http://www.pogowasright.org/article.php?story=20080910075913140
Macro Intl reports unauthorized access to a database with info on "most people in the United States"
Wednesday, September 10 2008 @ 07:59 AM EDT Contributed by: PrivacyNews
Macro International Inc. provides research, technical support, and management consulting services for private and public sector clients. They recently notified the Maryland Attorney General's office that an individual or individuals used credentials (e.g., user/pass) assigned to Macro International employees to access a database that "contains information on most people in the United States. The database is compiled and maintained by one of our business partners, and is used by many companies nationwide."
Guy Garnett, Macro's Vice-President. reported that the company had detected an unusual pattern of search activity and that its investigation revealed that the unauthorized access occurred between December 2007 and March 2008.
According to his letter, there was no indication that any files had been downloaded, retained, or misused. And as of the time of his report, there was no indication that any suspects had been identified or arrests made.
It's not just HSBC.
http://www.pogowasright.org/article.php?story=20080909102010611
HSBC warns of major security breach
Tuesday, September 09 2008 @ 10:20 AM EDT Contributed by: PrivacyNews
HSBC is warning its customers to change their personal identification numbers (PINs), used to withdraw cash at teller machines, after it experienced a significant security breach.
The company has sent text messages to all card holders in the UAE, advising them to make the change by the close of business tomorrow. “Together with other UAE-based banks, we have been experiencing an attack on our local accounts from counterfeit ATM card usage abroad,” said Jonathan Campbell-James, the head of security and fraud risk, at HSBC Middle East. “We have been pro-actively communicating to our customers via SMS [Dude, OMG! chg yr pwrd? Bob] to change their PIN numbers at any HSBC ATM as a precaution, and have implemented various containment strategies to minimize the threat posed.”
Source - The National
[The article: http://www.thenational.ae/article/20080909/FORUMS/496677446/1108&profile=1108
... On Aug 26, the US Embassy warned citizens in the UAE about credit and debit card fraud that had affected an unusually large number of its employees.
Keeping your name firmly in the mud. Perhaps they've never read The Prince, which recommends getting all the bad news out at once. Perhaps by relying on their customers to notify individuals they have doomed themselves to months of article like this one.
http://www.pogowasright.org/article.php?story=20080909131323360
Credit Breach Threatens 742K Floridians' Identities (BNY Mellon update)
Tuesday, September 09 2008 @ 01:13 PM EDT Contributed by: PrivacyNews
Attorney General Bill McCollum issued a consumer alert Tuesday after The Bank of New York Mellon Shareholder Services reported loss of personal data on 12.5 million customers, 742,000 of which are Floridians.
Consumers who are or were clients of BNY Mellon were asked to closely review their accounts for unauthorized charges and monitor their bank and credit card statements.
Source - Local10
[From the article:
The data breach occurred on Feb. 27 when a vendor for BNY Mellon lost six backup tapes during transport to a storage facility.
Policy without some means of enforcement is unlikely to have any effect on behavior.
http://www.pogowasright.org/article.php?story=20080909154902319
Police: Pitt laptop stolen with Social Security numbers
Tuesday, September 09 2008 @ 03:49 PM EDT Contributed by: PrivacyNews
University of Pittsburgh and city police are investigating the theft of a laptop computer with the Social Security numbers of alumni from the College of Business Administration.
... Hill said the employee stored the information for a survey of undergraduate business school alumni but did so in violation of university policy. Only offices such as the registrar that have a need for such information are allowed to store it, he said. [But their system security software didn't “know” that. Bob]
Source - Pittsburgh Tribune-Review
Did their access terminate when the employees did?
http://www.pogowasright.org/article.php?story=20080910064654666
Disgruntled COIL employee reportedly steals payroll data
Wednesday, September 10 2008 @ 06:46 AM EDT Contributed by: PrivacyNews
Communities Organized to Improve Life (COIL) discovered in July that some employee payroll information wound up on the internet after it had terminated an employee who had access to the payroll information in May.
According to its notification letter to the Maryland Attorney General's office, after terminating three employees in May, COIL discovered that some payroll files an employee had access to were missing from the administrative area and that remaining files were in disarray. A financial consultant was retained to review the situation, but it wasn't until mid-July that COIL discovered that payroll records were missing from their computer system and that payroll files containing the last four digits of employees' social security numbers were also missing. "Subsequently, some of the files missing were put on the Internet," according to COIL's legal counsel, Monte Fried, of Wright, Constable, & Skeen, LLP. Only their names appeared on the internet, however, and not the last four digits of their SSN.
The 47 employees whose data were missing and published on the Internet were notified promptly. That notification letter and any offer of services to them is not available on the web site, however.
Consequences: This was rather quick but I'm not sure if it was “scapegoating” or an excuse to terminate a contract they didn't like.
http://www.pogowasright.org/article.php?story=20080910082146275
UK: Consulting firm sacked over data loss (PA Consulting follow-up)
Wednesday, September 10 2008 @ 08:21 AM EDT Contributed by: PrivacyNews
The government has sacked a consulting firm which lost the details of every prisoner in England and Wales in the latest Whitehall data security breach.
Home Secretary Jacqui Smith said it had ended the contract with London-based PA Consulting after an employee lost the data on an unencrypted computer memory stick.
"This was a clear breach of the robust terms of the contract covering security and data handling," Smith said in a statement to parliament. "We are reviewing our other contracts with PA, specifically from a data-handling and security perspective."
The missing memory stick contains the names and date of birth of every prison inmate. It also has the names, addresses and birthdate of 33,000 people with six or more convictions.
Source - Reuters
Great minds think alike? (Grate mines stink alike? Grape mimes...)
http://www.pogowasright.org/article.php?story=20080909132257842
Why All the Data Breaches? Businesses Just Don’t Care
Tuesday, September 09 2008 @ 01:22 PM EDT Contributed by: PrivacyNews
U.S. businesses reached an ignominious milestone in August, when the number of data breaches disclosed publicly for the first eight months of 2008 already surpassed the total number of disclosed breaches for all of last year.
... All of these make tech security difficult—but not impossible. The real reason that data breaches are on the rise is that businesses don’t have a real incentive to invest more than the minimum required in security, [Make that “percieved minimum” and I'll agree entire.y Bob] says Bruce Schneier, chief security technology officer at BT Group.
“For the most part a company doesn’t lose its data, they lose your data,” Schneier tells the Business Technology Blog. Consequently, the entity responsible for the breach isn’t the party that is harmed by it. Victims are upset, but they are more likely to learn about the fraud that is committed in their name—not the breach where a criminal obtained the data. They are often powerless to punish the business that exposed the record because they can’t link the fraud to a cause, says Schneier.
Source - WSJ Business Technology Blog
[From the article:
At least 44 states have laws that require businesses to disclose data breaches. But a recent study by researchers at Carnegie Mellon University found no evidence that these laws actually reduce the incidents.
... Still, other studies suggest most security incidents never get reported at all. One reason is that the penalty for failing to disclose a breach under state laws is often minimal—just a maximum of $10,000 in the case of Arizona, for example. That is less than a business might spend figuring out which records were stolen in the breach.
Related Will they care when we turn off their machines?
Threat to computers for industrial systems now serious
Security researcher publishes code that gives hackers a back door into utility companies, water plants, and oil refineries in order to raise awareness of the vulnerabilities
By Robert McMillan, IDG News Service September 10, 2008
Laws are written at the end of a pendulum's swing. Without an attempt to derive a “Golden Mean” the pendulum swings for years.
http://www.pogowasright.org/article.php?story=20080909155429239
WI: AG: State Privacy Law Should Be Loosened
Tuesday, September 09 2008 @ 03:54 PM EDT Contributed by: PrivacyNews
Privacy laws need to be loosened to better protect school children and teachers, Attorney General J.B. Van Hollen told a group studying the issue Tuesday.
He outlined a number of changes to state law that he said would allow police and schools to share more information and increase public safety.
Source - MyFOX N.E. Wisconsin
Oh great! Now everyone can have the morals of Osama bin Lauden...
http://blog.wired.com/wiredscience/2008/09/gandhi-pills-ps.html
Gandhi Pills? Psychiatrist Argues for Moral Performance Enhancers
By Alexis Madrigal EmailSeptember 09, 2008 | 10:59:24 AM
A British psychiatrist raises and argues for that possibility in a new paper in a prominent psychiatry journal. In fact, he says that in many clinical settings, moral steroids are already being used.
For your Security Manager
http://it.slashdot.org/article.pl?sid=08/09/09/1558218&from=rss
HTTPS Cookie Hijacking Not Just For Gmail
Posted by timothy on Tuesday September 09, @12:24PM from the cookie-monster-demands-satisfaction dept.
mikepery writes with a followup to last month's mention of a security vulnerability affecting Gmail accounts, which it seems understated the problem. "I figure the Slashdot readership is the best place to reach a large number of slacking admins and developers, so I want to announce that it's been 30 days since my DEFCON presentation on HTTPS cookie hijacking, and as such, it's now time to release the tool to a much wider group. Despite what was initially reported, neither the attack nor the tool are gmail-specific, and many other websites are vulnerable. So, if you maintain any sort of reasonable looking website secured by any SSL certificate (Sorry Rupert, you lose on both counts), even if it is just self-signed, you can contact me and I will provide you with a copy of the tool. Be sure to put 'CookieMonster' in the subject, without a space."
(More below.)
Research: I tried this with a search for “TJX breach” -- very slick!
http://www.killerstartups.com/Search/news-google-com-archivesearch-sort-the-archives
News.Google.com/ArchiveSearch - Sort The Archives
They’ve done it again. While some were disappointed with Google’s Browser, the folks who revolutionized the way we search the internet have made it easier for us to search through news. Over at News.google.com/archivesearch, you’ll be able to search through news articles on any topic, from any point in time. For instance, you’ll be able to track your favorite musician’s career from humble beginnings to superstardom. As if this wasn’t enough, you’ll be able to automatically generate timelines that will allow you to easily visualize your search results. Remember when you used to go to the library to sort through old microfilm? This site takes that concept and blows it out of proportion. By harnessing the power of Google’s search algorithms, this site will let you find news on anything, from anywhere, and from anytime. Whether you’re doing research, or you just want to reminisce about old times, this new service from Google is what you’ve been looking for.
http://news.google.com/archivesearch
Useful?
http://www.bespacific.com/mt/archives/019273.html
September 09, 2008
Max Planck Encyclopedia of Public International Law
"The new online edition of the Max Planck Encyclopedia of Public International Law went live in August 2008. The initial upload included over 450 articles including over 120 that relate to judicial decisions and dispute settlement, and a set of articles covering the history of international law since the Peace of Westphalia in 1648. Of particularly topical interest are the articles on the fragmentation of international law, the position of heads of state and heads of government, Genocide, and the Taliban. The next upload will take place in October 2008."
What are 3 billion “ad viewers” worth?
http://news.slashdot.org/article.pl?sid=08/09/10/0249214&from=rss
Google Invests In Broadband For Poorer Countries
Posted by Soulskill on Wednesday September 10, @08:12AM from the first-one's-free dept. Google Communications Networking The Internet News
Chris Wilson writes
"According to the Financial Times, Google has announced their support for a new initiative called O3B to 'bring internet access to 3bn people in Africa and other emerging markets by launching at least 16 satellites to bring its services to the unconnected' by 2010. Coverage is available from Yahoo and the Wall Street Journal as well. ' The $750m project to connect mobile masts in a swath of countries within 45 degrees of the equator to fast broadband networks ... could bring the cost of bandwidth in such markets down by 95 per cent. ' This will probably be the largest single investment in network infrastructure for developing countries in history. Google clearly wishes to use this project to enable broadband Internet access in developing regions, but many other things must be in place before that can happen, including fixed power infrastructure, PCs or OLPCs, technical support and skills, and useful content and services for areas with lower literacy."
Great! Now perhaps we can do the same thing for organizations?
http://www.pogowasright.org/article.php?story=20080909102152669
Article: The Influence of Personality Traits and Information Privacy Concerns on Behavioral Intentions
Tuesday, September 09 2008 @ 10:21 AM EDT Contributed by: PrivacyNews
By Korzaan, Melinda L Boswell, Katherine T
ABSTRACT:
This study incorporates the Big Five personality traits into a theoretical model that explains and predicts individuals concerns for information privacy, computer anxiety, and individual behavioral intentions. Data was gathered via a survey, which was completed by 230 undergraduate college students, and analysis was conducted utilizing structural equation modeling. Agreeableness was found to have a significant influence on individual concerns for information privacy while neuroticism was found to have a significant influence on computer anxiety. In addition, intellect exerted a significant influence on both computer anxiety and behavioral intentions. Key insights for theory and practice are presented.
Source - RedOrbit
All we need is a good legal mind with some serious business savvy, Professor Sprague.
http://news.slashdot.org/article.pl?sid=08/09/10/0313253&from=rss
Why Starting a Legal Online Music Vendor Is Tough
Posted by Soulskill on Wednesday September 10, @05:08AM
from the all-about-the-benjamins dept.
Music Editorial The Almighty Buck News
Hodejo1 writes
"Former MP3.com CEO Michael Robertson offers commentary at The Register saying any attempts to build a sanctioned digital music site today is doomed from the outset. 'The internet companies I talk to don't mind giving some direct benefit to music companies. What torpedoes that possibility is the big financial requests from labels for "past infringement," plus a hefty fee for future usage. Any company agreeing to these demands is signing their own financial death sentence. The root cause is not the labels — chances are if you were running a label you would make the same demands, since the law permits it."
This could be useful. I plan to give it a try
http://www.killerstartups.com/Web-App-Tools/flowgram-com-tomorrows-presentations-today
FlowGram.com - Tomorrow's Presentations Today
Power Point is boring. If you’re looking for a way to spice up your presentations, Flowgram.com has what you’ve been looking for. With the site, you’ll be able to incorporate the advantages of web design, photos, PowerPoint and your voice notes to create really amazing presentations that will leave everyone in awe. Maybe real estate agents can use this to show homes they’re looking to sell, or you can use it to teach your students about a particularly complex subject. There are no downloads required, and you won’t have to install anything to create these presentations. This makes the site very accessible to anyone with an internet connection and the need to create a presentation. If you are looking for inspiration, you’ll be able to find it through the many “Flowgrams” that are available for you to view. Overall, this should be a great tool for anyone who needs to quickly whip up a presentation for any purpose.
Good intentions rarely override logic (or the Streisand Effect)
http://yro.slashdot.org/article.pl?sid=08/09/09/1523209&from=rss
YouTube Reposts Anti-Scientology Videos
Posted by timothy on Tuesday September 09, @11:38AM from the fun-and-easy-to-destroy-stuff dept. Censorship
Ian Lamont writes
"YouTube has reposted anti-Scientology videos and reinstated suspended YouTube accounts after receiving thousands of apparently bogus DCMA take-down notices. Four thousand notices were sent to YouTube last Thursday and Friday by American Rights Counsel, LLC. After YouTube users responded with counter-notices, many of the videos were reposted. It turns out that the American Rights Counsel had no copyright claim on the videos, and the group may not even exist, although the text of the DCMA notices have been linked to a Wikipedia editor. While filing a false DMCA notice is a criminal offense, prosecution in these cases rarely comes about."
Watch closely. Reports vary from “He's dead” to this one. He has no successor (strangly, they all died) so what happens when he finds that he isn't immortal?
http://afp.google.com/article/ALeqM5j2zReXndGtxbEQ9gsY3SWxImKHHw
NKorea's Kim suffered stroke, will recover: South Korea
23 hours ago
SEOUL (AFP) — North Korean leader Kim Jong-Il has suffered a stroke but will recover, South Korea's intelligence agency told parliament Wednesday, according to a lawmaker.
Legislator Won Hye-Young quoted an intelligence official as telling a closed session that Kim had suffered a cerebral haemorrhage which caused the stroke but is in "recoverable condition."
No comments:
Post a Comment