I think this has not already been reported here.
Stanadyne employee information on stolen laptop
Posted by Evan Francen at 8/8/2008 11:11 AM
Reference URL: The New Hampshire State Attorney General breach notification
[From the letter:
Stanadyne maintains records of information contained in laptop computers. This information is updated each time the laptop is connected to the company computer network. We are confident in our knowledge of the contents of the stolen laptop. [Doesn't this sound much better than “We don't know?” Bob]
Is there an April Fool's Day in the Netherlands?
NL: Dutch police notify botnet victims
Saturday, August 09 2008 @ 06:42 AM EDT Contributed by: PrivacyNews
Police in the Netherlands have claimed a world first after warning victims whose computers were infected by a botnet that was shut down last week. The victims will be forwarded to a special web page offering instructions on cleaning up their systems.
[From the article:
Users with infected systems are automatically sent a special page [a technique learned from phishers. Bob] when they log onto the internet. The page offers instructions on disabling the botnet, as well as a link to Kaspersky's online virus scanner and a request to file charges [“Would you like to join our lynch mob? Bob] against the botnet herder, a 19- year-old man from the Dutch city of Sneek [This is a “Sneeky” guy? (Sneeker?) Bob] who was arrested last week.
... "This might initiate other actions in neighboring countries, so we can continue doing this in a coordinated fashion throughout the European Union," Willems told Webwereld, an IDG affiliate. "That would be a good way to fight these crimes." [With as many police-warning bots hijacking our browsers as the bad-guy bots? Bob]
An alternate opinion on the TJX mess. (I think every under-reacted.) Also interesting because it looks like this lawyer is paid to blog. (I'm available at reasonable rates.)
Credit Card Issuers Over-reacted to TJX (commentary)
Saturday, August 09 2008 @ 06:20 AM EDT Contributed by: PrivacyNews
... TJX settles with VISA & Mastercard issuers for $65 million, whereas the actual reported fraud is only a tiny fraction of that amount. Further, when card issuers cancelled all those cards, they alarmed and inconvienced millions of cardholders to excess.
To be sure, a final accounting for the TJX fraud has not been made, at least to the public. However, public information suggests the costs incurred to cancel cards far exceeded the true magnitude of the TJX break-in.
In other words, the credit card issuers over-reacted.
Source - Electronic Data Records Law blog
Related For your background researchers...
Friday, August 08, 2008
TJX Update: The San Diego Indictments
[Which points to: http://garwarner.blogspot.com/2008/08/tjx-update-boston-indictments.html
Nothing here is unique to China. My students could do any of the hacks mentioned in the “warning.” The techniques mentioned should be used every day at home, but likely are not.
US Warns Olympic Visitors of Chinese Cyber-Spying
Posted by ScuttleMonkey on Friday August 08, @03:30PM from the these-concerns-aren't-chinese-specific dept.
An anonymous reader writes to tell us the US Government has issued a strong warning to travelers headed to the Beijing Olympics (PDF) with respect to electronic data. Part FUD, part awareness, the CBS article reads like 1984, urging travelers to treat all electronic devices (from fax to cellphone and back) as compromised, and proceeds to talk about China's aggressive cyber-espionage programs.
"China is one of a number of countries pushing active cyber-espionage programs aimed primarily at cracking U.S. national security computers and stealing corporate trade secrets. Billions have already been lost. In addition, cyber-gangs and criminals, many based in Asia, have stolen bank accounts and credit card numbers from an untold number of Americans."
US warns US citizens of FBI spying?
FBI Apologizes to Post, Times
Saturday, August 09 2008 @ 06:03 AM EDT Contributed by: PrivacyNews
FBI Director Robert S. Mueller III apologized to two newspaper editors yesterday for what he said was a recently uncovered breach of their reporters' phone records in the course of a national security investigation nearly four years ago.
Mueller called the top editors at The Washington Post and the New York Times to express regret that agents had not followed proper procedures when they sought telephone records under a process that allowed them to bypass grand jury review in emergency cases.
Source - Washington Post
[From the article:
In the case of the four reporters highlighted yesterday, FBI spokesman Michael P. Kortan said, "No investigative use was made of the records, and they have now been removed from the FBI's databases." [Does this mean “no one ever looked at this data?” or “We investigated, but found nothing useful?” Bob]
... Bureau officials said yesterday that, in an effort to prevent recurrences, they recently reminded agents in charge of field offices and their top lawyers that requests for news media records involve special rules. [Translation: They would never apologize for obtaining my records... Bob]
Related? (and I love lists!) Be sure to read the comments!
15 Great, Free Privacy Downloads
Saturday, August 09 2008 @ 06:09 AM EDT Contributed by: PrivacyNews
One of the worst privacy invaders the world has ever seen is the Internet. When you surf, Web sites can find out where you've been and can gather other information about you. Trojan horses and spyware can snoop on you. Key loggers can capture your keystrokes as you type. Eavesdroppers can steal your passwords.
It doesn't have to be that way. The 15 downloads presented here can protect you. You'll find firewalls, password protectors, rootkit killers, trace cleaners, anonymity securers, and more. So check them out, and help yourself to a safer online experience. (Note that the 15 downloads we look at here don't include any antivirus and antispyware programs. We figured that we've covered those packages well enough elsewhere. So instead, we focus on tools you might not have heard about.)
Source - PC World
There's “opt in” and then there's “You damn well better opt in” Looks like the Credit Card companies are looking for ways to reduce their losses...
Net Shoppers Bullied Into "Verified By Visa" Program
Posted by kdawson on Friday August 08, @01:13PM from the not-exactly-optional dept. Security The Almighty Buck
"According to The Register, several banks are forcing users to opt-in to the Verified by Visa optional service by locking their cards if and when they encounter a Verified by Visa participating site and fail to opt-in. Register reader Steve says, 'This seems like a strange way to implement a voluntary system. On most of the retailers' websites there is no clue that you are about to be challenged by Verified by Visa until you attempt to complete the transaction. This means that you trigger the "fraud protection" unintentionally. And when you have located a retailer who doesn't require Verified by Visa to complete a purchase, you can't because your account is on hold.' Further, '[I]n some cases resetting the password is all too easy. Fraudsters know this and go after these credentials which, once obtained, make it harder for consumers to deny responsibility for a fraudulent transaction. Phishing scams posing as Verified by Visa sites have sprung up targeting these login credentials.'"
[From the article:
Both Verified by Visa (VbyV) and MasterCard's SecureCode services are designed to add an extra layer of security to credit or debit card purchases, and work using 3D Secure protocol checks. Each is designed to reduce the likelihood of fraudulent transactions while transferring the liability for bogus transactions from merchants who run purchases through the system back towards banks and other card issuers.
... One card issuer, MBNA, told Steve that you are only able to avoid enrolling by clicking "not at this time" three times.
Interesting, but I can imagine a number of false positives – every narcotics officer, for example.
Fingerprint Test Tells Much More Than Identity
Posted by kdawson on Friday August 08, @12:30PM from the i-know-what-you-touched-last-summer dept.
Mike sends in the story of a new fingerprint technology with interesting potential for both crime detection and rights violations; there are also intriguing possibilities in fighting cancer.
"Using a variation of mass spectrometry called 'desorption electrospray ionization' or 'Desi,' a fingerprint can identify what the person has been touching — drugs, explosives, or poisons, for example. Writing in the Friday issue of the journal Science, R. Graham Cooks, a professor of chemistry at Purdue University, and his colleagues describe how the technique could find a wider application in crime investigations. As it becomes cheaper and more widely available, the Desi technology has potential ethical implications, Cooks said. Instead of drug tests, a company could surreptitiously check for illegal drug use of its employees by analyzing computer keyboards after the employees have gone home, for instance."
“Security is as security does.” F. Gump The manufacturers must hate article like this, but they are inevitable. Perhaps they should have someone besides marketing evaluate their products?
Researchers Crack Medeco High-Security Locks With Plastic Keys
By Kim Zetter August 08, 2008 2:19:51 PM
... "Virtually all conventional pin-tumbler locks are vulnerable to this method of attack, and frankly nobody has really considered it or looked at it before," says Marc Weber Tobias, one of the researchers.
The researchers showed Threat Level how they could create the simulated keys from plastic simply by scanning or photographing a Medeco key, printing the image onto a label and placing the label onto a credit card or other plastic to cut out the key with an X-Acto blade or scissors and then use the key to open a lock covertly.
One of those areas colleges (and industry) are addressing by sponsoring “experience labs” like our White Hat Hacker Club...
Open source technology is hungry for new college grads
By Amber Gillies on August 08, 2008 (9:00:00 PM)
Interesting tool. I don't allow comments on my Blog because I don't want to spend time in discussion (and because my blog is really an online archive, not a true blog).
WeSayThat.com - Comment About Anything
Don’t you just hate blogs that don’t allow you to comment? If you’re like me, then you should see what you can do over at Wesaythat.com. The site will allow you to comment on any site you want to. Just log onto the site and search for the site you want to comment on. If people have already commented on it, you’ll be able to leave your two cents on there for everybody to discuss. This site could put a stop to comment censorship. Most of the time, if you leave a negative comment about an article or post on a blog, they might just take it down. Since the site is in no way affiliated with others, on there you’ll find everything from people praising a site to people putting it down. You can track the comments people make about your site through an RSS feed, or by adding the Firefox extension.
A somewhat fluffy overview of Cloud Computing, but worth reading
How Cloud Computing Is Changing the World
A major shift in the way companies obtain software and computing capacity is under way as more companies tap into Web-based applications
by Rachael King
Related. One interesting application of Cloud Computing
Researchers look to cloud computing to fight malware
CloudAV combines 10 antivirus engines and two behavioral detection ones into one service aimed at trapping malicious software
By Jeremy Kirk, IDG News Service August 08, 2008
... CloudAV uses a muscular approach, combining 10 antivirus engines and two behavioral detection ones into one service.
... "Antivirus engines have complementary detection capabilities, and a combination of many different engines can improve the overall identification of malicious and unwanted software," according to CloudAV.
... The research paper was authored by Jon Oberheide, Evan Cooke and Farnam Jahanian of the Electrical Engineering and Computer Science Department at the University of Michigan.
I doubt it's a Kindle Killer, but it's another indication that handhelds are the future.
Free Software Turns the iPhone Into an E-Book Reader
By Charlie Sorrel EmailAugust 08, 2008 9:57:32 AM
Related The trend toward cell phones that act like Personal Assistants... This site is rather trivial, but there is no reason you couldn't attach your phone to your accounting software (to record any transaction) It already serves as your checkbook.
Fuelly.com - Track Your Gas Mileage
Through the site, you’ll be able to keep up on how much you’re spending on fuel, in order to start doing something about it. The thing that makes the site unique is the fact that you can access the service through your mobile phone.
Thank god! I've needed this for those British and Australian Blogs!
Mloovi.com - RSS Blog Translator
If you’ve ever come across a blog that you find interesting, but is in another language you’re having a hard time understanding, then you should take a look at Mloovi.com. Through the site, you’ll be able to translate any RSS feed into one of the 24 languages offered.
Interesting collaborative tool, education oriented but don't take that as a limitation.
Sakai Collaborative and Learning Environment (CLE)