It's never too late to breach your privacy...
http://www.pogowasright.org/article.php?story=20080724060433918
IL: Computer tapes with Social Security umbers lost
Thursday, July 24 2008 @ 06:04 AM EDT Contributed by: PrivacyNews
The AP reports that computer backup tapes containing Social Security numbers of about 19,000 residents and another 1,400 current, former or retired village employees of Tinley Park were lost while being transferred from the village hall to another site within the Chicago suburb on June 23. Some of the information on the tapes goes back 15 years.
Source - Chicago Tribune
Sounds like a perfect mess...
http://www.phiprivacy.net/?p=561
Jul-24-2008
NV: Hospital warns of possible data leak
Saint Mary’s Regional Medical Center sent warning letters this month to about 128,000 patients and clients after a possible intrusion into a proprietary databases.
The database, used for Saint Mary’s health education classes and wellness programs, [What reason would a “health class” have to access this data? Bob] contained personal information such as names and addresses, limited health information and some Social Security numbers. The database did not contain medical records or credit card information, said Gary Aldax, marketing manager for Saint Mary’s.
[...]The potential breach was discovered in April 28. Saint Mary’s officials said they immediately shut down the database and launched an investigation. The delay in notifications occurred because the database had to be reconstructed, Aldax said.
[...]The last time her daughter had anything to do with Saint Mary’s occurred when she got her tonsils removed about 40 years ago, Sheldon said. The letter has Sheldon seething.
Full story - RGJ.com
[From the article:
The potential breach was discovered in April 28. Saint Mary's officials said they immediately shut down the database and launched an investigation. The delay in notifications occurred because the database had to be reconstructed, Aldax said. [Non sequitur? Shutdown does not destroy a database. Bob]
... Eighty-year-old Wilma Sheldon of Reno thought the letter she received -- dated July 15 -- was a scam when she first read it. [“What we've got here is a failure to communicate. Bob] Sheldon said she became especially suspicious after she found out her daughter got a letter, too.
The last time her daughter had anything to do with Saint Mary's occurred when she got her tonsils removed about 40 years ago, Sheldon said. [It's never too late to breach your privacy... Bob] The letter has Sheldon seething.
... To prevent another potential breach, safeguards have been added to the database, said Mike Uboldi, Saint Mary's president and chief executive officer in a news release. [Indication that the database was not adequately secured before the incident (like we didn't know that already) Bob]
"Our first concern is for the continued privacy and well-being of our patients and customers." [Sure. Bob]
Has implications for “Homeland Security” as well...
http://www.pogowasright.org/article.php?story=20080724062635715
Ca: Visa probes Pearson kiosks after reports of fraud
Thursday, July 24 2008 @ 06:26 AM EDT Contributed by: PrivacyNews
An investigation into a suspected security breach at Toronto airport self-service kiosks has caused at least one airline to suspend the use of credit card information as a check-in option.
A spokesperson for WestJet told CTV.ca that customers now have to use their reservation number if they want to bypass the line-up at the counter for a boarding pass.
Source - CTV
[From the article:
WestJet decided to take the step after a report surfaced in The Globe and Mail Wednesday that the financial community is investigating a number of frauds that occurred while people were using the self-service kiosks at Toronto Pearson International Airport.
"There's been no verified threat [Spin Alert: Fraud is not a “verified threat” Bob] to our guests' information, but we want to make sure we take a prudent course of action to protect their information," said WestJet's vice-president of operations, Ken McKenzie. "That's why we're doing this."
Perhaps Identity Theft is a addiction? (or too simple and profitable to resist?) “Hey, I got lawyer bills!”
http://www.pogowasright.org/article.php?story=20080724072247135
Ca: Alleged fraudster rings up 30 new charges (follow-up)
Thursday, July 24 2008 @ 07:22 AM EDT Contributed by: PrivacyNews
A 26-year-old woman already linked by police to a massive credit card and identity fraud scheme in the city is facing 30 additional charges.
In early January, the woman was arrested following a routine traffic stop when she produced two pieces of false identification. A police investigation uncovered a pile of stolen personal information and a computer that contained more than 30,000 credit card files from across the country.
... When police checked in on the woman earlier this month, they found she was no longer living at her last known address. She was located and arrested three days ago, allegedly in possession of counterfeit gift cards and stolen personal information.
Source - Edmonton Journal
[From the article:
Police believe the woman was not acting alone but do not suspect the involvement of organized crime. [Disorganized crime... Bob] Some of the items recovered are believed to be stolen from mail boxes.
What is really going on?
http://yro.slashdot.org/article.pl?sid=08/07/24/0259239&from=rss
Police Director Sues AOL For Critical Blogger's Name
Posted by samzenpus on Thursday July 24, @03:46AM from the tell-us-everything dept. Privacy
Pippin writes
"Memphis Police Director, Larry Godwin, is suing AOL for the names of the authors of the Enforcer 2.0 blog. The blog is rumored to be authored by a Memphis police officer, and is critical of the department, Godwin, and some procedures. Godwin is actually using taxpayer dollars for this and is interestingly, the complaint is sealed".
[From the article:
It wasn't clear if the lawsuit is aimed at shutting down the site or if it's part of an effort to stop leaks that might affect investigations. [Easy to see which side will argue which way... Bob]
... The bloggers also said city attorneys earlier this year wrote a threatening letter on city letterhead to a company that produced T-shirts for the bloggers. [Now, what was the legal argument behind that? Bob]
The latest “We can, therefore we must” kerfuffle... Sort of a “How Not To” for ISPs
http://techdirt.com/articles/20080720/1055151734.shtml
Rogers Looks For New Ways To Annoy Customers, Hijacks Failed DNS Lookups
from the nobody-likes-anti-features dept
Rogers -- a Canadian telco -- has been attracting a lot of negative attention lately between deliberately disabling notifications for cellular roaming charges, setting ridiculous iPhone pricing plans and injecting its own content into Google's home page. As if that wasn't enough, Rogers has started hijacking failed DNS lookups. This means that when a user types in a web address that doesn't exist, instead of getting a "page not found" error, the user is redirected to a search page filled with banner ads and sponsored links. Michael Geist notes that there's an "opt-out" feature, but it doesn't take long to see that it's pretty pathetic. The "opt-out" sends a cookie which just redirects the user to a different Rogers page instead -- a fake "Internet Explorer" error page hosted on the same server. It does essentially the exact same thing, only pretending (poorly, for non-IE users) to revert back to expected behavior. And the option is reset whenever the browser's cookies are cleared. The comments on Geist's post are evidence that many Rogers customers are not pleased (myself included).
This isn't just annoying, it's also a security threat. It breaks how the internet was designed to work; a lot of software is written with the expectation that a DNS lookup for a non-existent domain name will return an error. For example, Kevin Dean notes in the comments on Geist's post how this has caused problems for him accessing his VPN. At first, he thought his computer had been compromised, since Rogers' new "feature" ends up resembling a hostile attempt to redirect traffic to an unknown server.
Some American ISPs already do this, such as Earthlink (which was used to demonstrate the security risk), though it seems to have a slightly better opt-out process, instructing users to configure alternate DNS servers instead of setting a browser cookie. VeriSign had originally tried to do something similar with SiteFinder back in 2003 (though not at the ISP level), but it didn't exactly go over too well. VeriSign reluctantly backed off, though it just recently obtained a patent on the concept. Rogers is the first Canadian ISP to implement the practice and it seems to think it won't meet much resistance. In another comment on Geist's post, Ian relates a telling quote from the FAQs page for Paxfire (the American company handling this for Rogers): "What feedback you do receive typically will come from a small group of highly technical users. Even that feedback tends to fall away after just a few weeks -- as they get used to the new behavior."
Rogers thinks it can just brush off complaints from its users, especially since there really isn't a lot of choice in the Canadian ISP market. However, Rogers should be careful in treading so brazenly into what some consider "net neutrality" territory. Bell Canada (one of Rogers' few competitors) has landed itself in front of a national regulatory body over its throttling practices. Rogers wants to have complete control over its network, but by continually pushing the line they only spur on the debate about net neutrality and government regulation. We haven't heard the last of this.
This is interesting, given “the long tail.” Think it will ever catch on?
http://techdirt.com/articles/20080721/1442081747.shtml
How About Five Year Renewable Copyrights With A Use-It-Or-Lose-It Clause?
from the different-ideas dept
Over the years, we've seen numerous ideas and recommendations for ways to fix copyright, and a popular one is getting rid of the automatic creation of copyright on new works, requiring individuals to actually register that work -- often combined with a shorter time limit on copyrights that would have a renewal option. Larry Lessig has long supported such a system. The thinking is that this still lets those big companies who want to hoard their copyrights forever do so, but opens up plenty of other orphaned content that is locked down just because Disney doesn't want to lose the copyright on Mickey Mouse. Benjamin Krueger points us to Andrew Dubber's recent proposal of switching to a five-year renewable copyright plan, that also includes a use-it-or-lose it clause. Basically, copyright holders who want to retain their copyright can do so, but they have to renew the registration once every five years. And, during those five years, the content has to be available commercially one way or another. This way, if content is being neglected, ignored, abandoned or orphaned, it makes its way into the public domain in short order, where perhaps others can make it more useful. This would seem to fit much more closely with the original purpose of copyright law, though (as per usual), I'm sure there will be many complaints from copyright holders about how such a system would destroy their rights. When reading through those, though, note that they never seem very concerned with the rights of the public either.
This sounds very similar to the Wiki my security class is designing.
http://www.bespacific.com/mt/archives/018864.html
July 23, 2008
Google Launches Online Topical Knowledge Resource
Official Google Blog: "A few months ago we announced that we were testing a new product called Knol. Knols are authoritative articles about specific topics, written by people who know about those subjects. Today, we're making Knol available to everyone.
The web contains vast amounts of information, but not everything worth knowing is on the web. An enormous amount of information resides in people's heads: millions of people know useful things and billions more could benefit from that knowledge. Knol will encourage these people to contribute their knowledge online and make it accessible to everyone.
The key principle behind Knol is authorship. Every knol will have an author (or group of authors) who put their name behind their content. It's their knol, their voice, their opinion. We expect that there will be multiple knols on the same subject, and we think that is good."
Bill (Squeeze 'em for every penny) Gates must be dumping his shares...
Microsoft Drops Player Fees On Games For Windows Live
The service is cross-compatible with Microsoft's Xbox Live network, which lets Xbox 360 owners play games against each other online.
By Paul McDougall InformationWeek July 23, 2008 02:36 PM
Microsoft said late Tuesday that it will no longer charge a fee for PC game players who wish to connect with each other over the company's Games For Windows Live online service.
Games For Windows Live is "now offering completely free online multiplayer" service, Microsoft said in a statement posted on the service's Web site. The company previously charged a monthly fee of $7.99. However, the emergence of several free online gaming services may have prompted Microsoft to drop the monthly charge. [This can't be the entire reason Bob]
For your security manager...
http://tech.slashdot.org/article.pl?sid=08/07/23/2214245&from=rss
Researchers Create Highly Predictive Blacklists
Posted by samzenpus on Wednesday July 23, @10:32PM from the evil-detector dept. Security The Internet IT
Grablets writes
"Using a link analysis algorithm similar to Google PageRank, researchers at the SANS Institute and SRI International have created a new Internet network defense service that rethinks the way network blacklists are formulated and distributed. The service, called Highly Predictive Blacklisting, exploits the relationships between networks that have been attacked by similar Internet sources as a means for predicting which attack sources are likely to attack which networks in the future. A free experimental version is currently available."
Ditto (Long winded)
http://news.cnet.com/8301-1009_3-9998269-83.html?part=rss&subj=news&tag=2547-1_3-0-5
July 23, 2008 5:15 PM PDT
Pairing your cell with Bluetooth? Buyer beware
Posted by Elinor Mills
... Security experts discussed the risks to Bluetooth users at the Last HOPE (Hackers on Planet Earth) conference in New York last weekend, warning people to change the default password, turn off the headsets when not in use, and limit access to the data when communicating with other devices.
... On Wednesday, the U.S. CERT (Computer Emergency Readiness Team) decided the Bluetooth security risk was serious enough to publish a security advisory about it.
Related? For all you cell phone addicts... Lawyers: Consider this an early Potential Class Action Alert! (or as we non-lawyers see it: Chum in the water.)
http://hosted.ap.org/dynamic/stories/C/CELL_PHONE_WARNING?SITE=VALYD&SECTION=HOME&TEMPLATE=DEFAULT
Jul 24, 7:13 AM EDT
Pittsburgh cancer center warns of cell phone risks
By JENNIFER C. YATES and SETH BORENSTEIN Associated Press Writers
PITTSBURGH (AP) -- The head of a prominent cancer research institute issued an unprecedented warning to his faculty and staff Wednesday: Limit cell phone use because of the possible risk of cancer.
Tools & Techniques: Phone Hacks (and another example of Kevin Mitnick cashing in...)
http://news.cnet.com/8301-13554_3-9997976-33.html?part=rss&subj=news&tag=2547-1_3-0-5
July 23, 2008 6:25 PM PDT
Hacking Caller ID: unblocking blocked phone numbers
Posted by Michael Horowitz
Lawyers use Macs?
http://www.technewsworld.com/rsstory/63916.html
Mac Wares for the Jurisprudence Crowd
By Erika Morphy MacNewsWorld Part of the ECT News Network 07/24/08 4:00 AM PT
"The Jury Loved My iBook" is how Peter Zavaletta begins his testimonial on MacLaw Online. A personal injury and medical malpractice attorney in Brownsville, Texas, Zavaletta attributes his victory in an obstetrical negligence case in part to his array of Mac tools.
Which is cheaper, Traffic tickets or tools to avoid traffic tickets? (Don't even consider obeying the law?)
http://www.reuters.com/article/technologyNews/idUSPAR37080520080723
Website claims to help drivers avoid speed traps
Wed Jul 23, 2008 3:46pm EDT
NEW YORK (Reuters) - Drivers in most of the United States and some of the UK can find out where the police speed traps and so-called red-light cameras are on the Internet -- for free.
But, U.S. drivers can also download that information to their car's GPS system for a fee.
... Atkinson, whose full time job is as a systems engineer, set up the website (http://njection.com) last summer. Most of the information on the speed traps is user generated, [The Internet version of flashing headlights? Bob] and gathered anonymously, he said.
Cloud Security
http://www.technewsworld.com/rsstory/63904.html
Is Web 2.0 Security's Achilles Heel?
By Doug Camplejohn TechNewsWorld 07/24/08 4:00 AM PT
Evolving Web 2.0 technologies -- wikis, blogs, social networking sites, etc. -- have resulted in a mashup of content sources that makes it very difficult to definitively determine the trust level of a particular site, writes Mi5 Networks CEO Doug Camplejohn. Standing up to security threats in such an environment requires a multilayer defense strategy.
... Only 15 percent of organizations are performing the deeper inspection and blocking on Web traffic necessary to protect their employees, according to Gartner.
Should we expect Amazon's Kindle to follow?
http://hosted.ap.org/dynamic/stories/T/TEC_SONY_READER?SITE=VALYD&SECTION=HOME&TEMPLATE=DEFAULT
Jul 24, 1:19 AM EDT
Sony opens up e-book Reader to other booksellers
By PETER SVENSSON AP Technology Writer
NEW YORK (AP) -- With the market for electronic books still relatively sleepy, Sony Corp. is trying a new tack: untethering the latest model of its e-book reading device from its own online bookstore.
On Thursday, Sony will provide a software update to the Reader, a thin slab with a 6-inch screen, so the device can display books encoded in a format being adopted by several large publishers. That means Reader owners will be able to buy electronic books from stores other than Sony's.
No comments:
Post a Comment