Saturday, May 31, 2008

It seems to me that taking weeks to determine what data was on your tapes just keeps your name in the news – and not in a good way.

http://www.courant.com/business/hc-mellon0531.artmay31,0,4423158.story?track=rss

25 Firms With Data On Lost Tape Identified

By JANICE PODSADA | Courant Staff Writer May 31, 2008

The missing Bank of New York Mellon computer tape reported last week contained information about nearly 500,000 Connecticut residents from a large number of companies, said state officials, who identified 25 of the companies on Friday. [25, but not all? Bob]

... Some Connecticut residents, including Bruce Sylvester of Hamden, say they are having trouble obtaining information from New York Mellon as to whether their personal information is included on the missing tape.

"My wife and I have the same account," Sylvester said Friday. "We called up Mellon the same day and got two different answers as to whether our information was on the tape." [One assumes this would be handled by the bank's customer service department – would you expect anything else? Note that this leaves nothing in writing... Bob]

This week, New York Mellon also revealed a second security breach in which a computer data storage tape containing the images of scanned checks and other documents was lost in late April as it was being transported from Philadelphia to Pittsburgh.

"We are only now getting our arms around this much smaller incident," Bank of New York Mellon spokesman Ron Sommer said Friday. "I don't know if it involves Connecticut residents."

The second breach affects 47 institutional clients, company officials said. [If my math students told me 47 was smaller than 25, I'd flunk them. Bob]



You don't have to steal the data. Let someone else steal it, and you can just harvest their work.

http://www.pogowasright.org/article.php?story=20080531073716427

Stolen data ending up in Google cache, say researchers

Saturday, May 31 2008 @ 07:37 AM EDT Contributed by: PrivacyNews News Section: Breaches

The Finjan security researchers, who uncovered several unprotected hacker servers containing the sensitive email and Web-based data of thousands of people, demonstrated how easy it is to find the data using Google.

By using a simple string of search terms the researchers were able to find stolen passwords and usernames, Social Security numbers, and even the usernames and passwords of internal databases of companies all stored in Google's public caching server.

Source - SearchSecurity.com Props, Fergie's Tech Blog



Identity theft is simple enough for even dumb criminals, but what happens when you run out of patience?

http://www.kpho.com/news/16438455/detail.html

4 Arrested In ATM Skimming Thefts

POSTED: 12:26 pm MST May 30, 2008 UPDATED: 5:32 pm MST May 30, 2008

SCOTTSDALE, Ariz. -- Four people were arrested this week in connection with a string of thefts from ATMs in Scottsdale hotels.

Police said the four used a device inserted into the card readers of the ATMs to hack into the internal computers of the machines and cause them to dispense large amounts of cash. [New, if true. Bob]

The group stole an estimated $100,000 that way, police said.

Two of the men also stole an ATM [Faster than hacking, but requires actual manual labor – not a geek thing. Bob] from the business center of a Scottsdale Hilton, according to police. Investigators said surveillance cameras caught Onik Darmandzhyan and Michael DeMatteo, both 32, stealing the machine.



“Youse can tell when youse got serious research, 'cause most of da page is footnotes.”

http://www.pogowasright.org/article.php?story=20080530143821723

A look into the dark underbelly of data breaches

Friday, May 30 2008 @ 02:38 PM EDT Contributed by: PrivacyNews News Section: Breaches

The process by which large volumes of data are stolen, resold, and ultimately used by criminals to commit fraud, has evolved from the sale of a few pieces of sensitive information, such as credit card numbers and expiration dates, to full blown identity packages containing multiple types of sensitive personal information.

That is but one of the disconcerting details of a Department of Justice-penned report that looks at the rapidly morphing, dark side of stolen personal information set to appear in next month’s issue of the Santa Clara Computer and High Technology Journal.

Source - NetworkWorld

Related - DOJ Report: Data Breaches: What the Underground World of “Carding” Reveals [pdf]



I've mentioned that it is never wise to anger a hacker. It also make no sense for a security manager (or anyone concerned with security) to ignore a warning.

http://blog.wired.com/27bstroke6/2008/05/comcast-hijacke.html

Comcast Hijackers Say They Warned the Company First

By Kevin Poulsen EmailMay 29, 2008 | 7:44:07 PM

The computer attackers who took down Comcast's homepage and webmail service for more than five hours Thursday say they didn't know what they were getting themselves into.

... Comcast, they said, noticed the administrative transfer and wrested back control, forcing the hackers to repeat the exploit to regain ownership of the domain. Then, they say, they contacted Comcast's original technical contact at his home number to tell him what they'd done.

When the Comcast manager scoffed at their claim and hung up on them, 18-year-old EBK decided to take the more drastic measure of redirecting the site's traffic to servers under their control. (Comcast would neither confirm nor deny the warning phone call.)


Note that Comcast is always making news. Must make the Board of Directors happy...

http://www.pogowasright.org/article.php?story=20080530144301438

Comcast is Hiring an Internet Snoop for the Feds

Friday, May 30 2008 @ 02:43 PM EDTContributed by: PrivacyNews News Section: Businesses & Privacy

Wanna tap e-mail, voice, and Web traffic for the government? Well, here's your chance. Comcast, the country's second-largest Internet provider, is looking for an engineer to handle "reconnaissance" and "analysis" of "subscriber intelligence" for the company's "National Security Operations."

Source - Wired



Sounds impressive, but actually not such a much.

http://www.pogowasright.org/article.php?story=2008053107020269

Lawsuit Makes Free Credit Monitoring Available

Saturday, May 31 2008 @ 07:02 AM EDT Contributed by: PrivacyNews News Section: Businesses & Privacy

If you have used a credit card or carried any kind of debt or loan account in the past 21 years it's very likely you can take part in an unprecidented $10-billion dollar lawsuit settlement.

Credit reporting agency TransUnion must pay back Aldin Cubillas and 160 million American consumers for selling their private credit information.

Anyone with credit information held by Transunion can retrieve their credit score which normally costs about $12. And on top of that they can enjoy 6 months of credit monitoring -- a $60 dollar value -- for free.

It's punishment for selling consumer credit information to marketers who then turned around and used that data to sell products and services right back to you.

Source - CBS



BlackBerry should milk this for all the advertising they can get.

http://yro.slashdot.org/article.pl?sid=08/05/30/1557247&from=rss

RIM In Trouble For Not Violating Privacy

Posted by kdawson on Friday May 30, @12:29PM from the end-to-end-baby dept. Privacy

sufijazz writes

"The US government is not alone in wanting to snoop on everything citizens do over email/phone. The Indian government wants that right too. RIM is stating they have no means to decrypt, no master key, and no back door to allow the government to access email."

The article notes that 114,000 BlackBerries are in use on the Indian subcontinent. The government is concerned about attacks by militants and sees the BlackBerry as a security risk.

[From the article:

Two sources familiar with the issue said RIM held talks with the government on Thursday, and members of the Canadian High Commission in New Delhi were also seen at the telecoms ministry headquarters. [BlackBerry is a Canadian company Bob]

... "The BlackBerry security architecture was also purposefully designed to perform as a global system independent of geography," the company said in a letter.

"The location of data centers and the customer's choice of wireless network are irrelevant factors from a security perspective since end-to-end encryption is utilized."



Passwords are probably the wrong technology to use in systems that operate (no pun intended) on an 'ad hoc' basis.

http://www.pogowasright.org/article.php?story=20080530142547824

Password sharing leaves NHS audit trail in tatters

Friday, May 30 2008 @ 02:25 PM EDT Contributed by: PrivacyNews News Section: Non-U.S. News

Investigators have been unable to trace a doctor involved a medical blunder that ended in a patient's death because staff in a Devon hospital had been sharing computer passwords.

The case shows the incompatibility between the way doctors work in practice and the high security needed to protect large databases of confidential patient information under the £12.7bn National Programme for IT (NPfIT).

Source - ComputerWeekly.com



How things work in the big leagues. For my Business Continuity class...

http://tech.slashdot.org/article.pl?sid=08/05/31/030209&from=rss

A Look At the Workings of Google's Data Centers

Posted by Soulskill on Saturday May 31, @08:07AM from the we're-gonna-need-a-bigger-boat dept.

Doofus brings us a CNet story about a discussion from Google's Jeff Dean spotlighting some of the inner workings of the search giant's massive data centers. Quoting:

"'Our view is it's better to have twice as much hardware that's not as reliable than half as much that's more reliable,' Dean said. ' You have to provide reliability on a software level. If you're running 10,000 machines, something is going to die every day.' Bringing a new cluster online shows just how fallible hardware is, Dean said. In each cluster's first year, it's typical that 1,000 individual machine failures will occur; thousands of hard drive failures will occur; one power distribution unit will fail, bringing down 500 to 1,000 machines for about 6 hours; 20 racks will fail, each time causing 40 to 80 machines to vanish from the network; 5 racks will "go wonky," with half their network packets missing in action; and the cluster will have to be rewired once, affecting 5 percent of the machines at any given moment over a 2-day span, Dean said. And there's about a 50 percent chance that the cluster will overheat, taking down most of the servers in less than 5 minutes and taking 1 to 2 days to recover."

[From the article:

To operate on Google's scale requires the company to treat each machine as expendable.



Beware the iPhone 2.0

http://digg.com/apple/The_iPhone_patent_Steven_P_Jobs_inventor

The iPhone patent: Steven P. Jobs, inventor

engadget.com — The US Patent and Trademark Office has revealed a mammoth document that can only be described as The iPhone Patent, a 371-page spectacular that covers Apple's handheld multi-touch UI paradigm in excruciating detail. Steve himself wasn't the least bit shy about taking credit atop an entire column of company A-listers for inventing the iPhone's ...

http://www.engadget.com/2008/05/30/the-iphone-patent-steven-p-jobs-inventor/

[From the article:

The application also mentions "modules" for video conferencing, GPS, and other currently non-existent (though widely expected) functionality.



Gartner is a well respected group with contacts in most IT shops across the country. Worth looking at their list

http://it.slashdot.org/article.pl?sid=08/05/30/1810234&from=rss

Gartner Reveals Top 10 Technologies For Next Four Years

Posted by ScuttleMonkey on Friday May 30, @03:30PM from the guessing-game dept. IT Technology

Dr. Jim writes

"The good folks over at the Gartner Group have revealed the top 10 technologies that they believe will change the world over the next four years. The usual suspects including multi-core chips, virtualization, and cloud computing are on the list. Multicore servers and virtualization will mean that firms will need fewer boxes, and apps can be easily moved from box to box (and right out the door to an outsourced data center). Workplace social networks and cloud computing means that the need for a centralized IT department will go away. Firms will no longer need to own/maintain the boxes that they use to run their firm's apps. With no need to touch a box, there will be no need to have the IT staff co-located with the boxes."



I like lists and I'm cheap. This list feeds both of my addictions.

http://www.makeuseof.com/tag/free-open-source-counterparts-of-windows-software/

Free Open Source Counterparts of Windows Software

May. 28th, 2008 by Varun Kashyap

... But wait I am not finished yet, keep visiting often and check back because soon we will be replacing the complete Adobe Creative Suite with open source software!

Posted by at
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)