Saturday, December 13, 2008

Don't worry, TJX still hold the world record...

De: Berlin Bank Accused of Country's Largest Data Leak

Saturday, December 13 2008 @ 06:44 AM EST Contributed by: PrivacyNews

Consumers in Germany have been affected by what is being calling the country's largest data leak. A Berlin bank has reportedly lost data on thousands of credit card customers -- including their PIN numbers.

Strictly confidential information on over 10,000 credit card customers of the Landesbank Berlin (LBB) was anonymously sent to the Frankfurter Rundschau, the newspaper claimed on Saturday, Dec. 13.

... Supposedly, the data leak originated with another company, AtosWorldline, which LBB had hired to do its accounting.

Source - DW-World-de Related - The Local has additional details.

It's that time of year again, when criminals know they can count on retailers to cover-up any loss of credit card information until all the Christmas shopping is done.

Credit-card data leak in online buys

Saturday, December 13 2008 @ 06:49 AM EST Contributed by: PrivacyNews

As online shopping reaches its annual crescendo of activity, here's another reminder to be mindful of the information you hand out.

A Greensboro company, Innisbrook, has notified thousands of parents across the country that their credit card information may have been compromised. Some parents in the Triangle have found fraudulent charges on their accounts.

Innisbrook works with thousands of schools nationwide and sells things like school supplies and wrapping paper to raise money for the schools.

The security breach happened in August, when many customers were placing orders for bundles of back-to-school supplies.

Twenty-four schools in North Carolina were affected, and only information from customers who placed orders online and paid with a credit card was at risk.

Source - News & Observer

When a Customer Service goes bad.

CheckFree notified approximately 5 million of breach (follow-up)

Saturday, December 13 2008 @ 06:24 AM EST Contributed by: PrivacyNews

No primary sources were provided, but the Wisconsin Office of Privacy Protection is reporting that "An estimated 160,000 online bill paying consumers may have been affected. Notification was sent to approximately 5 million consumers that may have a relationship with CheckFree as a bill paying agent. Letters or emails have been sent from various banks and vendors. The notification letter offers 2 years of free monitoring services."

Little more on the Citibank ATM thefts, but the time-line seems strange... The hack occurred in 2007, was discovered in January 2008, people were arrested in February, but the cards were still being used as late as May? Did Citibank not know what cards were at risk or was it considered cheaper to let the thefts happen?

Cyber Crook Pleads Guilty to Looting Citibank Accounts With Hacked ATM Codes

Friday, December 12 2008 @ 01:58 PM EST Contributed by: PrivacyNews

A 28-year-old man caught in the act of using hacked ATM codes to loot Citibank accounts last May pleaded guilty this week to a single count of access device fraud, bringing to five the number of defendants who've entered guilty pleas in connection with an intrusion into an ATM processing server that led to at least $2 million in fraudulent withdrawals this year.

Aleksandar Aleksiev pleaded guilty to a single count of access device fraud in federal court in Manhattan on Tuesday.

Source - Threat Level

[From the article:

A 28-year-old man caught in the act of using hacked ATM codes to loot Citibank accounts last May pleaded guilty this week to a single count of access device fraud,

... In late 2007, an unknown hacker penetrated a server that processes transactions from Citibank-branded ATMs at 7-Eleven convenience stores, and stole customer account numbers and PINs.

... The scheme began unraveling in January, when two alleged cashers — Nue Quni and Luma Bitti — were arrested after a lucky traffic stop caught them with blank cards and a mag-stripe writer in their car.

... Then in late February and early March, the FBI and the U.S. Secret Service arrested two Ukrainian immigrants and two alleged co-conspirators for allegedly using more of the stolen PINs.

... Once the hack came to light in January, Citibank began monitoring the compromised accounts. At the time of the May arrest, according to court records, some $180,000 in stolen cash had walked out of ATMs in the Upper East Side in the previous three days, prompting Citibank to put the 65th Street Branch under physical surveillance.

Surely no one expects politicians to understand privacy? (Or to get too upset when their private data is compromised.)

FOX 5 Buys Second Info-Loaded Blackberry from McCain Campaign

Friday, December 12 2008 @ 04:31 PM EST Contributed by: PrivacyNews

Personal information for a former Virginia Governor is one of more than 300 'contacts' listed inside a second Blackberry phone purchased by FOX 5 during a fire sale at the McCain-Palin headquarters this week.

FOX 5 Investigative Reporter Tisha Thompson broke the story late Thursday night, just hours after she purchased a $20 Blackberry from the campaign.

Source - MyFOX

Ubiquitous surveillance is good? Failure to point out that this is true only in a perfect world (perfect as defined by me) suggests that someone has lost touch with reality – at least that's what their cellphone tells me. (I think this Prof. just wants to be on Oprah.)

Less Privacy Means Less Discrimination

Saturday, December 13 2008 @ 06:13 AM EST Contributed by: PrivacyNews

Walking down a city street at night, you can already use your smartphone to check out reviews of the restaurant you’re considering. Should you also be able to check whether any of those teenagers a block away and closing have criminal records?

Yes, suggests Lior Strahilevitz, a professor at the University of Chicago. In fact, your phone might even automatically download that information from the teenagers’ phones.

Source - NY Times

[From the article:

An invasion of privacy? By many standards, yes, but consider current practice, Strahilevitz argued in a pair of articles this year in the law reviews of Northwestern University and the University of Chicago. Most people encountering teenagers size them up by judging their clothing, demeanor and ethnicity — they “profile.” Give people more information, [e.g. arrest records, report cards, psych history Bob] and they can make better, more individualized judgments.

[Law Review article (I can only find one):


The end of “process servers?” Next, virtual juries – sit at home, watch the case via streaming video, send in your verdict via instant messaging! “OMG! Guilty!” Perhaps “HSNI” (he's so not innocent!) or “FTB” (fry the bastard!)

Australian court serves documents via Facebook

Saturday, December 13 2008 @ 06:16 AM EST Contributed by: PrivacyNews

The big question about Facebook is does it have any valuable commercial application? Well it seems that the courts have found one.

Today in what appears to be a first in Australia and perhaps the world, Master Harper of the ACT Supreme Court ordered that a default judgement could be served on defendants by notification on Facebook.

Source - The Age

Trying to find the balance between overreacting and under reacting

Final Regulations Published on Family Educational Rights and Privacy Act

Saturday, December 13 2008 @ 06:36 AM EST Contributed by: PrivacyNews

Following the tragic April 2007 shootings at Virginia Tech, the U.S. Department of Education published in today's Federal Register final regulations to clarify and give schools greater flexibility in making determinations about disclosures of information from students' education records in order to address threats to the health or safety of students or other individuals. The department published draft regulations March 24.

... The final regulations include changes and clarifications as a result of public comments on the proposed rules that prompted comments from more than 100 individuals and organizations. The regulations will take effect on Jan. 8, 2009.

Among the highlights:


  • In order to provide more flexibility to school administrators, language was removed requiring strict construction of the provision in FERPA that permits disclosure of education records, without consent, in order to deal with health or safety emergencies. Now, in making a determination concerning disclosures, a school may take into account the totality of the circumstances pertaining to a threat to the safety or health of the student or other individuals.

  • The school must record the significant threat that formed the basis for the disclosure and the parties to whom the information was disclosed. If there is a rational basis for the determination, the Education Department will not substitute its judgment for that of the educational agency or institution in deciding to release the information.

  • The final regulations clarify the Education Department's longstanding interpretation that "appropriate parties" to whom schools may disclose in a health or safety emergency include "parents of an eligible student."



  • The final regulations contain important recommendations to help educational agencies and institutions meet the challenges of safeguarding education records, especially records contained in electronic data systems.

  • The final regulations update the definition of "personally identifiable information."

Source - U.S. Dept. of Education Related - Final Regulations

Apparently it is more than a Japanese-US cultural difference – its a Sony cultural failure.

Sony needs a common-sense czar

Posted by Greg Sandoval December 12, 2008 3:31 PM PST

... Is there any major consumer company around that seems to understand basic customer relations less than Sony? Isn't rule No.1 in the CR manual, "Don't spy on customers?" If so, then rule 1-A must be: "Take extra care to avoid spying on customers' children."

The latest example of Sony's disconnect with the masses came this week when the company's music division was fined for surreptitiously collecting information on children under 13-years old.

On Thursday, Sony agreed to pay $1 million to the Federal Trade Commission for collecting information on 30,000 children without obtaining parental consent. According to the Associated Press, Sony violated the Children's Online Privacy Protection Act when it collected the data from hundreds of fan sites, including those of such musical acts as Kelly Clarkson, Britney Spears and Christina Aguilera.

Related? Commenters seems to think so...

Privacy: On Doing No Harm

Friday, December 12 2008 @ 01:48 PM EST Contributed by: PrivacyNews

The launch of the AT&T-backed Future of Privacy Forum last month (see our own interview with principal Jules Polonetsky here ) sparked discussion about how digital media should best address the debate. Matthew Wise, CEO, Q Interactive and former senior vice president of account services at Draft, is a member of the Interactive Advertising Bureau board who takes issue with some of the early statement by FPF members. Rather than start the debate over whether data is or should be collected, Wise argues here that the argument really should surround data's proper use.

Source - MediaPost

[From the article:

Wise: Our discussions at the IAB with regulators is that there is no pending legislation, but the risk of that has increased dramatically over the last 24 months. In the last 12 months there has been a stepped-up effort to establish guidelines and privacy processes so that legislation doesn't come about. Most of the legislation that we see is well-intentioned but poorly executed, and often more detrimental than positive to the industry. [I concur, but don't agree with their conclusion that self-regulation will solve all privacy problems Bob]

Interesting arguments

CO: Judge halts arrests in Weld County tax probe

Friday, December 12 2008 @ 01:55 PM EST Contributed by: PrivacyNews

A judge is questioning the legality of search warrants issued in a Weld County investigation into the alleged use of stolen or fake IDs to claim $2.6 million in tax refunds.

District Judge James Hartmann this week ordered authorities not to arrest anyone else in the case if the arrests are based on information from federal tax returns, saying that information is confidential.

He also demanded that District Attorney Ken Buck explain the legality of the search warrants.

Buck said last month that about 1,300 people may have used stolen or phony Social Security numbers to get refunds. About 35 had been arrested on charges of identity theft or criminal impersonation when Hartmann halted the operation.

Source -

[From the article:

Authorities seized two years of federal tax returns from a Greeley tax preparer's office last month in the investigation.

Hartmann, in a written order, said federal tax return information is protected by privacy provisions of federal law when it's in the possession of a tax preparer.

Buck said his staff researched the privacy issue and consulted with the IRS before getting arrest warrants.

... "I don't care for the order the judge issued because I think these people committed a crime and they need to be held accountable," he said. [Pivotal concept. Does this justify “illegal” evidence gathering? If so, let's wiretap everyone! Oh, wait, we already do that... Bob]

Culture is difficult to change in large corporations, and almost impossible in government where it is more important to protect your turf than to achieve your goals.

Report Rips Government Wireless Network Effort

Posted by Soulskill on Friday December 12, @07:20PM from the effort-is-kind-of-a-strong-word-for-it dept. Wireless Networking Government United States Technology

coondoggie writes with this excerpt from NetworkWorld:

"Like a bunch of children in a sandbox unable and perhaps unwilling to share their toys, multiple key government agencies cannot or will not cooperate to build a collaborative wireless network. The Government Accountability Office report (PDF) issued today took aim at the Departments of Justice, Homeland Security, and the Treasury which had intended what's known as The Integrated Wireless Network (IWN) to be a joint radio communications system to improve communication among law enforcement agencies. However IWN, which has already cost millions of dollars, is no longer being pursued as a joint development project, the GAO said. By abandoning collaboration on a joint implementation, the departments risk duplication of effort and inefficient use of resources as they continue to invest significant resources in independent solutions. Further, these efforts will not ensure the interoperability needed to serve day-to-day law enforcement operations or a coordinated response to terrorist or other events, the GAO said."

Delay might be a valid legal strategy, but you gotta “know when to fold 'em...”

Cisco discovers the FSF wasn't joking

Posted by Matt Asay December 12, 2008 2:07 PM PST

When I read that the Free Software Foundation is suing Cisco Systems over alleged violations of the GNU General Public License (GPL), my first reaction was, "Put that subpoena back in your pocket, FSF." A copy of the complaint is available on PDF.

After all, I figured that it was yet another BusyBox claim and, while I believe that everyone - including open-source developers - has a right and duty to protect its intellectual property, it has seemed lately that the open-source world is becoming as litigious as the proprietary world, and that's not a good thing.

However, reading OStatic's summary of the suit reminded me that for the FSF has never been particularly litigious, never visiting the courtroom in 15 years of license enforcement. For the FSF, through the Software Freedom Law Center, to take this action suggests that things must be very bad.

... In a statement, Cisco indicated that it believes itself to be in "substantial compliance" with the GPL, but that's like saying it's almost a virgin. Either you are, or you're not. In this case, given the FSF's nonlitigious track record, I suspect that Cisco is not, in fact, in compliance with the GPL. This, however, is easy to fix: release the code.

Open Source is cheap enough (free) to give vendors a distinct price advantage.

HP Pushes Open Source For Small Businesses

Posted by Soulskill on Saturday December 13, @02:28AM from the financial-motivation dept. HP Businesses Linux News

ruphus13 writes

"HP finally begins to actively push open source in its products. From the post, 'HP has been quirky over the years when it comes to open source. It has been, traditionally, a company that supports open source — especially in larger enterprises... Wednesday, it announced two new open source products, geared to small businesses and educational institutions. HP plans on including its 'Mozilla Firefox for HP Virtual Solution' on more of its business class desktop PCs (to a total of seven models between the HP Compaq dc/dx lines in the US, eight models worldwide). Come December 15th, HP will also offer Novell's SUSE Linux Enterprise Desktop on its HP Compaq dc5850 model. The base SLED-equipped model will cost $519, and features the usual open source suspects for the small business setting — OpenOffice, and mail clients such as Evolution.'"

...but proprietary software is profitable enough to allow liberal bribes (campaign contributions) to politicians.

Windows Cheap Enough For $2B Aussie Laptop Deal

Posted by kdawson on Friday December 12, @06:31PM from the if-you-give-it-away dept. Education Windows Linux

An anonymous reader writes

"Windows-based netbooks aren't too expensive to be ruled out of the Aussie government's billion dollar promise to give a laptop to every school-aged child, according to several education departments. The admission follows an earlier report that open source machines based on Ubuntu or Mandriva are the only option to deliver up to four million computers to students for under $2 billion. Microsoft itself claimed it will keep costs per unit down by hosting a lot of the educational software in the cloud rather than on the netbook devices."

Another look at the Cloud

Handicapping cloud computing: The big picture

Posted by Larry Dignan December 12, 2008 10:17 AM PST

... Lindsay has cooked up this helpful chart that lines up the cloud stack that various vendors are trying to build. While Lindsay forgot a few vendors, the chart provides a handy overview:

For my Computer Forensics students. An example of poor evidence handling? Only one copy?

Recovered Data From a Corrupt DVD Leads To Conviction, 24-Year Sentence

Posted by Soulskill on Friday December 12, @10:14PM from the put-that-in-a-safe-place dept. Data Storage The Courts Technology

Lucas123 writes

"The Santa Cruz, Calif. DA's office had been counting on a DVD with the recorded testimony of a victim in case against a serial rapist, but when they popped the video into the player, nothing came up — the disc was blank. To make matters worse, the cop who performed the original interview with the victim told the DA she never said she was 'forced,' so the judge wasn't going to allow the witness to testify in a case where her original statement to police was in conflict with her current testimony. After two local data recovery firms said there was no way to restore the data, a third was able to recover the police interview from two years earlier, which led the defendant to plead guilty earlier this month. Close call."

[From the article at:

He said police recalled her statements -- the ones on the corrupted DVD -- as being different from what the victim planned to say during the trial, Isaac said. As a result, Barnes' lawyers claimed that the victim's original police interview, as police remembered it, would have been inconsistent with her trial testimony and therefore would be exculpatory evidence. "The loss of exculpatory evidence is a bad thing and the judge was inclined to punish us by not letting the witness testify because of the allegation that we'd lost the evidence," he said.

Useful site but it still doesn't translate “wife”

Nice Translator makes Google's translations sexy

Posted by Josh Lowensohn December 12, 2008 10:02 AM PST

If you like Google's translate service but want something that can do the same phrase in multiple languages at once and in real time, the Nice Translator is worth checking out.

This simple application uses Google Translate to do the heavy lifting. It lets users type in any phrase, in any language, then translates it into one of the other 34 available languages as they type.

The site works fairly well on mobile devices, including the iPhone, though not as well as Google's own mobile-translation page despite its one-language-at-a-time limitation.

Friday, December 12, 2008

Beyond e-Discovery. How do you find documents the other side hid? Disgruntled employees! (Let that be a lesson to you – keep your employees well gruntled!)

Nintendo Slapped With Wiimote Strap Lawsuit Once Again

Posted by Soulskill on Thursday December 11, @11:52PM from the it's-not-a-hula-hoop dept. Input Devices Nintendo The Courts Games

GameCyteSean writes

"GameCyte is reporting that a new class-action lawsuit has challenged Nintendo's Wiimote straps once more. Interestingly, the suit was filed by the same lawyer who led the original 2006 attempt, and now argues that Nintendo hid records of broken TVs from the Consumer Product Safety Commission. From the article: 'This doesn't seem like a spurious accusation, either. Attached to the court filing (PDF) as a matter of public record is the very evidence Nintendo allegedly tried to hide: actual, internal Nintendo documents (PDF) where customer service reps received complaints of cracked televisions and broken Wiimote straps — and the corresponding Monthly Reports that Nintendo was compelled to file with the CPSC as part of their agreement.'"

Not foolproof. If they want your data, they'll pull the drive immediately.

Ericsson and Intel Offer Remote Notebook Lockdown

Posted by timothy on Thursday December 11, @09:02PM from the and-if-you-refuse-this-offer dept. Portables Security

MojoKid writes

"Ericsson and Intel have announced that they are collaborating on a way to keep your laptop's contents safe when your laptop goes MIA. Using Intel's Anti-Theft Technology — PC Protection (Intel AT-p) and Ericsson's Mobile Broadband (HSPA) modules, lost or stolen laptops can be remotely locked down. Similar to Lenovo's recently announced Lockdown Now PC technology, the Ericsson-Intel technology uses SMS messages sent directly to a laptop's mobile broadband chip. Once the chip receives the lock-down message, it passes it to the Intel AT-p function, which is integrated into Intel's Centrino 2 with vPro technology platform. Unlike Lenovo's anti-theft solution, the Ericsson module includes GPS functionality as well."

Now here's a guy I could like.

Online Rebel Publishes Millions of Dollars in U.S. Court Records for Free

By Ryan Singel

If you want to search federal court documents, it's not a problem. Just apply online for an account, and the government will issue you a user name and password.

Through the postal service.

And once you log in, the government's courthouse search engine known as Public Access to Court Electronic Records or PACER, will charge you 8 cents a page to read documents that are in the public domain — a fee that earned the federal judiciary $50 million in profits in 2006.

... Now Malamud is doing something about it. He's asking lawyers to donate their PACER documents one by one, which he then classifies and bundles into ZIP files published for free at his organization's website. The one-year-old effort has garnered him 20 percent of all the files on PACER, including all decisions from federal appeals courts over the last 50 years.

... Back in 1995, the Securities and Exchange Committee decided to put corporate filings online only after Malamud essentially shamed them into doing so. For two years he operated a free site that published the filings, then abruptly pulled the plug and directed angry users to the SEC. [Yep, definitely my kinda guy! Bob]

Starbucks is the new Exxon?

Waste Coffee Grounds Offer New Source of Biodiesel

Posted by timothy on Friday December 12, @02:54AM from the as-if-you-needed-another-reason dept. Power Biotech Transportation

Julie188 writes

"Researchers in Nevada are reporting that waste coffee grounds can provide a cheap, abundant, and environmentally friendly source of biodiesel fuel for powering cars and trucks. Their study has been published online in the Journal of Agricultural and Food Chemistry. Growers produce more than 16 billion pounds of coffee around the world each year. Scientists estimate that spent coffee grounds can potentially add 340 million gallons of biodiesel to the world's fuel supply."

Capture and playback your screens – build your own training video!

Get Camtasia Studio 3.0 Screencast Software for Free

Posted by Bina on Fri 23 Nov 2007

... In the hope of persuading you to upgrade to their latest version of Camtasia Studio (version 5.0), they’re offering an older version (i.e. version 3) for free.

Here’s what you have to do to take up this offer.

  1. Download the free trial version of Camtasia Studio 3 at:

  2. Go to the following promotion page, complete your name, country and e-mail address and Techsmith will send you the software key to unlock the program almost instantly:

  3. Just install the program you downloaded from step 1 above and then enter the software key you receive from Techsmith in step 2 and you’ll have a fully working version of Camtasia Studio 3 on your PC.


5 Free Screencasting Apps for Creating Video Tutorials

Feb. 27th, 2008 By Travis Quinnelly

For my math students. Not the best I've found, but another perspective always helps.

The Khan Academy a not-for-profit organization with the mission of providing a high quality education to anyone, anywhere.

We have 600 videos on YouTube covering everything from basic arithmetic and algebra to differential equations, physics, and finance

Thursday, December 11, 2008

High profile (and perhaps a future case study) but unlikely to be of great concern to anyone.

Tom's privacy crisis

Thursday, December 11 2008 @ 06:42 AM EST Contributed by: PrivacyNews

Many of Hollywood's famed stars are apparently frantic over the possibility that many a private piece of information has fallen into the wrong hands, as Tom Cruise lost his BlackBerry. [Perhaps a children's book title? Bob]

According to the Daily Star, 46-year-old Cruise's information laden [Some phone numbers? Bob] phone went missing while he was in Canada, promoting upcoming movie 'Valkyrie', and his many celebrity friends are now concerned about the inevitable breach of their privacy.

Source -

Sony again. Anyone else think they just don't get it? (Data for my “What is an identity worth” formula.)

Sony sued for collecting data on children under 13

Thursday, December 11 2008 @ 06:35 AM EST Contributed by: PrivacyNews

Sony BMG Music Entertainment, the recording company of Justin Timberlake and Bruce Springsteen, has been sued by the U.S. for collecting and disclosing personal data about 30,000 young children without informing their parents.

The Federal Trade Commission filed a civil lawsuit Wednesday [and apparently it is already settled! Bob] in Manhattan federal court. The suit, which alleges violations of the Children's Online Privacy Protection Act, seeks unspecified money damages and an injunction.

"Sony Music collected, used and/or disclosed personal information from children without first providing their parents with notice of its information practices," the complaint says.

Source - Mercury News

[From the article:

The FTC claims Sony Music, a Sony unit that operates more than 1,100 music-related Web sites, collected information from more than 30,000 children under age 13 since 2004, despite claiming on its sites that visitors that young wouldn't be allowed to register.

Sony agreed to pay a $1 million fine and hire a compliance officer who will put a screening process in place to prevent the collection of such data, according to two people close to the agreement who declined to be identified.

Raising more questions than it answers...

Thousands affected in dealership data theft

Thursday, December 11 2008 @ 06:49 AM EST Contributed by: PrivacyNews

Personal information from thousands of people in New Hampshire and Massachusetts has been compromised after a data backup tape from Bill Dube Ford/Toyota was stolen this summer.

The pilfered data include names, addresses, Social Security numbers and driver's license information, but no financial data such as credit card information, from customers at Bill Dube's dealerships in Dover and Wilmington, Mass.

Source - Union Leader

[From the article:

The data were discovered stolen on Aug. 5 and reported to police that same day. Customers were informed of the breach in a letter dated Dec. 5. [Four Months? Bob]

... A single data tape was stolen from a secure storage room at the Dover dealership on Dover Point Road in August, Silverman said. He said few people knew of the storage room and whoever stole the tape accessed the room via a staircase in the back of the dealership. [Backed up, but not taken off site? Bob]

... Silverman said company officials also had to figure out what data were stolen. [“We never know what files we back up. Makes it more adventurous that way! Bob]

... "The dealership executives feel very strongly that whoever did this, the intent was to give them a hard time and have them have to go through a process like this," he said. [Dream on... Bob]

Interesting. Note that this article is from the Military Tech section...

Investigators now crack crime computers on the spot

Posted by Mark Rutherford December 11, 2008 6:00 AM PST

A new system allows investigators to boot, run and install investigative tools to examine computers used in the commission of crime or terrorism, without altering the contents or compromising the chain of evidence, according to the inventor.

It's common today for computers and their contents to be tagged as evidence. The problem has been how to boot and examine their contents, and still maintain "forensic soundness". Traditionally, this required painstaking hours of copying and transferring data. The result was a huge backlog in computer crime labs across the nation, while investigators waited months for forensic information to be processed, according to Voom Technologies Inc.(PDF)

The CyberCrime Unit is news to me. Should we expect more vendors to do this? Where's the payback?

Fighting cybercrime in an economic downturn

Posted by Elinor Mills December 11, 2008 4:00 AM PST

... she's been preparing for the launch early next year of McAfee's Cybercrime Response Unit, a site where consumers can go when they think they've been victimized by online scams.

She's increasingly focusing on protecting Internet users because malware attacks are up now that economic times are tough. Online scammers have been going into overdrive with phishing and other online schemes aimed at people confused about the banking consolidation or who are desperate because of a layoff or foreclosure. In fact, there are direct correlations between targeted cyberattacks on consumers and the stock market decline over the past few months. [Hackers invest too. Bob]

“We can, therefore we must!” What part don't you understand?

UK: Ex-MI5 chief 'astonished' at how many organisations use anti-terror law

Wednesday, December 10 2008 @ 07:42 AM EST Contributed by: PrivacyNews

The Regulation of Investigatory Powers Act (RIPA) was passed in 2000 to regulate the way that public bodies such as the police and the security services carry out surveillance. Originally only a handful of authorities were able to use RIPA but its scope has been expanded enormously and now there are at least 792 organisations using it, including hundreds of local councils.

... Now those campaigning against the abuse of RIPA have got a new ally – Lady Manningham-Buller, the former head of MI5. In a speech in the House of Lords yesterday, she said she was "astonished" when she found out how many organisations were getting access to RIPA powers.

Source - Guardian

Wave a wand, consider implications only if the voters scream... What bozo thought this was a solution?

Colo. Changes Course on Maiden Name Rule

Wednesday, December 10 2008 @ 07:22 AM EST Contributed by: PrivacyNews

Public outcry has forced the State of Colorado to throw out a new rule it enacted just weeks ago to thwart identity theft.

The rule prevented newlyweds from turning their maiden names into middle names.

But because of a crush of complaints, the Governor's Office intervened and asked the Colorado Department of Revenue to adopt an emergency rule undoing the new rule. It will take effect on Monday.

Source - MyFOX

Business Model: Talk the government into making people pay for the products I can't sell!

Why a Music Tax Is a Bad Idea

Posted by timothy on Wednesday December 10, @05:09PM from the let-me-count-the-ways dept.

An anonymous reader writes with a followup to the story posted last week about Warner Music's plan for a music tax for universities.

"There's been some debate about this plan and Techdirt has a detailed explanation of why a music tax is a bad idea, noting that it effectively rewards those who failed in the marketplace, punishes those who innovated and sets up a huge, inefficient and unnecessary bureaucracy. Meanwhile, plenty of musicians who are experimenting with new business models are finding that they can make more money and appeal to more fans. So, why stymie that process with a new bureaucracy that simply funds the big record labels?"

Related “It's for the children!”

MPAA Urges Obama to Embrace Internet Filtering

By David Kravets December 10, 2008 2:57:22 PM

Using technology to create a true democracy? Or perhaps a compu-tocracy? (If you can't afford a computer you can't afford a political contribution, therefore you are of no value to us.

Digg-like tool lets visitors pick policy questions

Posted by Stephanie Condon December 10, 2008 3:59 PM PST

Its "Open for Questions" tool allows visitors to submit a question for the transition team and, much like Digg, allows users to vote for other people's questions they find important or vote against questions they don't like. The most popular questions will be regularly answered by the Obama team. [And of course no questions will be manipulated... Bob]

Related? Or just an opportunity to blogify?

Bush talks with international bloggers

Posted by Stephanie Condon December 10, 2008 3:26 PM PST

The president-elect has been showing off his Web savvy on, but George Bush demonstrated Wednesday he also advocates using the Internet to facilitate democracy.

President Bush, in recognition of Human Rights Day, met with bloggers from Belarus, Burma, China, Cuba, Egypt, Iran, and Venezuela at the White House and via video teleconference to discuss blogging in favor of democratic change.

Worth the expense of a library card?

Enterprise 2.0

Posted by samzenpus on Wednesday December 10, @12:17PM from the read-all-about-it dept. Businesses

mantex writes

"The title of this book combines two coded terms — 'Web 2.0' and 'The Enterprise' — for which read 'social networking software' and 'Big Business.' And the purpose is to show how the techniques and concepts behind Web 2.0 applications (blogs, wikis, tagging, RSS, and social bookmarking) can be used to encourage collaboration efforts in what was previously thought of as secretive, competitive businesses."

Read on for the rest of Roy's review.

[From the article:

... He gives a very convincing example of the creation of a wiki running alongside the company Intranet in a German bank. The IT staff started using the wiki to generate documentation, and within six months use of the Intranet was down 50%, email was down 75%, and meeting times had been cut in half.

Wednesday, December 10, 2008

Read this one carefully

Fiserv online bill payment system hit by scam: Brookfield-based firm says CheckFree customer data is safe (follow-up)

Tuesday, December 09 2008 @ 04:15 PM EST Contributed by: PrivacyNews

Scammers hijacked the Web site of Fiserv Inc.'s online bill-payment unit for a few hours last week, but the Brookfield company said Monday its systems weren't compromised and none of the data it holds was breached.

Source -

[From the article:

The takeover occurred just after midnight last Tuesday, when some users of Fiserv-owned CheckFree, which is the nation's biggest provider of online bill payment services, were routed to a site in Ukraine. The Internet intruders were trying to install "malware," harmful software that in some cases enables the theft of personal information.

... The intrusion that allowed users to be directed to the fraudulent Web site actually took place through CheckFree's Internet domain registrar, Network Solutions, a Herndon, Va., company that helps manage Web addresses. No details were available on how the scammers gained control of CheckFree.

... "It could have happened to anyone, and it's pretty scary stuff," Litan said. "It just violates the integrity of the Internet infrastructure and the addressing system."

Something seems wrong...

Stolen laptop contained HP employee data

Tuesday, December 09 2008 @ 03:28 PM EST Contributed by: PrivacyNews

An employee laptop containing names and social security numbers of current and former Hewlett-Packard employees enrolled in benefits programs was stolen in the Houston area "several months ago."

The theft was immediately reported to the police, but the company's initial assessment of the situation indicated that no personal data was contained on the laptop. In a statement provided to, an HP Corporate Media Relations spokesperson stated that during a more recent assessment of back-up files, they discovered that the laptop did contain personal information [Why weren't the backups examined immediately? Bob] about some participants in their benefits programs. All those affected have since been notified of the breach.

On December 3, HP notified the Maryland Attorney General's Office that 626 Maryland residents had names and social security numbers on the stolen laptop. The company is offering those affected two years of free credit monitoring.

In its notification to those affected, HP indicated that the laptop required a user name and password. The company declined to answer a question as to whether the data or files were encrypted. When asked by how many employees had data on the laptop, they stated that they do not have exact numbers, [Hire a consultant who can count! Bob] but the the HP Security & Privacy groups have indicated that at least several thousand employee records were contained in the laptop.

HP is still trying to recover the laptop and reports that to date, there has been no report of misuse of any data.

Not sure how big, but 15 months to run them down?

Computer fraud indictments stretch from Russia to NH

Tuesday, December 09 2008 @ 11:02 AM EST Contributed by: PrivacyNews

A Hampton man is charged in New York in an international theft ring that hacked into computers and stole log-in information, gaining access to users' online bank and brokerage accounts.

Alexey Mineev's role in the 15-month international scam, which allegedly involved a New York man and a Russian, is outlined in indictments issued Nov. 25 in U.S. District Court in Manhattan.

Source - Union Leader Related - Trio indicted over Trojan brokerage scam

[From the article:

Mineev, along with Aleksey Volynskiy of Manhattan and Alexander Bobnev of Volgograd, Russia, are charged with conspiracy to defraud the United States and multiple counts of bank fraud/money laundering.

[The indictments (PDF and PDF).

Ubiquitous surveillance?

Dec 10, 7:54 AM EST

GPS, hidden cameras watching over Baby Jesus

By ERIC GORSKI AP Religion Writer

Perhaps this partly explains why a sitting judge believes cases are leaving the Federal system?

Why E-Discovery is Ruining Litigation in America and What Can Be Done About It

... Runaway e-discovery costs are making it too expensive and uncertain to try cases. Litigants, especially large companies, are driven to ADR or forced to settle at inflated prices just to avoid e-discovery.

... To put it bluntly, most of us trial lawyers are not fully competent to practice law in today’s digital age of terabytes of potential evidence.


Botnets As "eWMDs"

Posted by kdawson on Tuesday December 09, @07:21PM from the trying-to-wake-sleeping-policymakers dept. Security The Internet

John Kelly writes

"The current issue of Policy Review has a paper by an American computer scientist and the recent Permanent Undersecretary of Defense for Estonia. Drawing on the Estonian cyber attacks a year and a half ago, as well as other recent examples, they argue that botnets are the major problem. They propose that botnets should be designated as 'eWMDs' — electronic weapons of mass destruction. The paper also proposes a list of reforms that would help to limit the scale and impact of future botnet attacks, beginning with defining and outlawing spam, internationally."

Many of the proposed solutions are common-sensical and won't be news to this audience, but it is interesting to see the botnet threat painted in such stark terms for readers of the Hoover Institution's Policy Review. For a more comprehensive overview of cyber-security threats, listen to NPR's interview with security experts on the occasion of the release of a new report, "Securing Cyberspace for the 44th Presidency," which recommends creating a cyber-security czar reporting to the President.

Includes Privacy...

December 09, 2008

CDT Releases Transition Papers on Internet Policies

"The Center for Democracy and Technology (CDT) today released a series of papers [Transition Materials for President Obama] that outline Internet policy proposals for President-elect Obama's Transition Team in the areas of security and civil liberties; preserving free speech on the Internet; keeping the Internet an open platform; protection of consumer privacy; and promoting open government. The 2-3 page memos provide a concise overview of the issues and recommend practical, achievable actions the new administration can take to keep the Internet open, innovative and free. The Internet played an integral part in this election, making it the most participatory in history. CDT believes the Internet can play an equally critical role in other areas, including health care, economic development and education, given the right government policies."

You have no right to your opinion!

Maryland Court Weighs Internet Anonymity

Posted by timothy on Tuesday December 09, @12:58PM from the when-first-grade-never-ends dept. The Courts Privacy The Internet United States

Cornwallis writes

"In a First Amendment case with implications for everything from neighborhood e-mail lists to national newspapers, a Maryland businessman argued to the state's highest court yesterday that the host of an online forum should be forced to reveal the identities of people who posted allegedly defamatory comments. The businessman, Zebulon J. Brodie, contends that he was defamed by comments about his shop, a Dunkin' Donuts in Centreville, posted on The shop was described as one 'of the most dirty and unsanitary-looking food-service places I have seen.' Talk about a Negative Nellie! At least the article didn't say the shop was the 'most dirty and unsanitary-looking food-service places I have seen.'"


Teen sues after suspension for Facebook-hating teacher

Posted by Chris Matyszczyk December 9, 2008 11:59 PM PST

Katherine Evans, an 18-year-old from Pembroke Pines, Florida, thought her English teacher, Sarah Phelps, was "the worst teacher I've ever met."

As any fine young citizen of the 21st century does, she thought it aloud on Facebook.

The principal of Pembroke Pines Charter High School, Peter Bayer, didn't think much of her thoughts. He suspended her for "bullying and cyber bullying harassment towards a staff member.''

So, now that she is all grown up and in college, Katherine has decided to sue. With the help of the American Civil Liberties Union. The lawsuit claims that Katherine's First Amendment Rights were violated. You know, the ones about "the free and unfettered exchange of ideas and opinions in the public arena."

Imagine how Barbara Streisand feels, having an “effect” named after her! Here a “Don't Watch” Foundation had to change its name when it realized it was pointing everyone to the very images it was trying to suppress!

IWF Backs Down On Wiki Censorship

Posted by kdawson on Tuesday December 09, @04:10PM from the that-streisand-thing-again dept. Censorship

jonbryce writes

"The Internet Watch Foundation, guardians of the Great Firewall of Britain, have stopped censoring Wikipedia for hosting what they considered to be a child porn image. They had previously threatened to block Amazon for hosting the same image."

Here is the IWF's statement, which credits the Streisand Effect for opening their eyes: " light of the length of time the image has existed and its wide availability, the decision has been taken to remove this webpage from our list. Any further reported instances of this image which are hosted abroad, will not be added to the list. ... IWF's overriding objective is to minimize the availability of indecent images of children on the internet, however, on this occasion our efforts have had the opposite effect."


December 09, 2008

Search and find magazines on Google Book Search

Official Google Search Blog: "Today, we're announcing an initiative to help bring more magazine archives and current magazines online, partnering with publishers to begin digitizing millions of articles from titles as diverse as New York Magazine, Popular Mechanics, and Ebony... You can search for magazines through Google Book'll find magazine articles alongside books results. Magazine articles are tagged with the keyword "Magazine" on the search snippet."

Because the Spanish equivalent of Facebook is more interesting than the President of the US?

Google's 2008 Zeitgeist lists of most popular searches

Posted by Dan Farber December 10, 2008 3:57 AM PST

... These latest lists include these categories: U.S., top of mind, politics, trendsetters, showbiz, sports, and around the world.

In the category of fastest rising global searches (comparing 2007 with 2008 searches), Sarah Palin comes in at No. 1 and President elect Barack Obama at No. 6, trailing "beijing 2008," "facebook login," Tuenti" (the equivalent of Facebook in Spain), and "Heath Ledger."

Tuesday, December 09, 2008

Trojan eliminated, although it to a complete re-install of the operating system (Okay, I'm too lazy to go through the 647 steps needed to remove it manually) Gives me an excuse to rethink my data layouts as I reload everything from backups...

Self-exam. Not bad for someone not getting mandatory reports.

Data breaches in New York State: we don't know the half of it

Monday, December 08 2008 @ 02:03 PM EST Contributed by: Dissent

Those of us who report on data breaches or who try to analyze trends have often lamented that we only see the tip of the iceberg in terms of what gets reported or made readily publicly available. Newly obtained data from NYS suggest that we may be doing better than we thought, but there is still much room for improvement and greater transparency.

In September, Massachusetts published a report showing that for the first 10 months after mandated notifications to the state went into effect, they received 318 reports, with 625,365 residents affected by the breaches. The majority of breaches were reported by the financial sector.

For purposes of comparison, and for the first 9 months of 2008, New York State received 399 breach reports affecting almost 2 million residents (although some residents may have been involved in one or more incidents and this number may not represent unique individuals). Preliminary analyses of the logs provided by NYS in response to a Freedom of Information Law request indicate that the 399 incidents included approximately 160 stolen computers or stolen laptops, 50 hacks, and 31 reports where the log identified the incident as "insider wrongdoing" or "unauthorized access" by employees. In contrast to the report from Massachusetts, the financial sector accounted for approximately one third of the incidents reported in NYS. More detailed analyses will be provided after all of the raw data are obtained.

But how many of these breaches did we find out about via the media or state attorney general web sites that upload their breach reports? A comparison of the breach reports received by NYS for the 9-month period to, its sister site,, and the OSF DatalossDB revealed that despite its best efforts to scour news, blogs, and attorney general sites, and had found out about and reported (only) 45% of the incidents involving stolen computers, 40% of the hacking incidents, and 42% of the insider reports. Although that is considerably better in some respects that what I had thought we would find, it indicates that there is still much that we are not finding out about. The OSF database, which until recently did not include reports from attorney general's sites and tended to focus on media reports of larger incidents, appears to (only) include approximately 15% of the stolen computer incidents, 25% of the hacking incidents, and less than 15% of the insider incidents.

It is important to note that I harbor no illusion that and are actually finding out about 40 - 45% of all breaches reported in all states. Nor do I ever forget that many breaches do not get reported at all because either states may exempt certain reports or entities may not know that they are obligated to report, or they just may not report for other reasons.

If data breach analyses are to inform policy and laws, then we continue to need more data. Some of us are engaging in a volunteer effort to obtain more reports under Freedom of Information laws which will be shared via OSF's database. Chris Walsh and Dave Shettler (Vice-President/CTO of OSF) have given us a great start, but we need more contributors. If you would like to volunteer to help with the project, you can email any of us. Individuals or businesses who would like to support the project financially can donate to OSF, a 501c(3) organization.


Data “Dysprotection:” breaches reported last week

Monday, December 08 2008 @ 06:46 AM EST Contributed by: PrivacyNews

A recap of incidents or privacy breaches reported last week for those who enjoy shaking their head and muttering to themselves with their morning coffee.

Source - Chronicles of Dissent

Told ya!

Report: Major Cyber Security Overhaul Needed

Michael Barkoviak - December 9, 2008 7:00 AM

A new report issued by the Center for Strategic and International Studies urges President-elect Barack Obama to create a new White House department aimed at protecting U.S. cyber interests from hackers and other foreign agents.

[The Report:

Ca: ID theft feared with new B.C. driver's licences

Tuesday, December 09 2008 @ 06:15 AM EST Contributed by: PrivacyNews

Security experts say they have managed to "steal" personal data from passports embedded with radio-frequency ID cards, the same technology embedded in some B.C. driver's licences for the purpose of speeding up border crossings.

And Canada's privacy commissioner Jennifer Stoddart says she fears the cards may leave people vulnerable to similar breaches of privacy, which could allow your personal data to fall into the wrong hands.

Source - Vancouver Sun

[From the article:

"These cards are going to have to be read at a distance in order to facilitate the speed at which people go across the border.

"We are told they are encrypted and that they are unassailably encrypted.

... Grunwald, the co-founder of NeoCatena Networks, says his company tested the security on European Union passports with RFID technology and found the information in the cards could easily be stolen. "We were able to read other people's passports on a bus to a plane," Grunwald said.

In that case, a couple of people with a suitcase with a reader inside simply got close enough to other travellers to pick up the information from their passports.

... The RFID readers scan the information at a short range, but Grunwald said longer-range scanning is only limited by the size of an antenna

... "When Japan came out with its RFID passport technology, they said, 'This is the safest thing on earth, there is no way it can be cracked,' and it took about two weeks before it was successfully cloned.

It's like Creationism, some wars you have to re-fight constantly.

Canadian Groups Call For Massive Net Regulation

Posted by ScuttleMonkey on Monday December 08, @04:25PM from the driving-websites-offshore dept. The Internet Politics

An anonymous reader writes

"Michael Geist is reporting that Canadian cultural groups including ACTRA and SOCAN have called on Canada's telecom regulator to implement a massive new Internet regulation framework. This includes a new three-percent tax on ISPs to pay for new media creation, Canadian content requirements for commercial websites, and licensing requirements for new media broadcasters, including for user-generated content."

Ubiquitous surveillance: So if (like the company that sold malt during prohibition) I tell you “Don't follow this recipe or you will make the illegal substance called Beer” that's okay?

Court Allows Spyware Program to Go Back on Sale

Monday, December 08 2008 @ 08:25 AM EST Contributed by: PrivacyNews

A Florida company that sells a spyware program must change advertising pitches that emphasize the product's clandestine nature, but the company can continue to sell the application, a U.S. federal court has ruled.

CyberSpy Software had been unable to sell its RemoteSpy application since Nov. 6, when a court granted a request for an injunction after a complaint by the U.S. Federal Trade Commission (FTC).

Source - PCWorld

[From the article:

The FTC alleges CyberSpy marketed RemoteSpy by giving detailed instructions on how to install the program on computers and surreptitiously collect data.

... The new injunction bars CyberSpy from suggesting the program can be secretly installed or that keyloggers can be passed on as innocuous programs.

To see the world as others see it... Something for organizations to emulate.

December 08, 2008

DHS Risk Lexicon

Risk Steering Committee, DHS Risk Lexicon, September 2008: "The Department of Homeland Security (DHS) is in the process of building an Integrated Risk Management Framework to improve its capability to make risk-informed strategic decisions using systematic and structured assessments of homeland security risk. The Integrated Risk Management Framework includes processes and tools that allow DHS to gather, integrate, analyze, and communicate information about risk such that it can be used to strategically prioritize efforts and resources throughout the DHS enterprise. The DHS Risk Lexicon supports the Integrated Risk Management Framework by defining a single language for DHS risk management. Clear and unambiguous communication amongst risk practitioners, decision makers, and homeland security stakeholders is a key aspect the Departments integrated risk management capability. The DHS Risk Lexicon represents a significant step forward by making available an official set of definitions for risk-related terms for the Department."

Go, go Google gadgets!

Google's secret operating system

Posted by Matt Asay December 8, 2008 5:37 PM PST

Reports have spread about a possible new operating system in use at Google, one its employees have been using to browse the Web.

There are all sorts of theories about what Google is up to (from a port of Android to the desktop to a new software-as-a-service infrastructure), but I like OStatic's synopsis and theory most:

Android ported to the PC--or even the 2006-era dream of a "Goobuntu" desktop--are, of course, possible, but if not overly costly for Google to undertake, would at least be major time investments. Those sorts of investments might pay off over time, but a software-as-a-service product (one "to use as an infrastructure for network applications that could be deployed virtually anywhere") gives Google an advantage in the operating-system market, should have a faster return on investment, and complements the free services Google already offers.