Looks like the SunGard breech jumped from colleges 3 to 15..
NY: 12 SUNY colleges affected by stolen Sungard laptop
It appears Buffalo State College isn't the only school affected by the theft of a laptop computer.
Officials at Fredonia State College say nearly one-thousand current and former students may be affected by the security breach. Fredonia uses the same computerized records system as Buffalo State College, which announced yesterday that the names and Socuial Security numbers of up to 16,000 students may be at risk after a laptop belonging to a company called SunGard was stolen.
Fredonia and Buffalo State are apparently among 12 SUNY colleges affected by the theft.
Source - WNED
[Details(?) on the SunGard site: http://www.sungardhe.com/laptoptheft ]
... The nature of that employee’s job included analysis of customer data as part of software implementation and upgrade projects.
Security breach hits more area colleges (Sungard update)
The stolen laptop that contained Social Security numbers for 16,000 former and current students at Buffalo State College is causing problems for four other area colleges, as well.
Fredonia State, Niagara County Community, Genesee Community and Jamestown Community colleges are among 13 state schools that had private student information on that laptop.
... The theft may have affected as many as 1,202 at NCCC, 930 at JCC and 18 at GCC, although those schools are either still trying to figure out what data was on the laptop, or found the actual number of students affected to be much lower, officials from the State University of New York said Friday.
... Other SUNY schools involved are: Adirondack Community College, Brockport State College, Binghamton University, Downstate Medical Center, Dutchess Community College, Herkimer County Community College, Monroe Community College and Orange County Community College.
Source - The Buffalo News
[From the article:
Hefner, who is unhappy with how SunGard has handled the situation, wondered why Fredonia files had been left on the laptop.
“I’m also concerned I didn’t know that our campus might have been involved until this Monday,” Hefner said. “I understand why they might not be able to notify us the first day, but to find out four weeks later is very, very disappointing.”
Locked doors and passwords give the appearance of security.
IN: 700,000 people could be affected by security breach
A collection agency announced a security breach Friday that potentially compromises the personal information of 700,000 people.
The Central Collection Bureau said the breach happened on March 21, 2008. The company said thieves broke into its offices and stole eight computers, as well as one of its servers. The server, which was password protected and protected by three locked doors, contained the personal information. The eight computers did not contain personal information.
The company said the personal information potentially exposed includes names, contact information, Social Security numbers, dates of birth, dates of service, and medical procedure codes. The people whose data may have been exposed were referred to CCB for debt collection purposes by around 100 Indiana businesses on or before March 20, 2008.
Source - WTHR
[From the article:
The collection company was hired by hundreds of doctors and even utility companies to collect on delinquent bills. [Long list included Bob]
...Klene says all the computers need passwords to break in to the info. [or one of my hacking students Bob]
Attacks by methods other than war? At what point do hackers cross into cyberwar?
CNN Website Targeted by DoS
Posted by CmdrTaco on Saturday April 19, @08:37AM from the different-kind-of-d-o-s dept. Security The Internet
"CNN is reporting that they were the target of a Denial of Service attack yesterday. According to the article, there have been reports on Asian tech sites that Chinese hackers were targeting CNN for their coverage of the unrest in Tibet. One has to wonder if this hacking attempt was government sponsored or not. The Chinese government hasn't been very happy with CNN, in fact Beijing Bureau Chief has been summoned about a day before this happened."
Cyberprotest of CNN called off (for now)
Posted by Robert Vamosi April 19, 2008 5:45 AM PDT
"Our original plan for 19 April has been canceled because too many people are aware of it, [Huh? Isn't that the point? (and if not, what is?) Bob] and the situation is chaotic," cyberprotest organizers said in a statement. "At an unspecified date in the near future, we will launch the attack. We ask that everyone remain ready."
However, early Saturday morning, a post on The Dark Vistor contained detailed plans for various Revenge of the Flame participants, as though the attack were continuing.
Tools & Techniques: Perhaps a more carefully thought out method is in order?
Tough cookies for Web surfers seeking privacy
For consumers trying to protect their privacy on the Internet, it's a Catch-22.0.
Advertisers often track Web surfers' activities so they can deliver targeted ads. One of the best ways to avoid this is to install a tiny piece of software that lets computer users opt out of the practice.
But the trouble is that the digital stop sign is often wiped out by other programs designed to protect people's privacy and security.
This little-known flaw in the system highlights the increasing complexity of safeguarding personal data as companies collect more and more information about people's digital footprints: Even the solutions have problems.
Source - Los Angeles Times
For your Security Manager...
Security Bites Podcast: What's on your network?
By CNET News.com Staff Published: April 18, 2008 3:47 PM PDT
It may be that what you don't know won't hurt you, but in the case of enterprise networks, that simply isn't true. In a report (registration required), based on traffic from 350,000 users in 20 organizations, Palo Alto Networks found that 90 percent of the sites they looked at had peer-to-peer applications such as eMule and BitTorrent on individual desktops, while Web video and streaming content was present on 95 to 100 percent of the desktops, potentially draining network bandwidth.
... Palo Alto Networks also has an Applipedia where you can look up more than 500 desktop applications and learn what ports are used, if any malware's been associated with it, and how else it might otherwise affect your company.
[Listen to the podcast at Download mp3 Bob]
Debate starter or non-starter? How does one obtain 'freedom of the seas' on the Internet?
Cybersecurity and Piracy on the High Seas
Posted by ScuttleMonkey on Friday April 18, @02:37PM from the not-one-cent-in-tribute dept.
Schneier points out an interesting article comparing modern cybersecurity to piracy on the high seas in the early 1800s. The article extends the comparison into projected action based on historical context.
"Similarly, in many ways, current U.S. policy on the security of electronic commerce is similar to Adams' appeasement approach to the Barbary pirates. The U.S. government's inability to dictate a consistent cyber commerce protection policy is creating a financial burden on the U.S. private sector to maintain a status quo, when those resources could be used to mount a more-effective Internet-focused defense. In the case of financial fraud on the Internet, the costs associated with fraudulent transactions are currently borne by private companies, which then have to pass those costs on to their customers. This basically creates a system in which the financial institutions are paying a type of "tribute" to the cyber criminals, just as Adams did to the Barbary pirates."
Oh surprise, surprise! That never happens in the US... (Except by my hacking students.)
Reports: Wi-Fi users to be monitored in Russia
Business travellers to Russia beware: A recently formed regulatory super-agency si requiring registration for every Wi-Fi device and hotspot
By Matthew Broersma, Techworld April 18, 2008
Business travellers to Russia might want to keep their laptops and iPhones well-concealed - not from muggers,necessarily, but from the country's recently formed regulatory super-agency, Rossvyazokhrankultura (short for the Russian Mass Media, Communications and Cultural Protection Service).
... Aside from public hotspots, the registration requirement also applies to home networks, laptops, smart phones and Wi-Fi-enabled PDAs, Karpov reportedly said. Registration only permits use by the owner.
Would they feel better if the League of Women Voters did the background check?
Fresno chamber seeks data for candidate checks
The Fresno Chamber of Commerce is causing a stir -- and apparently plowing new political ground -- by asking candidates who want its support to reveal their Social Security and driver's license numbers.
Chamber officials asked for the information so they could conduct background checks on candidates.
[...]Fresno County Supervisor Susan B. Anderson, who is seeking re-election, provided the information sought by the chamber, "but it does make me feel a little bit uncomfortable. I don't think that people who are running for office should have to give their personal information for endorsements, [Cash should be sufficient Bob] and no other group has asked for that."
The chamber's request is not new. It has asked candidates for this information for at least the past four years, Smith said. But this is the first time anyone has objected, likely because of the increased attention being given to identity theft, he said.
Customer Service, DotCom style?
Microsoft to halt Hotmail access via Outlook Express
Microsoft is ending Outlook Express access to Hotmail on June 30 and is urging [not the word I'd use Bob] Express users to switch to Windows Live Mail
By Eric Lai, Computerworld April 18, 2008
In the latest death knell for Outlook Express, Microsoft announced Thursday that it will turn off access to its Web-based Hotmail service from the desktop e-mail software at the end of June.
Now here is an action that may have potential – beyond the potential to cost them customers.
PayPal to block users with old browsers to stem phishing attacks
eBay's electronic payment service will lock out people using versions of Web browsers with no phishing filters, which could mean trouble for users of Apple's Safari
By Jeremy Kirk, IDG News Service April 18, 2008
... PayPal said a "significant" group of people still use Microsoft's Internet Explorer 3, released in 1996, and IE 4, which debuted in 1997. Those browsers lack a phishing filter, which can block users from accessing a reported phishing Web site.
“Strategy is as strategy does” F. Gump
MPAA Decides Pullmylink.com Doesn't Have Enough Publicity
from the definition-of-insanity dept
The MPAA really is somewhat dense sometimes, isn't it? Despite the fact that every time it sues some website for linking to unauthorized content, that site ends up with a ton more traffic, the MPAA keeps on suing. These lawsuits don't slow the pace of unauthorized sharing one bit, but they do generate a ton of publicity for the activity the MPAA thinks it's "cracking down" on. The latest is Pullmylink.com. It's a site I've never heard of, but thanks to a brand new lawsuit from the MPAA, plenty of people are learning all about the site. Even worse, like some of its ilk, Pullmylink appears not to actually host any infringing content. It merely links to it -- which makes the claims of copyright infringement even more questionable. Surprisingly, even the Reuters report notes how questionable this is, quoting people pointing out that making linking illegal has all sorts of unintended consequences. In the meantime, the folks at Pullmylink should be happy. They're about to get a ton more traffic.
Open Source pharmaceuticals?
Whiten Your Teeth the Natural Way
by Karina Timmel
White teeth and strawberries may not sound like they go hand in hand, but it turns out the berries can actually lighten your smile.
A niche for everything. (Didn't they used to call the California?)
Cultspace.org - Create and Explore Fictional Cults
At Cultspace.org, you can create your own parody religion, become a cult leader, and even blog “holy texts.” The site offers itself up as a forum to “share serious thoughts on religion, make a complete mockery of an existing religion, or do anything in between.” Most users seem to be going the parody route, with registered cult names like “First Church of Giving Me a Dollar,” “The Grand Circle of Eternal Bacon,” and “The Cool Pope’s Church of Some Ancient Dude.” Cult leaders can add photos or an anthem to their group, and Cultspace users can leave comments on these items or on the holy text blogs. There is a forum where Cultspace members can connect and converse. While you can subscribe to someone else’s cult if its content interests you, you cannot actually join other cults. However, each cult has a fictional population number based on its overall popularity and other factors. For instance, forming a political alliance with another cult will help your population grow, while waging a holy war will decrease the population on both sides of the conflict.