Charter via an unencrypted form and download a privacy cookie that must be downloaded again each time a user clears his web cache or uses a different browser. [At least they left out that “dance naked every full moon” bit Bob]

Source - The Consumerist



It is extremely difficult to unlearn an old procedure while learning a new one. Here is a crutch for those of us who need it... (No one could have anticipated this?)

http://www.cnet.com/8301-13880_1-9943428-68.html?part=rss&tag=feed&subj=Workers'Edge

New Office 2007 add-on makes commands easier to find

Posted by Dennis O'Reilly May 13, 2008 3:00 PM PDT

Microsoft claims that Office 2007's ribbon interface saves time by putting the features people use most often closer at hand. For those of us who spent years learning where those functions were in previous versions of Word, Excel, and PowerPoint, the changes aren't the productivity boosters Microsoft envisioned.

I've done more than my share of rummaging around the ribbon in Office 2007 trying to find a particular command, and I've even used Microsoft's user-interface guides to hunt down the feature I needed. Now Microsoft Office Labs has developed the free Search Commands add-on for Office 2007 that lets you type in a command and access it in an instant.



I have no idea what this study foretells, but I find it interesting. Makes me think I must belong to the “Unconnected” or perhaps the “Disconnected”

http://www.infoworld.com/article/08/05/13/Study-says-hyperconnected-users-growing_1.html?source=rss&url=http://www.infoworld.com/article/08/05/13/Study-says-hyperconnected-users-growing_1.html

Study: 'Hyperconnected' users growing

Enterprises will have to accommodate new wave of information workers who use multiple devices and applications

By Paul Krill May 13, 2008

Enterprises are facing an exploding "culture of connectivity," with global information workers using an increasing number of devices and applications, according to an IDC study released on Tuesday.

In a worldwide study sponsored by Nortel, IDC found a considerable number of what it calls "hyperconnected" users -- those using at least seven devices and nine applications. The survey covered nearly 2,400 working adults in 17 countries.

Employers will need to make accommodations for the new wave of hyperconnected persons as these people become the next-generation workforce, IDC and Nortel argued.

The hyperconnected accounted for 16 percent of the population in the study. They are using gadgets ranging from phones to laptops to PDAs and even car-based systems. Applications being used on these devices include Web 2.0 applications, such as Twitter, Second Life, and wikis. Also prominent are applications like text messaging, instant messaging, and Web conferencing.

Behind the hyperconnected were the "increasingly connected," who use four devices and as many as six applications and account for 36 percent of the population.



Attention Linux geeks!

http://linux.slashdot.org/article.pl?sid=08/05/13/2328239&from=rss

Videos and Report From Embedded Linux Conference

Posted by kdawson on Wednesday May 14, @12:40AM from the for-posterity dept. Education Linux

Thomas Petazzoni writes

"The fourth edition of Embedded Linux Conference was held from April 15 to 17 in Mountain View, California. With more than fifty talks and tutorials around the use of Linux in embedded devices, this conference covered a wide range of topics: power management, debugging techniques, system size reduction, flash filesystems, embedded distributions, real-time, graphics and video, security, etc. For those who could not attend the conference, Free Electrons has published under a free license videos of nineteen talks and an extensive report of them. You can for example watch Andrew Morton's keynote, Klaas van Gend's talk about the real-time version of the Linux kernel, or Mike Anderson's tutorial on the use of JTAG probes for kernel debugging."

No comments: