Tuesday, August 12, 2008

If I read this correctly, someone used Wells Fargo's password (no indication access was better protected) to access the “consumer credit” vendor's database. This is the first I've see this kind of third party breach. I might ask why no one noticed 7000 extra transactions. (Who got the bill?)

http://www.pogowasright.org/article.php?story=20080811180038207

Wells Fargo code used to illegally access consumer data

Monday, August 11 2008 @ 06:00 PM EDT Contributed by: PrivacyNews

Wells Fargo Bank NA is in the process of notifying some 7,000 individuals that a thief may have accessed their Social Security numbers and other personal information by illegally using the financial services firm's access codes.

The bank learned of the compromise on July 1 when MicroBilt Corp., a reseller of consumer data, notified it of suspicious transactions made using the Wells Fargo access codes, a spokeswoman for the San Francisco-based bank said today. The codes are used by Wells Fargo employees to gain access to consumer credit data.

Source - Computerworld

[From the article:

... The compromise was first reported by The Breach Blog

... McCorkell told Ayotte that the bank lacks contact information for all but about 2,400 [since the bank was not accessing this data, they would have no record of the individual... Bob] of the affected individuals. The bank is in the process of finding addresses for the others, it added.



Harris County seems to have a lot of breaches. This is merely the latest.

http://breachblog.com/2008/08/11/hchd.aspx

Lost or stolen Harris County Hospital District flash drive

Posted by Evan Francen at 8/11/2008 9:04 AM

"A low-level Harris County Hospital District administrator probably violated federal law when she downloaded medical and financial records for 1,200 patients with HIV, AIDS and other medical conditions onto a flash drive that later was lost or stolen"



Note how quickly an encryption program can be implemented when management is motivated.

http://www.pogowasright.org/article.php?story=20080811180518980

TSA Reinstates Verified Identity Pass, Inc. Clear(R) Registered Traveler Enrollment

Monday, August 11 2008 @ 06:05 PM EDT Contributed by:PrivacyNews

The Transportation Security Administration (TSA) announced today that Verified Identity Pass -- operator of Clear(R) -- has met program encryption standards for enrollment computers and may resume Registered Traveler enrollment immediately.

This change comes after Verified Identity Pass reported an unencrypted Clear(R)-owned laptop computer containing data of approximately 33,000 customers was missing from San Francisco International Airport. The laptop was later recovered by Clear(R) officials at the airport. It was voluntarily surrendered to TSA officials for forensic examination. The results of that exam remain under review.

Source - Marke*censored*ch

[Note that the URL listed here has been *censored* -- Apparently we are to be protected from reality when someone (or their program) detects some unacceptable word or phrase in the URL. Without comment, here is the actual URL for that article:

http://www.marketwatch.com/news/story/tsa-reinstates-verified-identity-pass/story.aspx?guid=%7BFAD082B1-9B61-41BC-868F-ABDAD768D7E9%7D&dist=hppr


Related If the thief had replaced it before it was discovered missing, it would have been a perfect crime...

http://www.pogowasright.org/article.php?story=20080811135550563

SFO: INVESTIGATORS BELIEVE LAPTOP WAS STOLEN, NOT MISPLACED (follow-up)

Monday, August 11 2008 @ 01:55 PM EDT Contributed by: PrivacyNews

Authorities said today they believe a laptop that went missing from a locked office at San Francisco International Airport last month then reappeared more than a week later was stolen, not misplaced.

Source - CBS5.com


Related: Did the thief add some “applicants” to the laptop before returning it, or is Clear sucking in data from other sources?

http://techdirt.com/articles/20080808/1322311934.shtml

TSA Vendor Who Lost Laptop Apologizing To People Who Didn't Even Apply

from the good-record-keeping dept

We recently wrote about how TSA-approved vendor, Verified Identity Pass, had lost a laptop containing all sorts of unencrypted data on people who had applied to be a part of the TSA's "fast pass" Clear program (letting you skip the long security lines for a $100/year). While the laptop was eventually found (in the same place it was lost), the company insists that no data on the laptop was compromised, and has sent out emails to applicants for Clear. But, it appears that at least something is amiss as David Weinberger received one of the emails despite never having applied for the program. So apparently they're just informing people at random now. Or someone else applied in Weinberger's name. Makes you feel very secure, doesn't it?



“We have rules for limiting your access, but the program varies the rules for each user.”

http://digg.com/tech_news/Twitter_Limits_Following_to_2_000

Twitter Limits Following to 2,000

brentcsutoras.com — In an attempt to stop spammers, Twitter users can now only add up to 2,000 followers before being limited and receiving this error message: "You are unable to follow more people."

http://www.brentcsutoras.com/2008/08/11/twitter-limits-following-to-2000/

[From the article:

Twitter user “jpostman” sent me a link to an update from one of Twitter’s technical support staff verifying that there are limits that change for each person.



For your security manager? (And my students)

http://books.slashdot.org/article.pl?sid=08/08/11/1243258&from=rss

Stepping Through the InfoSec Program

Posted by samzenpus on Monday August 11, @01:59PM from the read-all-about-it dept. Security

Ben Rothke writes

"For those who want to stay current in information security, Stepping Through the InfoSec Program is a great book to read after The Pragmatic CSO: 12 Steps to Being a Security Master. While The Pragmatic CSO provides a first-rate overview of the higher-level steps to being a CSO and building an information security program, Stepping Through the InfoSec Program provides the low-level details and nitty-gritty elements on just how to do that."

Keep reading for the rest of Ben's review.



Security in the cloud – a topic my Security Engineering class is tackling with interesting results!

http://tech.slashdot.org/article.pl?sid=08/08/12/1113259&from=rss

What Do You Do When the Cloud Shuts Down?

Posted by CmdrTaco on Tuesday August 12, @08:22AM from the more-to-think-about dept. The Internet Data Storage

jbrodkin writes

"Can you trust your data to the cloud? For users of an online storage service called The Linkup, formerly known as MediaMax, the answer turned out to be a resounding "no." The Linkup shut down on Aug. 8 after losing access to as much as 45% of its customers' data. "When we looked at some individual accounts, some people didn't have any files, and some people had all their files," The Linkup CeO Steve Iverson admits. None of the affected users will get their lost data back. Iverson called it a "worst-case scenario.""

[From the article:

The Linkup Web site has a message saying the service is no longer available and urges visitors to try out another storage site called Box.net. The Linkup had about 20,000 paying subscribers, according to the Industry Standard.


Related

http://digg.com/tech_news/MobileMe_Mail_and_Gmail_Go_Down_Simultaneously

MobileMe Mail and Gmail Go Down Simultaneously

db.tidbits.com — For a period of several hours on 11-Aug-08, both MobileMe Mail and Google's Gmail were both inaccessible for many users, although Gmail reportedly remained accessible for those retrieving email via IMAP and a standalone email client. MobileMe's outage was not accompanied by any acknowledgment but after a few hours it was back up.

http://db.tidbits.com/article/9729?rss


Related (to Gmail)

http://digg.com/security/New_Tool_to_Automate_Cookie_Stealing_from_Gmail_Others

New Tool to Automate Cookie Stealing from Gmail, Others

blog.washingtonpost.com — If you use Gmail and haven't yet taken advantage of a feature Google 
unveiled last week to prevent hackers from hijacking your inbox, now would be an excellent time to do that. A security researcher at the Defcon hacker conference in Las Vegas demonstrated a tool he built that allows attackers to break into your inbox ..

http://blog.washingtonpost.com/securityfix/



We are moving toward 1984. Do we have a duty to spy on our neighbors? Will techies be required to search your hard drives when the computer is being repaired?

http://www.pogowasright.org/article.php?story=20080811121846131

Maine considers making techs report child porn

Monday, August 11 2008 @ 12:18 PM EDT Contributed by: PrivacyNews

State lawmakers will consider a proposal that would require computer repair technicians to report any child porn they discover to law enforcement officials.

The Legislature’s Judiciary Committee is drafting the bill that would impose a requirement similar to those in place for doctors, teachers and commercial film developers, who are already required to report any form of suspected child abuse or pornography.

Source - Bangor Daily News

[From the article:

The Legislature’s Judiciary Committee is drafting the bill that would impose a requirement similar to those in place for doctors, teachers and commercial film developers, who are already required to report any form of suspected child abuse or pornography.

Sen. Bill Diamond, D-Windham, said it makes sense that all professionals [Geeks is professionals? I doubt it. Bob] should be held to the same standard when it comes to reporting possible abuse.



Intruding on your personal social network? Perhaps you should surrender your 'little black book' too...

http://tech.slashdot.org/article.pl?sid=08/08/11/1847200&from=rss

Who Owns Your Online Networking Contacts?

Posted by kdawson on Monday August 11, @03:35PM from the nothing-personal dept. Social Networks Businesses

Ben Morris writes

"A recent judgement in the UK courts has forced a former employee to hand over details of his business contacts built up through LinkedIn.com while he was employed by his former company. The decision is one of the first in the UK to show the tension between businesses encouraging their employees to use social networking websites, and trying to claim that the contacts should remain confidential when they leave."

[From the article:

The defence was that Hays encouraged employees to use the site, so once these contacts were in the public domain they were free for him to use. The court didn’t agree and the defendant was ordered to disclose all documents, including invoices and emails, that showed any use by of his LinkedIn contacts by him and any business obtained from them.


Related: This was inevitable. How to get out of jury duty?

http://www.bespacific.com/mt/archives/019022.html

August 11, 2008

National Law Journal: Vetting Jurors via MySpace

"As personal information becomes more widely available on blogs, MySpace, Facebook and other social networking Web sites, the Internet has become an important tool for jury consultants and trial lawyers. Such sites are a treasure trove of information about potential and seated jurors that can be used in picking the right jurors, bouncing potential jurors and even influencing jurors during trial and in closing arguments. Jury consultants have begun turning to private investigators, some of whom have started niche businesses offering Internet jury research and "personality profiling" of jurors." [National Law Journal, August 11, 2008 - subscription req'd]



How to use proxies. Bypass all those silly restrictions.

http://howto.wired.com/wiki/Access_Pandora_From_Anywhere_in_the_World

Access Pandora From Anywhere in the World

... Well one solution is to mask your identity by using a proxy server. Pandora blocks users by non-U.S. IP addresses. If you connect to a server in the U.S. and use it as an internet providing middle-man between your PC and Pandora, Pandora won't know the difference. To Pandora's servers, you look like you are the middle-man. Proxies make it possible to rock out to Pandora from anywhere in the world.

Using a proxy to access restrictive web applications on foreign soil isn't just for Pandora. There are web proxies for every state in the United States and almost any country around the world. [Who would you like to be today? Bob] Hiding behind a proxy's IP means access to foreign music stores and other web sites normally blocked to your area. You can even simulate foreign access, or out-of-LAN access, to your own web projects by utilizing proxies.



A new technology needs a new word. Plus ca change, plus c'est la meme chose (Didn't know I “par laid Franche” did ya?

http://www.county29.net/cms2/index.php?option=com_content&task=view&id=17255&Itemid=99999999

Don’t fall victim to “smishing”

Written by Press Release Monday, 11 August 2008

... Smishing (SMiShing) is a form of phishing via SMS (Short Message Service). With Smishing the scammer will send the potential victim a text message on their cell phone posing as a financial institution and direct them to a fraudulent website or direct them to call an 800-number where they will again try to obtain personal or account information.



Ethics Amusing (to me), with lots of quotes I can use! (Unfortunately, he includes a slide show)

http://ralphlosey.wordpress.com/2008/08/10/the-wicked-quadrant-thoughts-on-a-possible-theoretical-construct-to-understand-unethical-behavior-in-e-discovery/

The “Wicked Quadrant” - Thoughts on a Possible Theoretical Construct to Understand Unethical Behavior in e-Discovery

... Some judges I know think that that attorney incompetence in e-discovery is so widespread as to present an ethical crises for the whole profession.

... Most people I have talked with about this problem agree that the failure of the legal profession to keep up with technology can be blamed on two things: (1) the personality and intelligence type of most lawyers; and, (2) the failure of law schools to even try to adapt.

... Most lawyers are not strong in math, science, or engineering. There are exceptions, of course; we call them IP lawyers.

... “The Law” attracts people who are gifted with a particular kind of liberal arts logic intelligence that inclines them to “computer-phobia.”


Related

http://www.itwire.com/content/view/19971/1090/

Why lawyers don't like Linux

by Sam Varghese Tuesday, 12 August 2008

... But, surprisingly, over the past three months two members of the legal profession have taken the time to pen what they, no doubt, consider to be serious objections to the use of FOSS.

In one case, I went into detail about the article and pointed out some of the areas in which it was deficient in reasoning.

This time, I didn't think it worth bothering to do so, because the article contains quite ridiculous claims - and the Groklaw website author, Pamela Jones, has shot down the credibility of the author in a much more forensic manner than I ever could.



Research tool: I'm not as 'concerned' about wikipedia as some of my fellow teachers.

http://digg.com/software/Search_Wikipedia_The_Pro_Way

Search Wikipedia The Pro Way

makeuseof.com — I thus have found some of the best and most accurate Wikipedia search engines to help you get the most accurate information whenever you need it. Here are just some of them (in no particular order):

http://www.makeuseof.com/tag/search-wikipedia-the-pro-way/


At last! Something for my math students!

http://www.killerstartups.com/Web-App-Tools/mathway-com-get-your-calculus-on

MathWay.com - Get Your Calculus On

Calculators are great if you just need a result. They don’t teach you how they got to it. That’s where Mathway.com shines. The site will allow you to solve any type of math problem you’ll come across throughout your school life. Whether you need to learn the fundamentals of adding, or find it hard to solve a particularly nasty integral, you’ll be able to get some basic know-how form the site. To use the site to all its extent, you should read through the help section to understand the basic commands. Once you get that out of the way, a whole new world of math problem solving opens up for you. Just tell the site the problem you can’t solve and it’ll solve it for you, and tell you how to do it too. The step by step process should be good for even the slowest person to understand the basic concepts behind some of math’s most important operations. I tried a basic integral and it solved it really fast, and the step by step explanation was immaculate.

http://www.mathway.com/



Free is good!

http://www.eschoolnews.com/news/top-news/?i=54794;_hbguid=e66bb489-4165-429d-89d4-8c330119601f&d=top-news

Wed, Aug 06, 2008

Free laptop-tracking software now available

Researchers create open-source software that tracks stolen laptops; but it lacks key features, proprietary developers say

By Meris Stansbury, Assistant Editor, eSchool News

... First is cost. Adeona can be downloaded free of charge. Second is privacy. Adeona's developers say it preserves privacy, because no one besides the owner (or an agent of the owner's choosing) can use Adeona to track a laptop.

http://adeona.cs.washington.edu/



Skynet is coming!

http://tech.slashdot.org/article.pl?sid=08/08/12/0121208&from=rss

First All-Drone USAF Air Wing

Posted by ScuttleMonkey on Tuesday August 12, @03:28AM from the going-for-the-high-score dept. The Military Robotics

bfwebster writes

"Strategy Page reports that the United States Air Force has announced its first air wing that will consist entirely of unmanned craft. The 174th Fighter Wing has flown its last manned combat sorties; its F-16s will be entirely replaced by MQ-9 Reapers. Reasons cited include costs (maintenance and fuel) and the drone's ability to stay in the air up to 14 hours, waiting for a target to show itself."



BIGGEST THEFT EVER? When you quote in the devalued Zimbabwe dollar, this sounds HUGE! (This is a Google search link to a defunct page.)

5 years for computer theft

The Herald, Zimbabwe - Aug 8, 2008

TWO men who stole six computers worth over $2 quadrillion donated by President Mugabe to Kuwadzana High School in Banket have been slapped with five-year ...

No comments: