Sunday, June 29, 2008

I think this has been reported before, but there is more detail here.

http://breachblog.com/2008/06/28/servicecanada.aspx

Service Canada employee loses flash drive

Posted by Evan Francen at 6/28/2008 11:05 PM

Number Affected: More than 1,500

Types of Data: Name and Social Insurance Number

Breach Description: "Service Canada recently sent a letter to 1500 individuals that where affected by a recent incident. It seems that a USB key, containing the names and social security number of 1500 canadians was lost."



Oh lookie, something for nothing!

http://www.pogowasright.org/article.php?story=20080628192040255

Class-action settlement provides free credit monitoring

Saturday, June 28 2008 @ 07:20 PM EDT Contributed by: PrivacyNews

...Under the terms of a national class-action settlement, you may qualify for six or nine months of daily monitoring of your credit file plus unrestricted access to your credit report and score. To be eligible, you need to have had any form of open credit account - a charge card, student loan, auto loan or mortgage - at any time between Jan. 1, 1987, and this past May 28.

Source - SFGate

[From the article:

An estimated 160 million American consumers can meet that criterion, though eligibility expires Sept. 24.

... Here's a quick overview of the class action and how it might be valuable to you. Under the terms of a settlement agreed to by TransUnion - one of the three dominant credit repositories - you can visit a special Web site ( www.listclassaction.com) or call a toll-free number, (866) 416-3470, to register a claim.

... Think of this remarkable settlement this way: It's free, and it's educational at the very least.



Of course it does! How else will we turn off your cell phone for safer roads, or disable text messaging so students pay attention in class, or take over your TV to allow ubiquitous surveillance? (..and talk about a really fun set of hacking targets!)

http://tech.slashdot.org/article.pl?sid=08/06/29/1147247&from=rss

The Future Has a Kill Switch

Posted by Soulskill on Sunday June 29, @08:50AM from the not-literally-i-hope dept. Security Technology Hardware

palegray.net writes

"Bruce Schneier brings us his perspective on a future filled with kill switches; from OnStar-equipped automobiles and city buses that can be remotely disabled by police to Microsoft's patent-pending ideas regarding so-called Digital Manners Policies. In Schneier's view, these capabilities aren't exactly high points of our potential future. From the article:

'Once we go down this path — giving one device authority over other devices — the security problems start piling up. Who has the authority to limit functionality of my devices, and how do they get that authority? What prevents them from abusing that power? Do I get the ability to override their limitations? In what circumstances, and how? Can they override my override?'

We recently discussed the Pentagon's interest in kill switches for airplanes. At what point does centralizing and/or delegating operational authority over so much of our lives become a dangerous practice of its own?"



The decline of the American Hacker? Can these guys out-hack us? Perhaps we need to do something REALLY big to reclaim the title?

http://www.crn.com/security/208801497

Hackers Hijack Sites of Internet Organizations

By Stefanie Hoffman, ChannelWeb 7:14 PM EDT Fri. Jun. 27, 2008

Turkish hackers broke into two of the most established international Websites that oversee and regulate the Internet in order to reroute visitors to a rogue domain, the New York Times reported Friday.

Two of the domains under attack include the Internet Corporation for Assigned Names and Numbers (ICANN, icann.org) and the Internet Assigned Numbers Authority (IANA (iana.org) -- two organizations that that have dominion over numerous critical functions regarding Internet regulation.

... Zone-h researchers said that they were able to contact the hackers but that "they refused to tell us how they changed the DNS records," in Thursday blog post. The researchers speculated that the hackers might have exploited a cross-site scripting or cross-site request forgery vulnerability to execute the attack.



Soon it will become obvious to organizations that customers don't like this – so they will need to keep it quiet!

http://www.pogowasright.org/article.php?story=2008062815423993

UK: What public authorities do with our personal information

Saturday, June 28 2008 @ 03:42 PM EDT Contributed by: PrivacyNews

Next time you head down to your local supermarket, beware: your every move could be monitored. Intimate surveillance [Is there any other kind? Bob] of the nation’s shopping habits is here. Earlier this month a shopping centre in Portsmouth began tracking its customers’ movements through their mobile phone signals, which were picked up by receivers hidden around the centre. Managers at Gunwharf Quays were able to see the kind of goods people were shopping for, how long they stayed and even when they used the toilets.

The system was condemned by MPs and civil liberty campaigners as a Big Brother-style invasion of privacy, forcing the centre to claim the tactics were only “an experiment”.

Source - Times Online

[From the article:

We live in such an information-hungry economy that it has become almost impossible to perform many everyday tasks without facing a demand for personal data. The majority of people in the UK today have their personal information stored in about 700 databases, according to a recent Which? magazine report.

... Even the police are worried about the so-called “function creep” of legislation designed to protect but increasingly used to snoop. Last week Ken Jones, president of the Association of Chief Police Officers (Acpo), warned at the launch of its annual conference that “the ceding of intrusive powers to local government and other bodies and giving them access to once sacrosanct personal data” was causing widespread unease.

When senior police officers warn about the rise of a Big Brother state you know something is wrong.



This suggests that we don't think bad security is a problem... Can that be true? (“It's not a defect, it's a feature!)

http://it.slashdot.org/article.pl?sid=08/06/28/2016226&from=rss

Thinking of Security Vulnerabilities As Defects

Posted by timothy on Saturday June 28, @04:51PM from the doesn't-everyone-already-think-that dept. Security Bug Software

SecureThroughObscure writes

"ZDNet Zero-Day blogger Nate McFeters has asked the question, 'Should vulnerabilities be treated as defects?' McFeters claims that if vulnerabilities were treated as product defects, companies would have an effective way of forcing developers and business units to focus on security issue. McFeters suggests providing bonuses for good developers, and taking away from bonuses for those that can't keep up. It's an interesting approach that if used, might force companies to take a stronger stance on security related issues."


Related Is your organization (or bank or brokerage account) as secure as your child's online game?

http://games.slashdot.org/article.pl?sid=08/06/29/0633217&from=rss

Blizzard Introduces One-Time Password Devices For WoW

Posted by timothy on Sunday June 29, @05:57AM from the status-symbols dept. PC Games (Games) Security Games

An anonymous reader writes

"Two days ago Blizzard announced that they will be selling keychain tokens to add one-time password support (FAQ) to World of Warcraft. Have compromised World of Warcraft accounts become such a serious problem, that OTPs are already neccesary for games?"



“Let's come up with a perfectly reasonable “public” use, then we can deny any other uses..”

http://rawstory.com/rawreplay/?p=1378

Isikoff: Bush wants satellites for domestic spying

By David Edwards

Read Michael Isikoff’s Newsweek article here.

This video is from MSNBC’s News Live, broadcast June 28, 2008.



Groundbreaking research worth following. Hackers take note (and you marketing types too)

http://www.washingtonpost.com/wp-dyn/content/article/2008/06/27/AR2008062703781.html?referrer=digg

An Attack That Came Out of the Ether

Scholar Looks for First Link in E-Mail Chain About Obama

By Matthew Mosk Washington Post Staff Writer Saturday, June 28, 2008; Page C01

[The video (actually audio with some pictures): http://www.washingtonpost.com/wp-dyn/content/audio/2008/06/27/AU2008062702967.html?sid=ST2008062703939



Control your own Top Level Domain! Anyone want to invest in “.SEX” or “.PORN” or “.SIN?”

http://www.bespacific.com/mt/archives/018676.html

June 27, 2008

Biggest Expansion to Internet in Forty Years Approved for Implementation

News release, June 26, 2008: "The Board of ICANN today approved recommendation that could see a whole range of new names introduced to the Internet's addressing system. "The Board today accepted a recommendation from its global stakeholders that it is possible to implement many new names to the Internet, paving the way for an expansion of domain name choice and opportunity" said Dr Paul Twomey, President and CEO of ICANN. A final version of the implementation plan must be approved by the ICANN Board before the new process is launched. It is intended that the final version will be published in early 2009.

"The potential here is huge. It represents a whole new way for people to express themselves on the Net," said Dr Twomey. "It's a massive increase in the 'real estate' of the Internet."

Presently, users have a limited range of 21 top level domains to choose from — names that we are all familiar with like .com, .org, .info.

This proposal allows applicants for new names to self-select their domain name so that choices are most appropriate for their customers or potentially the most marketable. It is expected that applicants will apply for targeted community strings such as (the existing) .travel for the travel industry and .cat for the Catalan community (as well as generic strings like .brandname or .yournamehere). There are already interested consortiums wanting to establish city-based top level domain, like .nyc (for New York City), .berlin and .paris.



For my website class and anyone who collects videos...

http://www.makeuseof.com/tag/4-quick-ways-to-download-youtube-videos-off-the-net/

4 Quick Ways To Download YouTube Videos Off The Net

Jun. 27th, 2008 by Abhijeet Mukherjee

YouTube, the most popular video sharing site on the internet, allows its users to upload and share videos easily but doesn’t provide any way to download them.

So if you are a YouTube fan and would love to download some of the videos to your computer so that you may watch them again, without the need to visit the site again, then here are 4 quick ways to do that.

[...and there are many sites like http://zamzar.com/ that work on YouTube and other video sites. Bob]

No comments: