Saturday, November 29, 2008

I normally skip small breaches like this one, except I too would be interested in some research into the number of small breaches and what small business can/should do about it.

http://breachblog.com/2008/11/28/taxprep.aspx?ref=rss

Small N.C. tax preparation business break-in

Date Reported: 11/21/08

... New Bern police say a computer stolen from a tax-preparation business in the city this week contains identity information of about 70 people.

[Evan] This is a smaller breach in terms of the number of people involved, but a pretty significant breach in terms of the amount and quality of each person's information vulnerable to compromise.

The computer was stolen from B.J. Accessories and Tax Preparation on Neuse Boulevard.

Commentary:

We don't have much information about this breach. I have a feeling that these types of breaches happen fairly often, and are largely under-reported. I doubt that the stolen computer (or the data it contained) were encrypted. Do retailers and small businesses not think of information security? Do they think that they aren't a big enough target? Do they think they can't afford sound information security? What do small businesses think when it comes to protecting information assets entrusted to them?

Maybe I should fund a small business information security survey. I'm interested in knowing more.



CyberWar: It's not a simple as it was in the “good old days.” Was it really Russia? Perhaps it was China using hijacked servers to make it look like Russia! (Perhaps it was one of my Hacking students making a point.)

http://it.slashdot.org/article.pl?sid=08/11/28/1442246&from=rss

Significant Russian Attack On US Military Networks

Posted by kdawson on Friday November 28, @10:21AM from the my-agent.btz-will-call-you dept.

killmofasta notes an LA Times story on a severe and widespread attack on US military computers that may have originated in Russia. Turns out the military's recent ban on flash drives was a precursor to this attack, which was significant enough that the President and the Defense Secretary were briefed on it.

"The 'malware' strike, thought to be from inside Russia, hit combat zone computers [It takes time and effort to identify computers in a specific geographic area/command structure. Bob] and the US Central Command overseeing Iraq and Afghanistan. The attack underscores concerns about computer warfare. ' This one was significant; this one got our attention,' said one defense official, speaking on condition of anonymity when discussing internal assessments. Although officials are withholding many details, the attack underscores the increasing danger and potential significance of computer warfare, which defense experts say could one day be used by combatants to undermine even a militarily superior adversary. ... [A defense official said] 'We have taken a number of corrective measures, but I would be overstating it if I said we were through this.'"



No doubt the ADA will require this type of “Interface Optimization” for all workers. Just watch for anything that tries to force everyone to be equal.

http://tech.slashdot.org/article.pl?sid=08/11/29/0430230&from=rss

An Optimized GUI Based On Users' Abilities

Posted by Soulskill on Saturday November 29, @05:11AM from the how-about-a-difficulty-slider dept. GUI Software Technology

Ostracus writes

"Researchers at the University of Washington have recently developed a system, which, for the first time, offers an instantly customizable approach to user interfaces. Each participant in the program is placed through a brief skills test, and then a mathematically-based version of the user interface optimized for his or her vision and motor abilities is generated. The current off-the-shelf designs are especially discouraging for the disabled, the elderly and others who have trouble controlling a mouse, because most computer programs have standardized button sizes, fonts, and layouts, which are designed for typical users."



Think of a similar service to do basic forensics – tell you what meta data is available (e.g. Prior drafts in PDF format) or even as simple as “What program created this file?”

http://www.killerstartups.com/Web-App-Tools/filterbit-com-scan-suspicious-files-online

Filterbit.com - Scan Suspicious Files Online

http://www.filterbit.com

Just got a file you have been searching high and low via a channel that is not exactly trustworthy? If that ever happens to be the case, it goes without saying that you must check it out beforehand. If you are unsure how to best do that, this site will provide you with a viable alternative.

Broadly speaking, through the site you will be able to upload any file you deem as suspicious and scan it online. Bear in mind that there is a file size limitation at play, namely 20 MB. A nice touch is that individual files that are contained within file archives such as Winzip and WinRar can also be scanned

The scanning service itself is powered by many antivirus engines, and it will let you detect malware of every denomination, such as viruses, trojans and worms.

This solution is not only completely web-based, but it is also provided at no cost. Make sure to add it to your collection of bookmarks, it might come in more than handy when least expected.



Always good to have one of these in your Swiss Army folder.

http://www.killerstartups.com/Web-App-Tools/newzie-com-a-news-aggregator-of-its-own

Newzie.com - A News Aggregator Of Its Own

http://www.newzie.com

Newzie is a news aggregator that has the distinct advantage of monitoring both pages that are syndicated and those that are not, and keeping you abreast of the latest developments right away.

This aggregator works in the usual way, IE it periodically checks your subscriptions, and retrieves new contents that are automatically presented to you. A tutorial is provided online just in case you are new to the concept and need some guidance.

Newzie comes free of charge, and so far only Windows is supported. It will be interesting to see if other operating systems are taken into account in future updates or not.



It is good to have a long list of tutorial sites, both for my students and for me.

http://www.killerstartups.com/Video-Music-Photo/woopid-com-free-video-tutorials

Woopid.com - Free Video Tutorials

http://www.woopid.com

... In general terms, all you have to do is supply specific search queries in order to watch an all-encompassing collection of video tutorials. These deal with issues such as how to upload files to Google Docs and how to create slide shows and movies using Windows Movie Maker.

The featured database can be looked up in a plethora of ways, and you can see the tutorials which are most popular right away. The videos that have been just added are spotlighted in a similar fashion, and it is also possible to request a new video tutorial if you can’t dispel your doubts using any of the existing ones, or if your query is not already covered.



Since they are doing the research every day anyway, why not make the electronic equivalent of those little booklets you see at the checkout stand (How to Name Your Puppy or Your Child, Raising Broccoli for Fun and Profit)

http://www.schneier.com/blog/archives/2008/11/terrorism_survi.html

November 28, 2008

Terrorism Survival Bundle for Windows Mobile

Seems not to be a joke.

[Product Description: http://www.pocketdirectory.com/software/product.aspx?idProduct=32026

Friday, November 28, 2008

Just because technology allows an organization to log everything a computer does is no assurance that it does log them. Or that manual processes are as well controlled. Management needs to plan!

http://www.pogowasright.org/article.php?story=20081127161453185

Ca: Fate of missing personal banking data remains mystery (Talvest follow-up)

Thursday, November 27 2008 @ 07:14 PM EST Contributed by: PrivacyNews

Nearly half a million Canadians will likely never know whether fraudsters had access to their personal information because of inadequate security procedures at the Canadian Imperial Bank of Commerce, the office of the federal privacy commissioner said Thursday.

The investigation, launched 23 months ago after the disappearance of a hard drive containing the personal information and financial data 470,752 clients, revealed the bank could not confirm whether that personal information was ever transferred to a hard drive in the first place.

Source - The Gazette Related - PIPEDA Case Summary #395 Other Coverage - CBC.ca National Post

[From the article:

The air-shipped package arrived without incident, but the land-shipped package was empty when it was opened at its destination. There was no sign the empty package had been tampered with.

... "If CIBC had followed its policies and processes or had a technical means to determine whether the transfer to a second disk drive had actually taken place, quite possibly, no further action would have been necessary," said Denham. "Whether or not the personal information of more than 470,000 people was transferred to a disk drive should not be a mystery."

The investigation also revealed that the personal information being sent had not been encrypted....



Not big, just local...

http://www.pogowasright.org/article.php?story=20081127181521630

CO: Longmont ID theft case may have 100 victims (update)

Thursday, November 27 2008 @ 07:15 PM EST Contributed by: PrivacyNews

Longmont police say thieves may have used up to 100 stolen credit or debit card numbers to rack up more than $100,000 in fraudulent charges.

Between 80 and 100 people have reported their account numbers were stolen after they used their cards at up to five local restaurants.

Source - cbs4denver.com

[From the article:

Authorities have declined to identify all of the restaurants but say one [What response should we expect from A) a local small business B) a national franchise Bob] has asked police for help in protecting its customers.



Another guideline. Enough of these and we may begin to see commonalities!

http://www.pogowasright.org/article.php?story=200811280611461

UK: Data security breaches: How to respond

Friday, November 28 2008 @ 06:11 AM EST Contributed by: PrivacyNews

When data controllers are faced with reporting a security breach - especially with regards to notifying the Information Commissioner's Office (ICO) - it will be in the best interests of the company to examine the conflicting elements of legal and regulatory disclosure requirements as the interests of the company may not wholly be served by following the directives of the Information Commissioner's Office (ICO), [An indication of a weak law/regulation? Bob] writes Bob Lewis, head of systems assurance at The Risk Advisory Group.

... The plan set out below should not be considered a definitive response to a data security breach, nor should it negate any other legal responsibilities of the organisation. Rather it is the phased and considered approach. The top ten actions listed in each phase are designed to protect the individuals whose data has been lost and, where possible, the reputation and security of the data of an organisation.

Source - ComputerWeekly.com

[Note: Part of step one is to determine if the breach can be “linked back to the company.” In other words, could they deny it ever happened. Probably not the most ethical of actions. Bob]



Reinforces my belief that citizen are becoming more aware AND more active in Privacy matters. Also suggests that there are political reasons not to make the laws too strong.

http://www.pogowasright.org/article.php?story=20081127161909148

Citizen safeguards striked out in EU Council

Thursday, November 27 2008 @ 07:19 PM EST Contributed by: PrivacyNews

The EU Council reached a political agreement on the telecommunication reform ("Telecoms Package") on Thursday, Nov. 27th. On one hand, crucial modifications to the text finally doom Nicolas Sarkozy's project to impose graduated response to the whole Europe. On the other hand, important safeguards to citizen's fundamental rights and freedoms were deleted. The agreed text lowers the protection of privacy in the EU, in the name of "security".

Source - Newropeans Magazine Press Release

[From the article:

During last weeks, citizens from many European countries[1] raised awareness of their ministers representatives in Council on the Telecoms Package, by meeting them, sending letters, alerting the press, etc. This intense activity undoubtedly helped modifying critical parts of the text agreed by the ministers of the twenty-seven Member States.

... But the agreed text contains major problems:



The game continues. Where an when will the pop up next? Stay tuned... Perhaps they will buy a small country?

http://it.slashdot.org/article.pl?sid=08/11/28/137238&from=rss

Estonian ISP Shuts Srizbi Back Down, For Now

Posted by kdawson on Friday November 28, @08:16AM from the informal-pressure dept. Security The Internet

wiedzmin writes

"In response to the recent resurrection of the Srizbi botnet, an Estonian ISP has shut down the hosting company that was housing its new control servers. Starline Web Services, based in Estonia's capital Tallinn, had become the new home for the Srizbi botnet control center after the McColo hosting company (which was taken down earlier this month) has briefly come back to life last week, allowing the botnet to hand-off control to the Estonian network. After Estonia's biggest ISP Linxtelecom demanded that Starline Web Service be taken offline, the newly acquired Srizbi control servers went down with it. However, as the rootkit is armed with an algorithm that periodically generates new domain names where the malware then looks for new instructions, it is only a matter of time before a new set of control servers is created and used to manipulate one of the biggest spam botnets in the world."



This is just a marketing tactic. It's not about pricing, it's about controlling the pricing discussion.

http://news.slashdot.org/article.pl?sid=08/11/28/0857213&from=rss

HP Seeks to Block Competitor From Revealing Its Pricing

Posted by timothy on Friday November 28, @07:08AM from the whaddya-mean-the-price-tag's-showing? Dept. HP Businesses The Almighty Buck Linux Business

Matt Asay writes

"On October 13, 2008, Hewlett-Packard sent a complaint to an open-source competitor, GroundWork, asking GroundWork to stop revealing HP's 'confidential' pricing. CNET has posted the letter, which indicates that HP doesn't want its pricing revealed, but which doesn't question the veracity of the pricing (which, not surprisingly, is 82 percent higher than the open-source vendor's). Does HP think its pricing is really a secret? It's publicly available at GSA Advantage. Guess what? HP software costs a lot of money, but presumably feels that it can justify the high prices. Why try to hide the pricing information?"



One of my favorite target markets (the Grandparent/Grandkids interface)

http://tech.slashdot.org/article.pl?sid=08/11/27/1710231&from=rss

Grandma's On the Computer Screen This Thanksgiving

Posted by kdawson on Thursday November 27, @01:14PM from the candid-webcam dept. Communications The Internet

Pickens writes

"Video calling, long anticipated by science fiction, is filtering into everyday use, and two demographic groups not usually thought of as high-tech are among the earliest adopters — the nursery school set and their grandparents. According to the AARP, nearly half of American grandparents live more than 200 miles from at least one of their grandchildren, and about two-thirds of grandchildren see one set of grandparents only a few times a year, if that. Internet companies are also promoting video chat as an enhancement to standard IM and Internet phone services; for example, this month Google introduced bare-bones video capability in Gmail. Some veterans of the technology fear that the video cam has started to substitute, rather than supplement, actual time together. And no one quite knows what it means to a generation of 2-year-olds to have slightly pixelated versions of their grandparents as regular fixtures in their lives."



My take is that this is too broad. A site targeted to lawyer-client communication for example would allow very specific training for the “two clicks is too technical” crowd.

http://www.killerstartups.com/Comm/sendinc-com-free-secure-e-mail-service

SendInc.com - Free Secure E-mail Service

https://www.sendinc.com

... Send will enable you to compose an e-mail and address it to any person you wish, with the attachments you want to upload. When the actual message is sent, the same is encrypted using the algorithm employed by the NSA itself for encrypting information.

The recipient can then open the message and decrypt it using his own Send account. Incidentally, an account can be created at the site in an inexpensive manner by following the link that is featured.

All in all, this is a viable option for those who are concerned about the security of the messages and files they send over the World Wide Web. If you couple the practical service on offer with the clear layout of the site, it has the potential to attract and form a loyal fanbase.



These are always interesting (and I like to check one against the other)

http://www.killerstartups.com/Web-App-Tools/frengly-com-a-new-free-translation-tool

Frengly.com - A New Free Translation Tool

http://www.frengly.com

A very young startup, Frengly joins the world of free online translation tools, a market that seems dominated by giants such as the powerful Babel Fish.

This particular endeavor will let you copy and paste the text of your choice and then select the language you wish to translate it into. One of the most remarkable features is that there is no need to specify the source language – it is automatically detected, and that is a nice touch indeed.

Thursday, November 27, 2008

“But Professor, we encrypted the data. Why did we flunk your class?”

http://www.pogowasright.org/article.php?story=2008112705465369

Ca: Data taken, company says

Thursday, November 27 2008 @ 05:46 AM EST Contributed by: PrivacyNews

When Nick Belmonte left his $150,000-a-year job at C-W Agencies in Vancouver earlier this month, the owners of the company accused him of taking a computer backup tape containing names and information about 3.2 million customers, potentially worth more than $10 million.

The company said the tape also contained credit card and bank account information of more than 800,000 customers.

Although the information was in encrypted form, the tape contained information and programs to decrypt the data, according to a company executive.

Source - Vancouver Sun

[From the article:

"If the customer library data is sold, it could have a devastating effect on CW's business and that of CW's clients worldwide." [Not apparent from the security procedures used... Bob]



Have I reported this before – or only something similar? The Canadian Privacy Law Blog is worth looking at – lots of links to resources

http://www.pogowasright.org/article.php?story=20081126111316939

Porn complaint hits Waterbury library; Warrant requested before computer release

Wednesday, November 26 2008 @ 11:13 AM EST Contributed by: PrivacyNews

After receiving a complaint that a patron of the Silas Bronson Library had used a computer there to view child pornography on Tuesday, Library Director Emmett McSweeney would have happily turned the computer over to police for a forensic search.

Instead, he asked police to get a warrant.

McSweeney said he felt obliged to deny the investigating officer’s request for the computer Tuesday. Connecticut law is very clear that library patrons should expect their privacy will be protected, he said.

Source - RepublicanAmerican hat-tip, Canadian Privacy Law Blog



Another “guideline” -- perhaps people are starting to wake up? (Still can't come up with a short title...)

http://www.pogowasright.org/article.php?story=20081126172029814

Joint Guidance on the Application of the Family Educational Rights and Privacy Act (FERPA) And the Health Insurance Portability and Accountability Act of 1996 (HIPAA) To Student Health Records

Wednesday, November 26 2008 @ 05:20 PM EST Contributed by: PrivacyNews

The purpose of this guidance is to explain the relationship between the Family Educational Rights and Privacy Act (FERPA) and the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule, and to address apparent confusion on the part of school administrators, health care professionals, and others as to how these two laws apply to records maintained on students. It also addresses certain disclosures that are allowed without consent or authorization under both laws, especially those related to health and safety emergency situations. While this guidance seeks to answer many questions that school officials and others have had about the intersection of these federal laws, ongoing discussions may cause more issues to emerge. Contact information for submitting additional questions or suggestions for purposes of informing future guidance is provided at the end of this document. The Departments of Education and Health and Human Services are committed to a continuing dialogue with school officials and other professionals on these important matters affecting the safety and security of our nation’s schools.

Source - Guidance [pdf, November 2008] hat-tip, AACRAO



Apparently many people are listening to Prof. Soma... (Note to self: Never argue markets with a PhD in Economics.)

http://tech.slashdot.org/article.pl?sid=08/11/26/1834217&from=rss

Houses With Tails

Posted by timothy on Wednesday November 26, @02:00PM from the how-about-with-roots? Dept. The Internet Networking United States

nnfiber writes

"What if home owners could also own their Internet connection? Tim Wu, of New America Foundation and Derek Slater, Google's Policy Analyst, say this can be a new effective way to encourage broadband deployment — an important issue in 'America's economic growth.' In his post, Timothy B. Lee says: 'That might sound like a crazy idea at first blush, but Wu and Slater do a great job of explaining how it might work. The key idea is "condominium fiber," an arrangement in which a number of neighboring households pool their resources to install fiber to all the homes in their neighborhoods. Once constructed, each home would own its own fiber strand, while the shared costs of maintaining the "trunk" cable from the individual homes to a central switching location would be managed in the same way that condominium and homeowners' associations currently manage the shared areas of condos and gated communities.



Crooks have “Disaster Recovery Plans” (Makes you wonder if they had “business interruption” insurance and other safeguards...)

http://it.slashdot.org/article.pl?sid=08/11/26/1930226&from=rss

Massive Botnet Returns From the Dead To Spam On

Posted by timothy on Wednesday November 26, @03:07PM from the late-entry-for-hallowe'en dept. Spam Security The Internet

CWmike writes

"Gregg Keizer reports that the big spam-spewing Srizbi botnet, shut down two weeks ago when McColo was shuttered, has been resurrected and is again under the control of criminals, security researchers said today. As of late Tuesday, infected PCs were able to successfully reconnect with new command-and-control servers, which are now based in Estonia, said Fengmin Gong, chief security content officer at FireEye. The comeback confirms what researchers noted last week, that Srizbi had a fallback strategy. So, in the end, that strategy paid off for the criminals who control the botnet."



Research: An interesting concept, but not yet fully realized.

http://www.killerstartups.com/Search/evri-com-a-new-way-to-explore-connections

Evri.com - A New Way To Explore Connections

http://www.evri.com

Evri is a new search tool that enables you to look up any person or item that interests you and see the different connections that it has with other people and concepts.

For instance, if you key in “Pete Townshend” you will be shown a diagram that links him not only with his bandmates but also to his latest romantic interest, Ms. Rachel Fuller. Moreover, you are presented with a mini-biography, a list of articles about him, and a full set off pictures.



Dang! Now my only shot is the “One dessert, many spoons” patent.

http://yro.slashdot.org/article.pl?sid=08/11/26/1352257&from=rss

IBM's But-I-Only-Got-The-Soup Patent

Posted by CmdrTaco on Wednesday November 26, @09:02AM from the next-they-patent-blue dept. Patents IBM

theodp writes

"In an Onion-worthy move, the USPTO has decided that IBM inventors deserve a patent for splitting a restaurant bill. Ending an 8+ year battle with the USPTO, self-anointed patent system savior IBM got a less-than-impressed USPTO Examiner's final rejection overruled in June and snagged US Patent No. 7,457,767 Tuesday for its Pay at the Table System. From the patent: 'Though US Pat. No. 5,933,812 to Meyer, et al. discussed previously provides for an entire table of patrons to pay the total bill using a credit card, including the gratuity, it does not provide an ability for the check to be split among the various patrons, and for those individual patrons to then pay their desired portion of the bill. This deficiency is addressed by the present invention.'"



I had the “Free Upgrade” concept built into my “lease a computer, cheap” business model. The math is simple. Expect others to follow. (Lock-in is good)

http://hardware.slashdot.org/article.pl?sid=08/11/27/0114247&from=rss

Fujitsu Offers Free Laptop Upgrades For Life

Posted by samzenpus on Thursday November 27, @08:13AM from the one's-all-you-need dept. Portables Businesses

Barence writes

"Fujitsu Siemens is offering its customers free laptop upgrades for life with its Lifebook4Life scheme. Customers buying a Fujitsu Siemens Lifebook will be offered a free upgrade three years after their original purchase, and every subsequent three years for the rest of their life — as long as they purchase an extended three-year warranty. Customers will have to hope inflation stays low, though: the value of each new notebook cannot exceed the value of the previous one, adjusted 10% for inflation. Fujitsu says the scheme is profitable, and a raft of small print ensures plenty of people will find they've excluded themselves from the scheme for all sorts of reasons."



For Internet potatoes?

http://www.killerstartups.com/Video-Music-Photo/beta-sling-com-watch-tv-shows-online

Beta.Sling.com - Watch TV Shows Online

http://beta.sling.com

Sling was just released to the general public amid a lot of interest and a lot of expectations. This service will enable anybody to watch the TV show of his choice over the Web. The site already includes more than 600 shows on almost 100 channels - quite a compelling start.

As it was to be expected, you can subscribe to your favorite shows and channels in order to ensure you won’t miss a thing and will remain fully updated on what goes on, as well as sharing information and recommendations with other online friends and site users.



Adobe puts their software in “The Cloud!”

http://www.killerstartups.com/Video-Music-Photo/photoshop-com-store-share-your-pics-online

Photoshop.com - Store & Share Your Pics Online

https://www.photoshop.com

Photoshop is a resource that serves one concise aim, namely letting you share your own pictures and stills with other site users, while also preserving them for posterity on the WWW.

This service is presented by Adobe, and it lets you upload and organize photographs in the way services like this usually do – IE, you create folders, you name them… you get the basic twist.

In addition to that, the site makes it possible for you to edit any photograph you have uploaded. Tutorials are provided alongside ideas to inspire and fire you up.

This service is available to computer users anywhere, and it is provided on a SaaS basis. It is also available to mobile users and directly from within Adobe Photoshop Elements 7 or Adobe Premier Elements 7.

Wednesday, November 26, 2008

As people (even politicians) begin to understand the Privacy implications, I expect rules will change. Not always for the better.

http://www.pogowasright.org/article.php?story=20081126053111655

Who's been reading my cell-phone records?

Wednesday, November 26 2008 @ 05:31 AM EST Contributed by: PrivacyNews

If Verizon Wireless employees could snoop into then-U.S. Senator Barack Obama's cell-phone records, as the carrier acknowledged last week, then mobile subscribers may worry how well protected they are. They should, according to some industry analysts and privacy lawyers.

Source - Computerworld

[From the article:

Information that is saved by mobile operators -- and that might be available to unauthorized or unscrupulous employees -- includes whom you talked to, when you called them or they called you, and for how long you talked, as well as text messages and voicemail, according to Ari Schwartz, vice president and chief operating officer of the Center for Democracy and Technology (CDT).

... The information can also include your locations when you started and ended the call, as determined by cell towers or other techniques, CDT Senior Counsel John Morris said.


Related A new definition of “Oops?”

http://www.pogowasright.org/article.php?story=20081125102825544

Pharmacy Extortionists Take on CIA, DoD, FBI, NSA

Tuesday, November 25 2008 @ 10:28 AM EST Contributed by: PrivacyNews

Over on the Security Fix blog, Brian Krebs suggests that the Express Scripts extortionists may have bitten off more than they can chew because "among the company's biggest customers is the federal government, and specifically almost every federal law enforcement, military and intelligence agency in the country."

A list of entities that have reported that they are clients and/or have notified their employees are listed here.



I expect this to become common as reaction to Identity Theft builds.

http://breachblog.com/2008/11/25/bnyupdate.aspx?ref=rss

IMPORTANT NOTICE TO ALL READERS OF THE BREACH BLOG

UPDATE: The Bank of New York Mellon Corporation Data Breaches

On July 2, 2008, a class action lawsuit was filed against Bank of New York Mellon (BNY Mellon) for this year's earlier loss of unencrypted backup storage tapes containing the personal information of approximately 12.5 million individuals.

The case is progressing but BNY Mellon contends that it has no reason to believe that the "lost" personal information has been improperly misused as a result of this incident. If you have experienced any fraud or identity theft at any time after BNY claims to have "lost" these data tapes in February of 2008 please contact Chimicles & Tikellis LLP, one of the law firms that filed suit against BNY Mellon for the data breaches, as soon as possible.



Apparently we'll some real details on this case. Should be a fun (geeky) read.

http://blog.wired.com/27bstroke6/2008/11/proof-porn-pop.html

Proof: Porn Pop-Up Teacher is Innocent, Despite Misdemeanor Plea

By Ryan Singel EmailNovember 24, 2008 | 8:22:01 PM

... if a soon-to-be released forensic report (.pdf) about her hard drive is accurate, Amero's guilty plea is hardly justice -- since the school computer had adware, the anti-virus software on the computer had been discontinued, and the technical testimony at her trial was amateurish and flawed.



http://developers.slashdot.org/article.pl?sid=08/11/25/2320236&from=rss

Searching DNA For Relatives Raises Concerns

Posted by kdawson on Tuesday November 25, @06:37PM from the database-creep dept.

An anonymous reader calls our attention to California's familial searching policy, which looks for genetic ties between culprits and kin. The technique has come to the fore in the last few years, after a Colorado prosecuter pushed the FBI to relax its rules on cross-state searches.

"Los Angeles Police Department investigators want to search the state's DNA database again — not for exact matches but for any profiles similar enough to belong to a parent or sibling. The hope is that one of those family members might lead detectives to the killer. This strategy, pioneered in Britain, [Law enforcement will adopt any technique invented anywhere. Perhaps even suggesting other countries with less stringent laws try it first. Then they can say: “It works in the UK!” Bob] is poised to become an important crime-fighting tool in the United States. The Los Angeles case will mark the first major use of California's newly approved familial searching policy, the most far-reaching in the nation."



Beware of warnings to beware!

http://news.cnet.com/8301-1009_3-10108529-83.html?part=rss&subj=news&tag=2547-1_3-0-5

Gmail 'vulnerability' turns out to be phishing scam

Posted by Steven Musil November 25, 2008 6:05 PM PST

Reports that a purported Gmail vulnerability was being used by unauthorized third parties to hijack domains turned out to be nothing more than a phishing scam, Google announced Tuesday.

The alleged vulnerability reportedly allowed an attacker to set up filters on users' e-mail accounts without their knowledge, according to a proof of concept posted Sunday at the blog Geek Condition. In the post, Geek Condition's "Brandon" wrote that the vulnerability had caused some people to lose their domain names registered through GoDaddy.com.

However, after consulting with those who claimed to be affected by the so-called vulnerability, Google determined that they were victims of a phishing scam, Google information security engineer Chris Evans explained in a blog:

Attackers sent customized e-mails encouraging Web domain owners to visit fraudulent Web sites such as "google-hosts.com" that they set up purely to harvest usernames and passwords. These fake sites had no affiliation with Google, and the ones we've seen are now offline. Once attackers gained the user credentials, they were free to modify the affected accounts as they desired.



Another “Privacy guideline”

http://www.pogowasright.org/article.php?story=20081126052622533

UK: Adopt privacy friendly solutions says ICO

Wednesday, November 26 2008 @ 05:26 AM EST Contributed by: PrivacyNews

The Information Commissioner’s Office (ICO) is publishing a new report today urging organisations to take simple steps to improve organisational and technological measures to better protect personal information. The privacy watchdog commissioned the report, Privacy by Design, to help organisations adopt new privacy by design techniques.

Privacy by Design is being launched at the ICO’s conference in Manchester on 26 November 2008. The report highlights the need to ensure privacy is considered properly by organisations and from the start when they are developing new information systems. Jonathan

Source - Information Commissioner's Office

Related - Privacy by Design [pdf] [Strange implementation (to me) of a PDF Bob]

  1. The research can be downloaded at www.ico.gov.uk



For the Computer Forensics class. First, have a plan!

http://www.law.com/jsp/legaltechnology/pubArticleLT.jsp?id=1202426262016

Why Examination Protocols Are Problematic

By Craig Ball Law Technology News November 25, 2008

... Courts impose examination protocols to limit the intrusiveness, scope and conduct of the work and establish who can see the outcome. It takes technical expertise to design a good protocol. Without it, you get protocols that are forensic examinations in name only, impose needless costs and cumbersome obligations or simply elide over what the examiner is expected to do.


Related He likes it... I think.

http://ralphlosey.wordpress.com/2008/09/14/trial-lawyers-turn-a-blind-eye-to-the-true-cause-of-the-e-discovery-morass/

Trial Lawyers Turn a Blind Eye to the True Cause of the e-Discovery Morass

A distinguished group of trial lawyers recently completed a study on litigation which concluded that the main problem with the U.S. legal system today is e-discovery. Interim Report & 2008 Litigation Survey. Not too unexpectedly, they placed the blame squarely on poor rules, bad law, and judges. They overlook their own role in the problem. The report does not even acknowledge lawyer incompetence with technology as one of causes of the morass. Like the profession as a whole, including most law schools, they are blinded by their own shadow. They have not yet realized the insights of Walt Kelly who said in Pogo: “We have met the enemy and he is us.”

I agree with the eminent trial lawyers and academics that conducted this study that our rules and law need reform, and our judges need to do a better job. But, in my opinion, the fundamental cause of the e-discovery problem is the failure of the legal profession, especially the trial bar, to keep up with the rapid changes in technology. That is why new rules and legislation alone will never fix the problem. Such reforms must be coupled with an aggressive attorney education program that starts in law school. Some law firms today are starting to awaken to this problem and set up internal training programs. So too are a few law schools. But the vast majority of our profession still refuses to own-up to the competency issue. They either ignore the problem of e-discovery all-together, like most academics, or they acknowledge the problem, like this report does, then blame anyone other than themselves.

Interim Report & 2008 Litigation Survey

This interim report, aside from its competency shadow-blindness, is excellent and well written. It is a joint project of the American College of Trial Lawyers task force on discovery and the Institute for the Advancement of the American Legal System, a group based out of the University of Denver. I applaud these groups for recognizing the problem and trying to do something about it. There insights go well beyond e-discovery and I recommend a full reading.



Another for the Forensic Class

http://tech.slashdot.org/article.pl?sid=08/11/26/0424250&from=rss

Sending Secret Messages Via Google's SearchWiki

Posted by kdawson on Wednesday November 26, @12:23AM from the your-mission-should-you-choose-to-accept-it dept.

We discussed the advent of Google's SearchWiki when it was introduced a few days back. Now Lauren Weinstein offers a thought experiment in transmitting coded messages using SearchWiki, with a working example encoded into the results of this Google search.



Yet another Forensics article

http://news.cnet.com/8301-1023_3-10108293-93.html?part=rss&subj=news&tag=2547-1_3-0-5

How online gamblers unmasked cheaters

Posted by CBS Interactive staff November 26, 2008 5:00 AM PST

A collaboration by two news organizations reveals how online poker players suspecting cheating were forced to successfully ferret out the cheaters themselves. That's because managers of the mostly unregulated $18 billion Internet gambling industry failed to respond to their complaints.



See? Even old dogs can learn new tricks...

http://slashdot.org/article.pl?sid=08/11/26/012230&from=rss

At Atlantic Records, Digital Sales Surpass CDs

Posted by kdawson on Tuesday November 25, @10:20PM from the trading-analog-dollars-for-digital-pennies dept.

The NYTimes reports that Atlantic is the first major label to report getting a majority of its revenue from digital sales, not CDs. Analysts say that Atlantic is out in front — the industry as a whole isn't expected to hit the 50% mark until 2011. By 2013, music industry revenues will be 37% down from their 1999 levels (when Napster arrived on the scene), according to Forrester.

"'It's not at all clear that digital economics can make up for the drop in physical,' said John Rose, a former executive at EMI... Instead, the music industry is now hoping to find growth from a variety of other revenue streams it has not always had access to, like concert ticket sales and merchandise from artist tours. ... In virtually all... corners of the media world, executives are fighting to hold onto as much of their old business as possible while transitioning to digital — a difficult process that NBC Universal's chief executive... has described as 'trading analog dollars for digital pennies.'"



Geeky? Perhaps, but it could be useful as well.

http://news.cnet.com/8301-17939_109-10108201-2.html?part=rss&subj=news&tag=2547-1_3-0-5

Tarpipe begins to tackle personal content overload

Posted by Rafe Needleman November 25, 2008 3:30 PM PST

Tarpipe is one of the most curious experiments in social media that I've seen lately. It takes personal content (e-mail messages, primarily) as input, and can shunt it to one or more desinations, transforming it in the process. For example, I created a Tarpipe e-mail address that will take a pictures I send it and posts it to Flickr, update Twitter with a link to the Flickr page, and put the picture and the Twitter URL in an Evernote record for me. All I have to do is send the e-mail.

Tarpipe looks a lot like Yahoo Pipes. They work in similar ways: Users drag service and function boxes around on the workspace and connect them with blue tubes to control the flow of data. But Yahoo is about taking inputs from several sources and then creating a universal RSS output. Tarpipe is more about directly updating personal content services like Twitter, Flickr, Friendfeed, Delicious, and Evernote, which Yahoo Pipes doesn't do.



The answers are interesting... But incomplete.

http://ask.slashdot.org/article.pl?sid=08/11/25/178242&from=rss

Arranging Electronic Access For Your Survivors?

Posted by timothy on Tuesday November 25, @12:20PM from the leave-a-note-on-the-fridge dept. Communications Technology

smee2 writes

"In the past, when a family member died, you could look through their files and address books to find all the people and businesses that should be notified that the person is deceased. Now the hard-copy address book is becoming a thing of the past. I keep some contact information in a spreadsheet, but I have many online friends that I only have contact with through web sites such as Flickr. My email accounts have many more people listed than my address book spreadsheet. I have no interest in collecting real world info from all my online contacts. The sites where I have social contact with people from around the world (obviously) require user names and passwords. Two questions: 1. How do you intend to let the executors of your estate or family members know which online sites/people you'd like them to notify of your demise? 2. How are you going to give access to the passwords, etc. needed to access those sites in a way that doesn't cause a security concern while you're still alive?"



It is common for TV News to put videos of crooks on the air, so this is a bit old fashioned, but still amusing...

http://www.metro.co.uk/weird/article.html?Billboard_surprise_for_burglar&in_article_id=417618&in_page_id=2

Billboard surprise for burglar

Tuesday, November 25, 2008

Rule number one of burglary is 'don't get yourself photographed'. Probably coming in somewhere around rule number 437, meanwhile, is 'don't make an enemy of someone who owns billboards all around your city'.

Tuesday, November 25, 2008

Update It seems no one knows the extent of a breach without months of analysis. (This one occurred in April)

http://www.pogowasright.org/article.php?story=20081125054458549

Thousands At Risk After Hacker Breaches (update and follow-up)

Tuesday, November 25 2008 @ 05:44 AM EST Contributed by: PrivacyNews

In October, this site reported that Cole National Group, Inc. (a Luxottica Group company) had disclosed a breach involving Things Remembered employees. More information has now been made public -- Dissent

Thousands of people could be affected after a massive security breach at a local company.

A routine check by the information technology department of Luxottica Retail, the former owner of the Things Remembered stores, discovered the breach in mid-September.

A hacker got inside a computer mainframe and downloaded the personal information of more than 59,000 former workers. [Up from 9,000 Bob]

.... Investigators were allegedly able to trace the hacker’s IP address to Molly Burns, of Glendale, Ariz.

"You not only see the criminal history this suspect has, but you see the ties that they have and that is much more worrisome,” Braley said.

Source - WLWT



Cyber War: Why are we waiting for a formal declaration?

http://news.cnet.com/8301-1009_3-10107323-83.html?part=rss&subj=news&tag=2547-1_3-0-5

Report: U.S. vulnerable to Chinese cyber espionage

Posted by Elinor Mills November 24, 2008 5:12 PM PST

China is actively conducting cyber espionage as a warfare strategy and has targeted U.S. government and commercial computers, according to a new report from the U.S.-China Economic and Security Review Commission.

"China's current cyber operations capability is so advanced, it can engage in forms of cyber warfare so sophisticated that the United States may be unable to counteract or even detect the efforts," according to the annual report (PDF) delivered to Congress on Thursday.

... A spokesman for the Chinese foreign ministry, Qin Gang, said the report was misleading, impeding cooperation between the U.S. and China, and "unworthy of rebuttal," according to an article published late Monday in Secure Computing Magazine. [Ah! So it IS true! Bob]


Related: For your Security Manager. Is this wise? Allowing a Chinese company to build in a shut-off protocol? What else have they built in?

http://it.slashdot.org/article.pl?sid=08/11/25/0330250&from=rss

Lenovo Service Disables Laptops With a Text Message

Posted by kdawson on Tuesday November 25, @08:10AM from the say-the-magic-word dept. Security Portables Cellphones Hardware

narramissic writes

"Lenovo plans to announce on Tuesday a service that allows users to remotely disable a PC by sending a text message. [Die, PC, die! (Apple suggested that phrase...) Bob] A user can send the command from a specified cell phone number — each ThinkPad can be paired with up to 10 cell phones — to kill a PC. The software will be available free from Lenovo's Web site. It will also be available on certain ThinkPad notebooks equipped with mobile broadband starting in the first half of 2009. 'You steal my PC and ... if I can deliver a signal to that PC that turns it off, hey, I'm good now,' said Stacy Cannady, product manager of security at Lenovo. 'The limitation here is that you have to have a WAN card in the PC and you must be paying a data plan for it,' Cannady added."



How significant?

http://www.pogowasright.org/article.php?story=20081125053653435

Muslim Charity's Ex-Leaders Convicted

Tuesday, November 25 2008 @ 05:36 AM EST Contributed by: PrivacyNews

... Earlier yesterday, the convictions of three men with ties to al-Qaeda were upheld in New York. They were convicted for their roles in the 1998 bombings of embassy buildings in Kenya and Tanzania. The plots killed 224 people, including a dozen Americans, and injured thousands.

The panel of the U.S. Court of Appeals for the 2nd Circuit, led by Judge José A. Cabranes, unanimously rejected defense claims of insufficient evidence and violations of the Classified Information Procedures Act. Cabranes was joined by Judges Jon O. Newman and Wilfred Feinberg.

... Attorneys for Hage, who had been a close associate of al-Qaeda leader Osama bin Laden, asserted that government investigators improperly collected evidence through wiretaps of his land-based and cellular phones from August 1996 to August 1997. They also argued that federal agents did not secure appropriate warrants to search his apartment in Nairobi. Because Hage is a naturalized U.S. citizen, the defense said, the government should have sought court permission before taking such intrusive steps.

The appeals court panel disagreed, ruling that "we see no merit in this challenge" and finding that the search was "reasonable under the circumstances presented here."

In a conclusion that legal experts say could have implications for other challenges to the Foreign Intelligence Surveillance Act, the panel ruled that U.S. courts could admit evidence obtained through warrantless overseas searches of American citizens, but that the searches must be reasonable under the Fourth Amendment.

Source - Washington Post



Is ephemeral a right?

http://www.schneier.com/blog/archives/2008/11/the_future_of_e.html

November 24, 2008

The Future of Ephemeral Conversation

When he becomes president, Barack Obama will have to give up his BlackBerry. Aides are concerned that his unofficial conversations would become part of the presidential record, subject to subpoena and eventually made public as part of the country's historical record.

This reality of the information age might be particularly stark for the president, but it's no less true for all of us. Conversation used to be ephemeral. Whether face-to-face or by phone, we could be reasonably sure that what we said disappeared as soon as we said it. Organized crime bosses worried about phone taps and room bugs, but that was the exception. Privacy was just assumed.

This has changed. We chat in e-mail, over SMS and IM, and on social networking websites like Facebook, MySpace, and LiveJournal. We blog and we Twitter. These conversations -- with friends, lovers, colleagues, members of our cabinet -- are not ephemeral; they leave their own electronic trails.


Related? If you don't have the resources to tap them, jam them? The alternative would be to tap and identify the caller, them add a few months per call to their sentences – but the jails are already overcrowded.

http://mobile.slashdot.org/article.pl?sid=08/11/24/1354224&from=rss

South Carolina Wants To Jam Cell Phone Signals

Posted by CmdrTaco on Monday November 24, @09:22AM from the oooo-oooo-me-too dept. Cellphones

Corey Brook writes

"The South Carolina state prison system wants the FCC to grant them and local officers permission to block cell phone signals. News has been out about the growing problem of them perps smuggling cell phones into prisons for a while now. Inmates use cell phones as commerce, to implement fraud, smuggle drugs and weapons, and to order hits. Of course, some may use it to just talk to a loved one any time they can."

Hopefully movie theaters and restaurants do it next.



Is this enough?

http://news.slashdot.org/article.pl?sid=08/11/25/0026201&from=rss

Judge Quashes RIAA Subpoena As To 3 John Does

Posted by kdawson on Tuesday November 25, @05:43AM from the sue-doe-actions dept. The Courts Music

NewYorkCountryLawyer writes

"In one of the RIAA's 'John Doe' cases targeting Boston University students, after the University wrote to the Court saying that it could not identify three of the John Does 'to a reasonable degree of technical certainty,' Judge Nancy Gertner deemed the University's letter a 'motion to quash,' and granted it, quashing the subpoena as to those defendants. In the very brief docket entry (PDF) containing her decision, she noted that 'compliance with the subpoena as to the IP addresses represented by these Defendants would expose innocent parties to intrusive discovery.' There is an important lesson to be learned from this ruling: if the IT departments of the colleges and universities targeted by the RIAA would be honest, and explain to the Courts the problems with the identification and other technical issues, there is a good chance the subpoenas will be vacated. Certainly, there is now a judicial precedent for that principle. One commentator asks whether this holding 'represents the death knell to some, if not all, of the RIAA's efforts to use American university staff as copyright cops.'"



In case you didn't notice this in the report...

http://tech.yahoo.com/news/ap/20081124/ap_on_hi_te/hands_off_hackers

Hands-off hackers: Crooks opt for surgical strikes

(AP) * Posted on Mon Nov 24, 2008 7:16AM EST

... Hackers are sometimes breaking into online businesses and not stealing anything. Gone are the bull-in-the-China-shop days of plundering everything in sight once they've found a sliver of a security hole.

Instead of swiping all the customer data they can get their hands on, a small subset of hackers have concerned themselves with stealing only a very specific thing from the vendors they breach — they want access to the compromised companies' payment-processing systems, and nothing else, according to the "Symantec Report on the Underground Economy," slated for release Monday.

Those systems allow the bad guys to check whether credit card numbers being hawked on underground chat rooms are valid, the same way the store verifies whether to accept a card payment or not.

It's a service the crooks sell to other fraudsters who don't trust that the stolen card numbers they're buying from someone else will actually work, and it's good business.

... That fee is about $10 per card checked. Considering they're typically checked in batches of 10 or more, the revenue can add up fast.



Not that difficult in theory, but expect lots of errors if IT sets the definitions. Opportunity for very detailed analysis of financial statements.

http://www.infoworld.com/article/08/11/25/48FE-xbrl-tech-requirements_1.html?source=rss&url=http://www.infoworld.com/article/08/11/25/48FE-xbrl-tech-requirements_1.html

The XBRL mandate is here: Is IT ready?

The first stage of the reporting requirement isn't tech-heavy, but IT's involvement will need to grow

By Ephraim Schwartz November 25, 2008

Given all the pressures IT is under, another compliance initiative may seem to be one too many. There is such a mandate: to submit financial reports using XBRL (Extensible Business Reporting Language) tags. How much will the XBRL mandate add to IT's burden? At first, the burden will be small, but it will increase over time -- as will the opportunity to use XBRL for better internal operations, not just for reporting compliance.

The purpose of the XBRL mandate is to make corporate financial information more easily available to stockholders -- and to make sure companies are really reporting the same things, the federal government has mandated the use of XBRL (Extensible Business Reporting

The first SEC deadline for public companies with a market cap of $5 billion or more to submit financial reports in interactive data, aka XBRL format, is set for Dec. 15, 2008. A year later, most Fortune 1500 companies must provide interactive XBRL data, and a year after that, all public companies will be required to submit the annual 10-K and quarterly 10-Q financial reports as interactive data.



Would this be the patent world equivalent of sub-prime mortgages?

http://yro.slashdot.org/article.pl?sid=08/11/24/1713259&from=rss

Groklaw Says Microsoft Patent Portfolio Now Worthless

Posted by CmdrTaco on Monday November 24, @01:01PM from the along-with-most-patents dept. Patents Microsoft

twitter writes

"P.J. concludes her look at the Bilski decision: 'you'll recall patent lawyer Gene Quinn immediately wrote that it was bad news for Microsoft, that "much of the Microsoft patent portfolio has gone up in smoke" because, as Quinn's partner John White pointed out to him, "Microsoft doesn't make machines." Not just Microsoft. His analysis was that many software patents that had issued prior to Bilski, depending on how they were drafted, "are almost certainly now worthless." ... He was not the only attorney to think about Microsoft in writing about Bilski.'"



Something for my Small Business class

http://www.killerstartups.com/Web20/kookyplan-pbwiki-com-a-wiki-for-entrepreneurs

KookyPlan.pbwiki.com - A Wiki For Entrepreneurs

http://kookyplan.pbwiki.com

Those who are looking for information such as strategy theories and management skills along with practical financial applications are certain to find this website useful. Broadly speaking, KookPlan is a wiki for entrepreneurs that anyone can edit and make a contribution to.

The objective of this site is to create a database that can be resorted to by any individual who is hoping to leave his or her mark, as well as forming a community where entrepreneurs can collaborate in the creation of the ultimate guide for startups. In this sense, it can be said that KookyPlan is a community-generated guide for starting up innovative companies.

The site itself features a table of contents that touches upon the points that were mentioned above, alongside others such as funding and human talent. What’s more, there is a section named “Tech trends to watch” that will give anybody a good umbrella knowledge of where is the industry headed to, and act in consequence. Some of these include “Blogging as a business” and “Convergence of Internet and television”.

Lastly, different business models are discussed on the site, and the aspects that should be avoided are brought into consideration along with the risks at play, while the essence of how they make money is explained in clear terms.



Something for everyone? Perhaps we could televise seminars?

http://www.killerstartups.com/Video-Music-Photo/zaplive-tv-your-very-own-tv-station

Zaplive.tv - Your Very Own TV Station

http://www.zaplive.tv

Zaplive.tv gives anybody the chance to have their very own webtv station. Through the site, it is possible to broadcast live via the Internet, and reach a worldwide audience. All you need to get started is a camera and an Internet connection. As a matter of fact, it is even possible to stream and broadcast using nothing but a mobile phone.

There is also a strong community spirit in evidence, as Zaplive.tv users can vote on the videos that are published on the site and interact with each other thanks to the provided live chat feature.

Registration to the website is inexpensive, and it gives the user full access to all the features that make up Zaplive.tv. Featured videos are prominently displayed on the main page, whereas live broadcasts also have their own space.

Guidance on how to get started is provided online, and different users are duly catered for. What’s more, you can procure a free add-on that makes for higher video quality and less bandwidth usage.


Related

http://news.cnet.com/8301-1023_3-10107536-93.html?part=rss&subj=news&tag=2547-1_3-0-5

YouTube videos get widescreen treatment

Posted by Steven Musil November 24, 2008 11:40 PM PST

YouTube announced Monday that it has expanded the viewable width of all videos appearing on the site, creating an image that viewers will likely associate more with a movie theater screen or high-definition television.

Monday, November 24, 2008

Too trivial to prosecute.

http://breachblog.com/2008/11/23/childhosp.aspx?ref=rss

Children's Hospital families affected by ex-employee fraud

Date Reported: 11/23/08

Breach Description:

"DENVER - The Children's Hospital and a third-party billing contractor will warn as many as 1,000 families that their credit card information may have been compromised by a former employee."

... The Oginskys are also frustrated, upset that the person who stole their information is not likely to face criminal charges.

[Evan] What?! Are you kidding me? How can this be?

The hotel where their credit card was used, the Excalibur, plans to write off the loss instead of filing a police report.

[Evan] In my opinion, this is a case where ethics should come before a "business case". This seems a little selfish.

According to the Oginskys, Denver Police sent them a letter saying they would not pursue to the case due to a backlog of similar reports unless the hotel would also press charges.

The Revenue Enterprises employee passed a background check before beginning work, the company said.

The Oginskys are troubled that she could still pass that same check in the future.

[Evan] This is huge concern. Due to the fact that there will be no charges filed, there is nothing to stop this crook from doing the same thing in the future. If there is no public record, there is little or no information available to warn future employers.



See what happens when you insist on that morning coffee? Drink beer!

http://www.pogowasright.org/article.php?story=20081123121910942

Starbucks notifies 97,000 of stolen laptop (updated)

Sunday, November 23 2008 @ 12:19 PM EST Contributed by: PrivacyNews

Several web sites and blogs are reporting that Starbucks employees were notified on Nov. 22nd of a laptop theft in Seattle on October 29th. The laptop reportedly contained personal information including names, addresses, and Social Security numbers.

The text of what is reported to be an internal memo signed by Russell Walker, Vice-President, Enterprise Security has been reproduced on a number sites, including the Starbucks Gossip blog and Laptop Theft Resources.

The internal memo does not state how the laptop was stolen, and suggests that the data were not encrypted. The company is offering those affected free credit-monitoring services with Equifax.

No statement has appeared on Starbuck's web site, and no one was available to confirm or deny the story at the time of this publication.

Update: We have just received this confirmation and statement from Starbuck's:

We recently learned that a laptop containing partner files was stolen on October 29, 2008. The laptop contained a file with the private information of approximately 97,000 U.S. partners (employees). At present, we have no indication that any partner data has been misused.

Starbucks takes our commitment to safeguarding the personal information and security of our partners very seriously, and we regret the inconvenience that this incident may cause. Currently, we are making every reasonable effort to notify those partners whose information may have been on the missing laptop and are offering to them a year of credit monitoring services at no cost.

We encourage any partners with questions or concerns related to this incident and the steps we have taken to contact the Starbucks Partner Contact Center at (866) 504-7368.



It could be worse. They could ask you to explain all the stuff they already know...

http://www.pogowasright.org/article.php?story=20081124061144208

Barack Obama wants you (to spill your secrets)

Monday, November 24 2008 @ 06:11 AM EST Contributed by: PrivacyNews

In his first press conference after the election, Barack Obama cracked a joke about Nancy Reagan holding séances in the White House. (It was factually inaccurate; the former first lady was into horoscopes, not "Hellraiser.") This provoked the administration’s first apology, but not the first bipartisan critique. That came a week later, with the release of the administration’s job application.

In 63 questions over seven pages, prospective White House employees are being asked — in addition to questions about finances, gun ownership and, possibly, flossing habits — to list “all aliases or ‘handles’ you have used to communicate on the Internet,” [I don't think I could do that. And how can I explain that not all posts by “anonymous” are mine? Bob] everything they’ve written, “including, but not limited to, any posts or comments on blogs or other websites,” links to their Facebook or MySpace pages and any potentially embarrassing “electronic communication, including but not limited to an email, text message or instant message.”

Source - Salon.com hat-tip, InfoWarrior.org Mail List


Related? Another reason the state wants real-time surveillance of “citizens”

http://news.cnet.com/8301-13577_3-10106379-36.html?part=rss&subj=news&tag=2547-1_3-0-5

Report: British juror axed for disclosures on Facebook

Posted by Caroline McCarthy November 24, 2008 5:43 AM PST

A British woman has reportedly been kicked off a jury for posting a "note" on Facebook asking her friends what they thought of the trial. She was given the boot after the court was tipped off.



...because...

http://www.pogowasright.org/article.php?story=2008112405335253

Data “Dysprotection:” breaches reported last week

Monday, November 24 2008 @ 05:33 AM EST Contributed by: PrivacyNews

A recap of incidents or privacy breaches reported last week for those who enjoy shaking their head and muttering to themselves with their morning coffee.

Source - Chronicles of Dissent



For those interested in both Identity Theft and Economics... I wonder how many “advertisers” are scam artists or police stings?

http://www.pogowasright.org/article.php?story=20081124052349901

Market for stolen goods valued at £184m

Monday, November 24 2008 @ 05:23 AM EST Contributed by: PrivacyNews

Credit card details sold on the black market could be worth over £57m, according to new research on the 'underground economy' released today by Symantec.

The security vendor monitored the internet chat rooms and forums where personal information stolen by hackers via Trojans, phishing attacks and other methods are bought and sold. Symantec found nearly 70,000 active advertisers selling compromised bank account and credit and debit card details, email accounts and pirated desktop games.

Source - vnunet.com



Ain't technology wonderful!?!

http://news.cnet.com/8301-13505_3-10106213-16.html?part=rss&subj=news&tag=2547-1_3-0-5

Two years later, McDonalds' sandwich patent can't hold back Dominos

Posted by Matt Asay November 22, 2008 8:03 PM PST

For centuries people have enjoyed sandwiches, and many businesses have made them without the "critical" protection of patents to ensure a short-term monopoly. Indeed, here in the United States, Dominos Pizza is making a furious push to up-end Subway's sandwich dominance.

!%!%!%!% pirates!

Have they forgotten that McDonalds filed for a patent on sandwich-making two years ago? The UK's Guardian covered this momentous patent two years ago, but it apparently hasn't struck fear into these would-be sandwich maestros.

Of course, McDonalds was not simply trying to patent the sandwich. It was trying to put a lock on automating sandwich making, so that 16-year olds everywhere would find themselves unemployed, and so that its plastic-tasting burgers would have even less variation in plasticity:



Perhaps we could learn from this? (probably not...)

http://tech.slashdot.org/article.pl?sid=08/11/23/1952248&from=rss

EU Strikes Down French "3 Strikes" Copyright Infringement Law

Posted by timothy on Sunday November 23, @03:24PM from the mon-dieu dept. The Internet

Erris writes

"Opendotdotdot has good news about laws in the EU: 'EU culture ministers yesterday (20 November) rejected French proposals to curb online piracy through compulsory measures against free downloading ... [and instead pushed] for "a fair balance between the various fundamental rights" while fighting online piracy, first listing "the right to personal data protection," then "the freedom of information" and only lastly "the protection of intellectual property." [This] indicates that the culture ministers and their advisers are beginning to understand the dynamics of the Net, that throttling its use through crude instruments like the "three strikes and you're out" is exactly the wrong thing to do.'"



Some textbooks and course descriptions. I'd say they were in favor of teaching this in law schools...

http://ralphlosey.wordpress.com/2008/11/23/teach-your-children-well-a-case-for-teaching-e-discovery-in-law-schools/

Teach Your Children Well” - A Case for Teaching E-Discovery in Law Schools

Guest Blog by Shannon Capone Kirk and Kristin G. Ali


Related? Why Geeks should have lawyers!

http://yro.slashdot.org/article.pl?sid=08/11/24/0041238&from=rss

Psystar Case Reveals Poor Email Archiving At Apple

Posted by timothy on Sunday November 23, @09:03PM from the let-me-check-the-round-file dept. The Courts Communications Data Storage Apple

Ian Lamont writes

"Buried in the court filings of the recently concluded Psytar antitrust suit against Apple is a document that discussed Apple's corporate policy regarding employee email. Apparently, Apple has no company-wide policy for archiving, saving, or deleting email. This could potentially run afoul of e-discovery requirements, which have tripped up other companies that have been unable to produce emails and other electronic files in court. A lawyer quoted in the article (but not involved in the case) called Apple's retention policy 'negligent.' However, the issue did not help Psystar's lawsuit against Apple — a judge dismissed the case earlier this week."



How to impress a geek...

http://developers.slashdot.org/article.pl?sid=08/11/23/1637219&from=rss

Google Sorts 1 Petabyte In 6 Hours

Posted by Soulskill on Sunday November 23, @11:53AM from the sort-of-fast dept. Google Databases Technology

krewemaynard writes

"Google has announced that they were able to sort one petabyte of data in 6 hours and 2 minutes across 4,000 computers. According to the Google Blog, '... to put this amount in perspective, it is 12 times the amount of archived web data in the US Library of Congress as of May 2008. In comparison, consider that the aggregate size of data processed by all instances of MapReduce at Google was on average 20PB per day in January 2008.' The technology making this possible is MapReduce 'a programming model and an associated implementation for processing and generating large data sets.' We discussed it a few months ago. Google has also posted a video from their Technology RoundTable discussing MapReduce."



For the Computer Forensics team. A cheap (free) first guesstimate?

http://digg.com/software/Is_That_Photo_Shopped

Is That Photo 'Shopped'...?

tinyappz.com — Error Level Analyser allows you to quickly check any image to determine if it might be photoshopped or altered. Simple, Quick, Free, and Effective.

http://www.tinyappz.com/wiki/Error_Level_Analyser

[Paper discussing modified images: http://www.hackerfactor.com/papers/bh-usa-07-krawetz-wp.pdf



I could improve my memory by smoking... er... that green stuff that caused my memory loss in the first place?

http://www.redorbit.com/news/health/1601665/marijuana_could_reduce_memory_impairment/index.html?source=r_health

Marijuana Could Reduce Memory Impairment

Posted on: Wednesday, 19 November 2008, 15:40 CST

The more research they do, the more evidence Ohio State University scientists find that specific elements of marijuana can be good for the aging brain by reducing inflammation there and possibly even stimulating the formation of new brain cells.



Toward computerized musicians? (“I'm sorry, Dave. I can't let you play that in B-flat...”)

http://tech.slashdot.org/article.pl?sid=08/11/23/227214&from=rss

A Computer Composing and Playing Jazz

Posted by timothy on Sunday November 23, @05:40PM from the jazz?-you-really-are-polite dept. Music Technology

Roland Piquepaille writes

"The Norwegian University of Science and Technology (NTNU) has some unusual teaching programs. One PhD student, Øyvind Brandtsegg, is a graduate of the jazz program and this article describes how has developed a computer program and a musical instrument for improvisation. The PhD student is 36 years old and is at the same time a composer, a musician and computer programmer. His 'computer instrument' can take any recorded sound as input and split it into a number of very short sound particles that can last for between 1 and 10 milliseconds. 'These fragments may be infinitely reshuffled, making it possible to vary the music with no change in the fundamental theme.'"

Brandtsegg improvisational software is called ImproSculpt; his site contains several selections from his musical output, including "some pieces made with the predecessor of ImproSculpt," called FollowMe.