Small scale, but a failure of Access Management.

http://www.pogowasright.org/article.php?story=20080508190031476

DU Students, Alums Warned Of Security Breach

Thursday, May 08 2008 @ 07:00 PM EDT Contributed by: PrivacyNews News Section: Breaches

Some Dominican University students and alumni were notified this week of a breach in security that could have put their personal information at risk.

The university said two students were able to access records on a staff network storage area in April. The files were three spreadsheets from 2003, 2005 and 2007. The data included the names, addresses, phone numbers, birthdays and Social Security numbers of more than 5,000 students, NBC5's Charlie Wojciechowski reported.

Source - NBC5.com

[From the article:

"Dominican University takes information security very seriously. In April, we discovered that two student workers had accessed Excel files containing limited student data by misusing passwords related to their work-study employment [In other words, their access was too broad. Instead of accessing only the files and programs required to do their work, they had access to files they should not have seen... Apparently no managers were disciplined. Bob]

Interesting hobby? (see next article)

http://www.pogowasright.org/article.php?story=20080508100900334

Teenage Hacking Gang Busted in Bavaria

Thursday, May 08 2008 @ 10:09 AM EDT Contributed by: PrivacyNews News Section: Non-U.S. News

Experts at SophosLabs(TM), Sophos's global network of virus, spyware and spam analysis centers, have welcomed the news that German authorities have apprehended 11 people suspected of running a hacking ring.

According to media reports, police arrested suspects aged between 15 and 22 years old in Baden-Württemberg, Hamburg, Lower Saxony North Rhine-Westphalia and Rhineland-Palatinate and confiscated computers for forensic examination.

According to Ausberg police spokesman Manfred Gottschalk, seven of the suspects are under 18 years of age.

Source - Kansas City InfoZine

[From the article:

The gang is said to have been based around an internet forum called 'hacksector' which boasted more than 33,000 members. Authorities claim that the German-language site principal discussions were around hacking and the exchange of stolen credit card information. There was also information published explaining how to create fake German identity cards within minutes. [Makes you wonder about the security of Real ID... Bob]

...or profitable business? Higher priced than I thought, but volume discounts are probably available...

http://www.news.com/8301-10784_3-9939862-7.html?part=rss&subj=news&tag=2547-1_3-0-5

May 8, 2008 5:52 PM PDT

What is your stolen data worth?

... McAfee Avert Labs has discovered a price list that criminals use to buy and sell credit card numbers, bank account log-ins, and other consumer data that have been filched from unsuspecting Web surfers.

[From the article:

It is also possible to purchase skimmers (for ATM machine) [I knew there had to be an Amazon-like hacker supply store. Bob] and “dump tracks” to create fake credit cards. Here too, cost is in touch with the quality:

I will be interested to see how this can be implemented, but I bet the agreement itself is “confidential” (translation: Don't show this to anyone with technical knowledge!)

http://tech.slashdot.org/article.pl?sid=08/05/09/0421208&from=rss

Facebook Agrees To User Safety Plan

Posted by Soulskill on Friday May 09, @05:18AM from the i'm-like-totally-18 dept.

Facebook has reached an agreement with the attorneys general of 49 states and the District of Columbia to develop and enhance controls to protect minors from inappropriate content. This follows a similar commitment from MySpace several months ago. The lone holdout in each case was Texas. News.com notes:

"In the deal, the social network has agreed to develop age verification technology, send warning messages when an under-18 user may be giving personal information to an unknown adult, restrict the ability for people to change their ages on the site, and keep abreast of inappropriate content and harassment on the site. While the agreement is with U.S. state authorities, Kelly said that the tools deployed will apply to Facebook's international users as well. More than half of the site's 70 million users are outside the U.S."

You can justify anything if your try...

http://www.pogowasright.org/article.php?story=20080508164422468

UK: Database logs 'dishonest' employees

Thursday, May 08 2008 @ 04:44 PM EDT Contributed by: PrivacyNews News Section: Non-U.S. News

Companies have launched a database which allows them to share details of employees accused of dishonesty at work.

The National Staff Dismissal Register lets firms log details of staff caught stealing, committing fraud or damaging company property.

Other companies can then use the database to check job applicants' history.

Trade Unions and Civil Liberties groups condemned the move. GMB General Secretary Paul Kenny said: "There will be an enormous kick back against this and GMB as the major union for shop workers will lead the charge."

Source - Grimsby Telegraph

[I found it at: http://ukpress.google.com/article/ALeqM5i9kmH9G2Z2AI6k44VxUglJnCn8_w Bob]

[From the article:

But organisers Action Against Business Crime said the database complied with data protection laws and said 99% of people logged would have their details removed after three years.

... He said: "This is no blacklist. Not everybody who has been dismissed will go on the database. [But everyone on the database will be blacklisted... Bob]

Today's good news/bad news (which has no effect on us Firefox users) There is a work around...

http://www.computerworld.com/action/article.do?command=printArticleBasic&articleId=9083318

Microsoft warns of IE7 lock-in with XP SP3

Gregg Keizer

May 06, 2008 (Computerworld) Microsoft Corp. has warned users updating to Windows XP Service Pack 3 (SP3) that they won't be able to downgrade from Internet Explorer 7 to the older IE6 without uninstalling the service pack.

The warning first appeared in a post Monday to a company blog written by the Internet Explorer development team. Microsoft released Windows XP SP3 to Windows Update as an optional download Tuesday.

... The inability to downgrade to IE6 after installing XP SP3 was by design, said Maliouta, because the service pack includes newer versions of the old browser's files.

Intellectual(?) Property?

http://techdirt.com/articles/20080506/1310251047.shtml

The Happy Birthday Copyright Saga: Generating Millions On A Copyright That May Not Exist

from the but-would-anyone-test-it-in-court? dept

In the past we've joked about the (supposed) fact that the song "Happy Birthday" remains under copyright, due to a copyright originally held by sisters Mildred and Patti Hill, the claimed original authors of the song. However, William Patry points us to a fascinatingly detailed research paper into questions surrounding the copyright. What comes out of it is pretty strong evidence that the copyright is not valid -- but it's never gotten far enough in court to have a decision rendered. Plus, it sounds like many aspects of the "history" of the song really appear to be close to a myth.

The sisters in question may have written the melody, but they almost definitely did not write the lyrics (their original copyright was on a different set of lyrics, "Good Morning to All"). As for the melody, there's plenty of evidence to suggest that it was actually taken from a series of extremely similar songs. So, there's a good chance they wrote neither the melody nor the lyrics. Also, there are numerous questions concerning whether or not the copyright holders correctly followed the various rules required of copyright holders at the time, suggesting that even if there were a legal copyright at some point, it's long since expired. And, of course, there's even some evidence to suggest less-than-legal tactics involved with transferring around some of the interest in the song. Amazingly, however, the legitimacy of the copyright has never been determined in court, and it now generates over $2 million per year. Over 1% of the money that ASCAP distributes to songwriters is for this one song, even though it may not be legitimate. Somehow, I doubt this is what the Founding Fathers intended when they wrote the Constitution.

Not one, but two Digg stories on this. Perhaps this will become the next geek plaything? (I wonder if the Culinary Institute knows this recipe?)

http://www.popularmechanics.com/blogs/science_news/4262690.html

Micro Fueler Is First Ethanol Kit for Brewing Backyard Biofuels on the Cheap

May 8, 2008

NEW YORK — This morning, the E-Fuel Corporation, a Silicon Valley startup, introduced the first ethanol refinery system designed for home use. The Micro Fueler, a backyard fueling station, can create pure E100 ethanol from sugar feed stock. “It’s third-grade science,” says Thomas Quinn, founder and CEO of E-Fuel. “You just mix together water, sugar and yeast, and in a few hours, you start getting ethanol.” The $9995 Micro Fueler has a can fill its own 35-gallon tank in about a week by fermenting the sugar, water and yeast internally, then separating out the water through a membrane filter.