An interesting article, it might even serve as an initial outline for national breach notification law?

http://www.pogowasright.org/article.php?story=20080825065737787

ITRC: Breaches Blast ’07 Record

Monday, August 25 2008 @ 06:57 AM EDT Contributed by: PrivacyNews

With slightly more than four months left to go for 2008, the Identity Theft Resource Center (ITRC) has sent out a press release saying that it has already compiled 449 breaches– more than its total for all of 2007.

As they note, the 449 is an underestimate of the actual number of reported breaches, due in part to ITRC’s system of reporting breaches that affect multiple businesses as one incident.

.... More important than the individual numbers, perhaps, are the details of a breach, something that is often lacking or glossed over in reports. As one example, when third party benefits administrator Administrative Systems, Inc., disclosed that its office had been burgled in December 2007, it did not reveal the total number of clients affected, nor the total number of individuals whose unencrypted data were on the stolen computer. Given that just one of the dozens of clients informed this site that it had to notify 250,000 of its customers, the numbers for that breach might be staggering. But more importantly, perhaps, ASI’s notification letter did not tell those affected that ASI suspected that the computer had been stolen by an employee, nor that in the course of the burglary, the thieves walked past newer computers and only took the one computer that had all the client data on it. That information was never publicly revealed and only came to light when this site obtained the police reports in response to a Freedom of Information request. Although we can be somewhat understanding of the need for discretion during an ongoing investigation (in this case, the police were not able to determine the identity of the thieves and the case is on inactive status), if you were one of those affected, would knowing that the firm suspected one of its own employees and that the thieves had ignored closer and newer computers and only taken the one with personal information influenced your level of concern or any steps you might take to protect yourself? ASI did nothing wrong as far as the laws on disclosure and notification go. But are we requiring too little?

[...]

Source - Chronicles of Dissent blog

...because...

http://www.pogowasright.org/article.php?story=20080825060011478

Data “Dysprotection:” breaches reported last week

Monday, August 25 2008 @ 06:00 AM EDT Contributed by: PrivacyNews

A recap of incidents or privacy breaches reported last week for those who enjoy shaking their head and muttering to themselves with their morning coffee.

Source - Chronicles of Dissent

Students: Does this suggest topics for papers?

http://www.pogowasright.org/article.php?story=20080825055753479

Failure to guard customers' data is costly for businesses

Monday, August 25 2008 @ 05:57 AM EDT Contributed by: PrivacyNews

... Visa and the U.S. Chamber of Commerce have launched a national campaign to teach small businesses how to protect customer information. They spoke on the topic last week at a program hosted by the Greater Irving-Las Colinas Chamber of Commerce.

Increasingly, international hackers are targeting small businesses, said Diana Greenhaw, a Visa security expert.

A Visa analysis found that small businesses accounted for more than 80 percent of the data security breaches last year, she said.

Source - Dallas Morning News

Tools & Techniques: Google Impersonation

http://digg.com/security/That_Password_Protected_Site_Of_Yours_It_Ain_t_Protected

That Password-Protected Site Of Yours - It Ain't Protected

theregister.co.uk — It's one of the simplest hacks we've seen in a long time, and the more elite computer users have known about it for a while, but it's still kinda cool and just a little bit unnerving: A hacker has revealed a way to use Google and other search engines to gain unauthorized access to password-protected content on a dizzying number of websites.

http://www.theregister.co.uk/2008/08/22/accessing_restricted_sites/print.html

[From the article:

While plenty of webmasters require their visitors to register or pay a fee before viewing certain pages, they are typically more than eager for search engine bots to see the content for free.

...But the technique, known as cloaking, has a gaping loophole: if Google and other search engines can see the content without entering a password, so can you.

Well, does she at least get the negatives right?

http://www.pogowasright.org/article.php?story=20080824165202821

An Unscientific Article on RFID and Privacy (opinion)

Sunday, August 24 2008 @ 04:52 PM EDT Contributed by: PrivacyNews

Scientific American, the oldest publication in the United States, boasts about all the Nobel laureates it has published since 1845 (more than 120), but it lowered itself by publishing a six-page opinion piece—dressed as a factual journalism—by Katherine Albrecht, founder of Consumers Against Supermarket Privacy Invasion and Numbering (CASPIAN). The article, included in an issue of the magazine entitled “The Future of Privacy,” raises some legitimate issues. It also ignores many issues and conflates unrelated facts in an effort to make RFID seem like a bigger threat to privacy than it is.

Source - RFID Journal

[The article in question: http://www.sciam.com/article.cfm?id=how-rfid-tags-could-be-used

There must be something fundamentally different between data in 'old media' and data online. What (other than lobbists) would that be?

http://yro.slashdot.org/article.pl?sid=08/08/25/0424230&from=rss

NZ Judge Bans Online Publishing of Accuseds' Names

Posted by timothy on Monday August 25, @05:02AM from the a-bit-arbitrary dept. Censorship The Courts The Media

The Master Moose writes

"A judge in New Zealand has banned the press from reporting online the names of two men accused of murder. The names of the men will be allowed to be reported in print as well as through Television and Radio broadcast. It would seem he has taken this step to prevent someone 'googling' these peoples names in the future and finding them linked to a crime if found innocent."

Big Brother is always looking to beomce more efficient (Contrast with US government developed systems that cost hundreds of millions of dollars and have to be scrapped because they don't work.)

http://tech.slashdot.org/article.pl?sid=08/08/24/157251&from=rss

Siemens Develops Multi-Purpose Surveillance System

Posted by Soulskill on Sunday August 24, @12:04PM from the guilty-until-proven-boring dept.

ekesis tips a story up at NewScientist about the development of a new surveillance system by German engineering conglomerate Siemens. The system is notable for its integration of many different types of automated data-gathering. It can scan "telephone calls, email and internet activity, bank transactions and insurance records." It uses advanced pattern-recognition software to pick out unusual activities and important pieces of data. So far, the system has been sold to 60 countries.

"According to a document obtained by New Scientist, the system integrates tasks typically done by separate surveillance teams or machines... This software is trained on a large number of sample documents to pick out items such as names, phone numbers and places from generic text. This means it can spot names or numbers that crop up alongside anyone already of interest to the authorities, and then catalogue any documents that contain such associates."

Databases, big and getting bigger fast. (I think we should watch for the first subpoena asking for one of these...)

http://developers.slashdot.org/article.pl?sid=08/08/25/1215257&from=rss

The 1-petabyte Barrier Is Crumbling

Posted by CmdrTaco on Monday August 25, @08:35AM from the so-much-data dept. Databases Data Storage

CurtMonash writes

"I had been a database industry analyst for a decade before I found 1-gigabyte databases to write about. Now it is 15 years later, and the 1-petabyte barrier is crumbling. Specifically, we are about to see data warehouses — running on commercial database management systems — that contain over 1 petabyte of actual user data. For example, Greenplum is slated to have two of them within 60 days. Given how close it was a year ago, Teradata may have crossed the 1-petabyte mark by now too. And by the way, Yahoo already has a petabyte+ database running on a home-grown system. Meanwhile, the 100-terabyte mark is almost old hat. Besides the vendors already mentioned above, others with 100+ terabyte databases deployed include Netezza, DATAllegro, Dataupia, and even SAS."

[Perspective from: http://jurgen.ca/2005/06/22/geek-definitions/

Megabyte

1,024 kilobytes. The length of a short novel or about the storage available on an average floppy disk.

Gigabyte

1,024 megabytes. Roughly 100 minutes of CD-quality stereo sound.

Terabyte

1,024 gigabytes. Half of the content in an academic research library.

Petabyte

1,024 terabytes. Half of the content in all U.S. academic research libraries.

Perhaps not The Big Thing, but clearly A Big Thing...

http://www.bespacific.com/mt/archives/019133.html

August 24, 2008

New on LLRX.com: The Kindle for Professional Researchers

The Kindle for Professional Researchers: DC based journalist Cheryl Miller offers seven good reasons to buy this gadget seemingly tailor-made for dedicated readers, but she also provides caveats worth your attention.

[From the article:

Still, if you’re on a budget and you like classics, the world is your oyster with the Kindle. Take your pick: Jane Austen, Shakespeare, Mark Twain, James Joyce, or science fiction from the 1950s. Thousands of books no longer covered by copyright can be downloaded for free in Kindle-ready format. (One popular gateway source, the World E-Book Fair, offers over a million free texts. And there are still more at Feedbooks.) Government reports, technical manuals, and think-tank white papers are also available. (Sadly, PDFs are not supported, but Amazon will convert them for you for just ten cents.)

Geeky stuff...

http://home.comcast.net/~SupportCD/index.html

Optimize Guides

Optimize Guides are free, easy to read, comprehensive guides for the Windows 2000, XP and Vista operating systems. Whether you want to improve performance, improve security or simply diagnose a problem you will find solutions here.