Another third party breach. I wonder how many companies (99%?) give sensitive data to outsiders without specifying how it is to be protected?
http://www.pogowasright.org/article.php?story=20080626182755900
TX: Workers' data stolen from DPS-contracted company
Thursday, June 26 2008 @ 06:27 PM EDT Contributed by: PrivacyNews
... A lockbox containing the information of 826 Texas state employees was taken from the home office of an employee of L-1 Identity Solutions, a private company contracted by the Department of Public Safety to do fingerprinting.
Notices are in the mail to inform the hundreds of victims that their names, home addresses, dates of birth, driver's license and Social Security numbers are in the hands of criminals. About 100 of those people work for the State Board of Education, and this is happening less than a year after the Texas Legislature mandated that all education employees submit their fingerprints for criminal background checks.
Source - KXAN
Follow-up This is the one Citibank has been reluctant to comment on.
http://news.slashdot.org/article.pl?sid=08/06/26/1932233&from=rss
Crooks Nab Citibank ATM Codes, Steal Millions
Posted by timothy on Thursday June 26, @04:07PM from the ha-ha-you-can't-steal-it-if-I-lose-it-first dept. Security The Almighty Buck IT
An anonymous reader writes
"Citibank is reissuing ATM cards following a December server breach in which hackers stole customer PIN codes, Wired reports. In recent months the FBI has arrested 10 people in the New York area who were allegedly involved in using the codes to steal over $2 million from Citibank checking and savings accounts, including two Ukrainian immigrants who were each caught with $800,000 in cash stashed in boxes and shopping bags in their homes. Some of the suspects are cooperating, telling the feds that they've been working for a Russian hacker. They use magstripe writers to encode the stolen account numbers onto blank cards, then hit ATMs in New York, and transfer 70% of the loot back to Russia."
[From the article:
Six months after the 2007 breach, Wired.com is receiving scattered reports of Citibank customers still suffering mysterious withdrawals from their bank accounts.
The FBI believes the brains behind the operation is a Russian man, who's receiving the lion's share of the profits through international wire transfers and online-payment systems. While Citibank and federal officials are being closed-mouthed about the PIN theft and the ensuing fraud, the Citibank heist provides a rare look at how a single high-value breach reverberates through the international "carding" community of bank-card fraudsters. What's more, neither Citibank nor the third-party transaction processor involved in the breach has warned consumers to watch for fraudulent withdrawals, raising questions about the disclosure policies in the financial industry. Citibank spokesman Robert Julavits says the bank "has complied with all applicable notification requirements."
... Meanwhile, there's evidence that the fraud is not confined to the Big Apple. Rahul Kumar, a transportation consultant in San Diego, says someone took $3,000 from three of his Citibank accounts on June 15, while his ATM card was safely in his wallet.
Interesting in a “If we don't start planning/doing this, we'll have to scramble (spend more with less useful results) when it becomes mandatory” perspective...
http://www.securityfocus.com/brief/764?ref=rss
EU advisors: Secure ISPs, form "cyber-NATO"
Published: 2008-06-26
HANOVER, NH -- Academic researchers tasked with making information-security recommendations to the European Union called for rules to force Internet service providers to clean up their networks, for the passage of a comprehensive breach-disclosure law, and for the formation of a group to manage and aid international investigations.
The fifteen recommendations, part of a report (pdf) prepared by University of Cambridge researchers and funded by the European Network and Information Security Agency (ENISA), could form the basis of future rules governing EU members, said Tyler Moore, a researcher and PhD student at University of Cambridge, who presented the work on Thursday at the Workshop on the Economics of Information Security (WEIS) 2008.
Related At least there is some evidence we know what to do, NOW DO IT!
Antispam group outlines ways to block spam from botnets
MAAWG recommends new best practices for ISPs to stop increasing volumes of spam
By Jeremy Kirk, IDG News Service June 26, 2008
A major antispam organization is pushing a set of new best practices for ISPs to stop increasing volumes of spam from botnets.
The guidelines, from the Messaging Anti-Abuse Working Group (MAAWG), were drawn up at a meeting in Germany last week and deal with forwarded e-mail and e-mail that is sent from dynamic IP addresses.
IT is moving into the cloud – deal with it.
http://www.killerstartups.com/Web-App-Tools/humyo-com-lots-of-free-storage/
Humyo.com - Lots of Free Storage
Online storage sites are a dime a dozen these days. The majority of them give you a gig or two free of storage and then offer variously priced package plans for more storage, more gigs. But it's not always cheap, which is why Humyo is a treasure chest as far as online storage sites go. Humyo is a German based online storage mecca that acts as a replacement for your hard drive. You actually get 30gb storage free right off the bat when you open an account. You can store and play media files direct from the site. You can keep all your pc's synced and backed up without ever having to transfer files. Humyo is accessible worldwide with internet access. There's plenty of other handy features as well. You can publish any content such as photos or videos easily; you can share and send files at whim; and you can even access your info from your smartphone, which means unlimited storage always on hand. Humyo is secure too. Sign up to join.
This changes the “IT ecosystem”
Survey: 8 in 10 businesses now using Macs
Apple has made significant inroads with corporate users as the percentage of businesses using Macs has doubled in the past two years
By Gregg Keizer, Computerworld June 26, 2008
This is interesting. If politicians don't do this themselves, some very non-flattering alternatives are likely to appear.
http://techdirt.com/articles/20080626/1824551529.shtml
Politicians Embracing Technology To Actually Communicate With Constituents
from the warms-my-heart dept
Network neutrality in a country that respects politeness...
http://techdirt.com/articles/20080625/1933101519.shtml
Japanese Broadband Caps Compared To US Broadband Caps
from the take-a-look-around dept
With various US broadband firms implementing usage caps sometimes as low as 5GBs/month, we are quite concerned about how these moves will hinder innovation by effectively placing much greater mental transaction costs on using any kind of application online. In defense of these caps, some have pointed out that even Japanese ISPs (sometimes used as an example of a much better broadband system than in the US) are also implementing caps.
Broadband Reports now has the details on some of those caps, and they're much higher than in the US (just like Japan's broadband speeds). The cap is 30 gigs per day of upload. There are no download caps. So, yes, the Japanese caps (that some want to use as an example of why caps are necessary) are many times greater per day than what some US firms want to offer per month -- and it's only for upload, rather than download. Suddenly, I get the feeling we'll be hearing the example of Japanese broadband caps a lot less frequently.
The FBI continues to “not get it” If they have no plan, how will they know they have succeeded?
http://www.pogowasright.org/article.php?story=20080626195737635
FBI Data-Mining Slashed After G-Men Dis Congress
Thursday, June 26 2008 @ 07:57 PM EDT Contributed by: PrivacyNews
There was a time, early in the war on terror, when agencies like the FBI could have told Congressional investigators to go to hell, without paying much of a price. Not any more. Earlier today, a House appropriators voted to pull $11 million to expand a controversial FBI data-mining project, after the Bureau repeatedly stiff-armed Congressmen and their gumshoes in the Government Accountability Office.
Source - Danger Room blog
[From the article:
In fact, we’re only doing what they told us to do,” said Congressman Brad Miller in a statement. “The Department of Justice... said that if Congress didn’t like what they were doing, we could pull their funding. Well, that’s what we’ve done...
... The G-Men claimed they had "no written plans" that "would provide any meaningful details," because the center was not yet "operational."
... But the mission of NSAC has expanded far beyond that limited purpose and scope and the Justice Department claims that with this new data mining center’s access to billions of personnel records the “universe of subjects will expand exponentially.” The potential for abuse and the possibility that innocent American citizens will become wrongfully ensnared within the FBI’s growing web of potential suspects is a grave concern.
Counter-surveillance: Obvious why you might want to confuse a cruise missile, but your boss? Grounds for instant dismissal?
http://tech.slashdot.org/article.pl?sid=08/06/27/0426216&from=rss
Intentional GPS Jamming On the Increase
Posted by timothy on Friday June 27, @05:27AM from the can-you-find-me-now-can-you-find-me-now dept. Security IT Technology
benst writes
"Here's yet another way to measure the success of GPS: by the efforts to negate it. While unintentional jamming continues to rise, intentional jamming by both foreign military forces and at-home miscreants of various stripes also has shown increased vigor in the past six months. Related here are recent instances of intentional jamming on each side of the border, and (briefly outlined) one initiative mounted by the National Geospatial Intelligence Agency (NGA) to counteract it. Also here ways to detect and prevent jamming."
[From the article:
Meanwhile, several Internet sites offer small, localized GPS jammers for sale in the U.S. domestic market. These include a "GPS Blocker" with an advertised 10-meter to 20-meter range for roughly $200. "Just plug into a standard cigarette lighter with 12 V for power," says the web page, "and it will automatically protect you from any GPS tracking on and within your vehicle. This is a popular item with sales personnel and delivery drivers, who wish to take lunch or make a personal stop outside of their territory or route."
We need this kind of analysis, even if it is brief and anecdotal, to help us plan to deal with the paradigm coming soon to all organizations. (Even the comments are worth reading)
http://tech.slashdot.org/article.pl?sid=08/06/26/1339227&from=rss
A Marine's-Eye View of the Networked Battlefield
Posted by CmdrTaco on Thursday June 26, @10:58AM from the so-it's-not-like-starcraft-at-all-then dept. The Military
Ian Lamont writes
"Tyler Boudreau, a Marine veteran of the war in Iraq and a blogger, has written an interesting analysis of the impact of email, IM, and other digital devices upon 'ground-pounders' and their commanders in the field. These innovations were introduced in hopes of increasing situational awareness, rapidly gathering data, analyzing it, organizing it, and then pushing it back out to operators as actionable intelligence. They also provide commanders with the freshest possible information and aid them in their moment-to-moment decision-making. However, Boudreau found that the technologies can lead to micromanagement and deep frustration, trends that he illustrates by describing a shooting incident in al Anbar and its aftermath. He also warns that soldiers can become too dependent upon headquarters for critical decisions, which can lead to dangerous situations when communications get cut off."
Is it normal to arrest someone for speeding? Is this in fact 22 separate offenses? How come no live cops noticed her? Does it take more than 45 days to send her a ticket? (If she had received several tickets, I could see why they might want to arrest her.)
Driver arrested after speeding 22 times in 45 days
AP Wed Jun 25, 10:49 PM ET
PHOENIX - A Nevada woman has been arrested after photo enforcement cameras on a Phoenix freeway captured her behind the wheel of a car speeding 22 times in a 45-day span, authorities said.
The woman, 24, was arrested by Arizona Department of Public Safety officers on suspicion of criminal speeding, reckless driving and endangerment.
During a 45-day period starting in May, DPS officials said the woman was captured by photo enforcement cameras on Loop 101 in Scottsdale 22 times, with her top speed at 92 mph.
The woman was living in Arizona temporarily when officers arrested her at her parent's north Scottsdale home last Friday, officials said.
Related?
http://www.pogowasright.org/article.php?story=20080627060633568
Schneier: CCTV doesn't keep us safe, yet the cameras are everywhere
Friday, June 27 2008 @ 06:06 AM EDT Contributed by: PrivacyNews
Pervasive security cameras don't substantially reduce crime. There are exceptions, of course, and that's what gets the press. Most famously, CCTV cameras helped catch James Bulger's murderers in 1993. And earlier this year, they helped convict Steve Wright of murdering five women in the Ipswich area. But these are the well-publicised exceptions. Overall, CCTV cameras aren't very effective.
Source - Bruce Schneier, writing in Guardian
[From the article:
Cameras afford a false sense of security, encouraging laziness when we need police to be vigilant.
... Additionally, while a police officer on the street can respond to a crime in progress, the same officer in front of a CCTV screen can only dispatch another officer to arrive much later. By their very nature, cameras result in underused and misallocated police resources.
... And from some perspectives, simply moving crime around is good enough. If a local Tesco installs cameras in its store, and a robber targets the store next door as a result, that's money well spent by Tesco. [In most cases, your security only needs to be obviously better than the alternative victim Bob] But it doesn't reduce the overall crime rate, so is a waste of money to the township.
Related – another insecure security technique... Note that not all organizations react the same way.
http://news.cnet.com/8301-10789_3-9978486-57.html?part=rss&subj=news&tag=2547-1_3-0-5
London transit cards cracked and cloned
Posted by Robert Vamosi June 26, 2008 1:43 PM PDT
Last week a Dutch researcher rode free on the London transit system, having hacked the public transit system's card system; he used a clone of a paying passenger's transit cards. His point? The transit smartcards, which are used my millions worldwide, are vulnerable to attack.
... Once he obtained the key used by the London transit system, Dr. Jacobs then brushed up aside passengers carrying Oyster cards. Wirelessly, Jacobs collected the person's card information on his laptop and later he was able to use that data to clone a fresh transit card and gain free access to the London transit system.
You can watch a video of a similar attack conducted on work access cards.
... The Dutch government is already taking that advice. A ministry official told the Times that the government is replacing the cards of all 120,000 civil servants at central government level. A spokesperson for the London transit system downplayed the importance of Dr. Jacobs' experiment and told the Times, "This was not a hack of the Oyster system. It was a single instance of a card being manipulated."
The Mifare Classic is produced by NXP Semiconductors, a company based in the Netherlands. The encryption used in the cards has been shown to be broken.
Has video replaced “light summer reading?” If so, you might want to view this one...
http://digg.com/educational/Google_Behind_the_Screen_5
Google: Behind the Screen watch!
youtube.com — This 50 minutes documentary gives an in-depth look in the world of Google and search. What if all the world's information would be available and easy to find? What if all the news, all books, all texts, photographs and videos would be collected in one place, and made available, always and everywhere? This is the goal of Google, and the com...
http://www.youtube.com/watch?v=TBNDYggyesc
Having grown up watching commercial TV I automatically 'tune-out' commercials – this “skill” translated easily to the Internet. I guess there are lots of prople who never learned to do this?
http://techdirt.com/articles/20080626/0055131522.shtml
Don't Blame Rick752 For Blocking Ads; Blame Those Who Made Ads Annoying
from the get-over-it dept
The Washington Post is profiling the semi-anonymous Rick752, a mid-50s guy in upstate NY who puts together and maintains EasyList, an extremely popular list that powers the popular AdBlock Firefox extension. Basically, (for the 12 of you who don't know) it lets people surf without seeing advertisements. And, of course, this pisses people off, unreasonably. The article is full of examples of sites either trying to block AdBlock or begging people not to use it, along with quotes from people whining about how if ads are blocked there will be less content online.
You should know by now that I love lists – especially those that point me to “new stuff”
http://www.technewsworld.com/rsstory/63527.html?welcome=1214575671
10 Great Software Programs You Can Get Gratis
By Peter Grad The Record 06/27/08 4:00 AM PT
[If you do nothing else, check these:
Coming out of left field in an already crowded category of Photoshop competitors, this beauty of a program is simply amazing. Features such as a gradient tool that blends images and colors in real time to generate stunning effects, a cloning tool that makes blemishes, obstructions and other unwanted elements disappear, red-eye removal, layer manipulation and a battery of slick filters make this one of the best graphics editors you're likely to find.
ooVoo 1.6.1
There are several free Internet-based telephony programs available, but ooVoo is easily the slickest-looking one, and it performs beautifully. Have your friends download a copy, and make unlimited-length calls to them for free, anywhere, anytime. Try out the free video phone call feature as well.
No comments:
Post a Comment