Saturday, January 31, 2009

Tools for stealing data wholesale

http://www.databreaches.net/?p=1128

P2P networks rife with sensitive health care data, researcher warns

Posted January 30th, 2009 by admin

Jaikumar Vijayan reports on the issue of p2p exposures compromising the security and privacy of health data:

Eric Johnson didn’t have to break into a computer to gain access to a 1,718-page document containing Social Security numbers, dates of birth, insurance information, treatment codes and other health care data belonging to about 9,000 patients at a medical testing laboratory.

Nor did he need to ransack a health care facility to lay his hands on more than 350MB of sensitive patient data for a group of anesthesiologists or to get a spreadsheet with 82 fields of information on more than 20,000 patients belonging to a health system.

In all instances, Johnson was able to find and freely download the sensitive data from a peer-to-peer file-sharing network using some basic search terms.

Johnson, a professor of operations management at the Dartmouth College Tuck School of Business, did the searches last year as part of a study looking at the inadvertent hemorrhaging of sensitive health care data on Internet file-sharing networks.

The results of that study, which are scheduled to be published in the next few days, show that data leaks over P2P networks involving the health care sector pose a significant threat to patients, providers and payers, Johnson said.

Read more on Computerworld

[From the article:

Normally, popular P2P clients -- such as Kazaa, LimeWire, BearShare, Morpheus and FastTrack -- let users download files and share items from a particular folder. But if proper care isn't taken to control the access that these clients have on a system, it is easy to expose far more data than intended. [Note the Windows article below that suggests (confirms?) organizations increasingly rely on employee owned computers. Bob]



Tools for stealing data retail

http://www.databreaches.net/?p=1094

OR: State loses 45 Social Security numbers in scam

Posted January 30th, 2009 by admin

Alexander Rich reports:

An online scammer made off with 45 Social Security numbers after sending a virus to a computer at the Department of Human Services office in Coos Bay last week.

The virus arrived in the form of a bogus e-mail with a link on it Jan. 23. When an employee clicked on the link, it downloaded an application that recorded keystrokes and sent them to an external address.

[...]

Gene Evans, a DHS spokesman, said the information was taken from Coos County residents applying for assistance through the Self-sufficiency Program. All of those affected were notified of their lost information Monday and provided information about how to limit their risk of identity theft.

Read more in The World

[From the article:

Department officials discovered the virus later in the day and shut down the computer immediately. E-mails were sent to other computers but no one else opened the application. [See? With proper monitoring it can be done! Bob]

… Evans said the department is constantly updating its virus scans, firewalls and staff training to identify scam e-mails that could contain viruses. [Imagine how well security works in organizations that don't aggressively update and train? Bob]



Using your spending data to control their risk. Sounds like a reasonable business tool to me.

http://www.pogowasright.org/article.php?story=20090131073009582

American Express Kept a (Very) Watchful Eye on Charges

Saturday, January 31 2009 @ 07:30 AM EST Contributed by: PrivacyNews

You probably know that credit card companies have been scrutinizing every charge on your account in recent years, searching for purchases that thieves may have made. Turns out, though, that some of the companies have been suspicious of your own spending, too.

[...]

In some instances, if it didn’t like what it was seeing, the company has cut customer credit lines. It laid out this logic in letters that infuriated many of the cardholders who received them. “Other customers who have used their card at establishments where you recently shopped,” one of those letters said, “have a poor repayment history with American Express.”

Source - NY Times



What say we gather a few consumers and form the Industry Privacy Legislative Forum and make our own recommendations?

http://www.pcworld.com/businesscenter/article/158679/industry_giants_to_weigh_in_on_us_privacy_laws.html

Industry Giants to Weigh in on US Privacy Laws

Robert McMillan, IDG News Service Friday, January 30, 2009 5:30 PM PST

A group of U.S. companies, led by technology giants Microsoft, Hewlett-Packard and eBay, is set to outline recommendations for new federal data-privacy legislation that could make life easier for consumers and lead to a standard federal breach-notification law.

The recommendations, which were developed by a group of industry players called the Consumer Privacy Legislative Forum, are set to be released at an upcoming privacy conference six weeks from now, according to Peter Cullen, Microsoft's chief privacy officer.



Do the sharks smell blood in the water or are we looking and the takedown of a schoolyard bully?

http://tech.slashdot.org/article.pl?sid=09%2F01%2F30%2F1437233&from=rss

If Windows 7 Fails, Citrix (Not Linux) Wins

Posted by kdawson on Friday January 30, @11:08AM from the expedient dept. Windows

Julie188 writes

"Microsoft blogger Mitchell Ashley, who has been using Windows 7 full-time, predicts that Windows 7 will fail to lure XP users away from their beloved, aging operating system — after all, Windows 7 is little more than what Vista should have been, when it shipped two years ago. But eventually old PCs must be replaced and then we'll see corporations, desperate to get out of the expense of managing Windows machines, get wise. Instead of buying new Windows 7 PCs, they could deliver virtualized XP desktops to a worker's own PC and/or mobile device. [Told ya! Companies may offer incentives but employees will choose and buy their computer. Bob] Ashley believes that Citrix's Project Independence has the right idea."



Software as a device...

http://games.slashdot.org/article.pl?sid=09%2F01%2F30%2F2032236&from=rss

Judge Rules WoW Bot Violates DMCA

Posted by ScuttleMonkey on Friday January 30, @04:50PM from the bot-having-trouble-climbing-the-slippery-slope dept.

An anonymous reader writes to tell us that Blizzard has added another victory in their campaign against World of Warcraft bots. A federal judge has ruled that not only did the Glider bot break the EULA, it can be classified as a circumvention device under the DMCA.

"As we've noted before, Blizzard's legal arguments, which Judge David G. Campbell largely accepted, could have far-reaching and troubling implications for the software industry. Donnelly is not the most sympathetic defendant, and some users may cheer the demise of a software vendor that helps users break the rules of Blizzard's wildly popular role playing game. But the sweeping language of Judge Campbell's decision, combined with his equally troubling decision last summer, creates a lot of new uncertainty for software vendors seeking to enter software markets dominated by entrenched incumbents and achieve interoperability with legacy platforms."

[From the article:

The judge... ...also found that MDY's founder, Michael Donnelly, was personally liable for the actions of his firm.

… World of Warcraft includes software called a "warden" that scans a user's computer looking for bots such as Glider. [What happens if it mis-identifies my pacemaker and shuts it off? Bob]

… Ars talked to two legal experts at Public Knowledge, a public interest organization that filed an amicus brief in the MDY case last year. Staff attorney Sherwin Siy compared Wednesday's decisions to past decisions that tried to use the DMCA to limit competition in the garage door opener and printer industries. He noted that the purpose of warden seemed less to control access to a copyrighted work than to a network service—quite a different thing. Siy's colleague Jef Pearlman agreed, warning that if the courts weren't careful, we could end up in a situation where "because anything can contain copyrighted works, any access to anything becomes a DMCA violation."

Siy and Pearlman also expressed skepticism at the notion that these "dynamic, non-literal elements" constitute a distinct copyrighted work.



Data Visualization is a hot topic since it helps explain patterns to the statistically-illiterate.

http://www.bespacific.com/mt/archives/020447.html

January 30, 2009

Flowing Data: 5 Best Data Visualization Projects of the Year

5 Best Data Visualization Projects of the Year: "Data visualization continues to grow online and in the real world. It exists as masterful art pieces and amazingly useful analysis tools. In both cases though it brings data -- which is oftentimes cryptic -- to the masses and shows that data is more than a bucket of numbers. Data is interesting. As we collect more and more data about ourselves and our surroundings, the data and the visualization will only get more interesting. On that note, I give you FlowingData's picks for the top 5 data visualization projects of 2008. Visualizations were judged based on the use of data, aesthetics, overall effect on the visualization arena, and how well they told a story."


Related? This could become an interesting and useful site, or an electronic supermarket tabloid.

http://www.bespacific.com/mt/archives/020446.html

January 30, 2009

Media Tracking of the 44th President Leverages Web 2.0 Spin

Politico 44, dubbed "a living diary of the Obama Presidency," provides readers with an aggregated melange of government documents, issue oriented media coverage in print and video, and well, gossip.



For my Business Continuity class. The solution is to backup your data rather than rely on someone to do it for you.

http://blog.wired.com/business/2009/01/magnolia-suffer.html

Ma.gnolia Suffers Major Data Loss, Site Taken Offline

By Michael Calore January 30, 2009 3:56:11 PM

There was a meltdown at bookmark sharing website Ma.gnolia Friday morning. The service lost both its primary store of user data, as well as its backup. The site has been taken offline while the team tries to reconstruct its databases, though some users may never see their stored bookmarks again.

The failure appears to be catastrophic. The company can't say to what extent it will be able to restore any of its users' data. It also says the data failure was so extensive, repairing the loss will take "days, not hours."

In light of today's outage, many are questioning the reliability of web apps and web-based storage in general. Twitter in particular is full of users venting their suspicions.



Potential research tool?

http://news.cnet.com/8301-17939_109-10153478-2.html?part=rss&subj=news&tag=2547-1_3-0-5

SimilarWeb shows you sites like the one you're on

Posted by Josh Lowensohn January 30, 2009 12:28 PM PST

I stumbled upon a useful site earlier today that's worth sharing. Called SimilarWeb, this small Firefox (and soon Internet Explorer) add-on sits on the side of your browser and pulls up sites that are similar to the one you're currently on.

It works remarkably well--at least with major sites. For example, visiting YouTube brings up a long list of other video hosts. The same went for social news sites like Digg, Reddit, and Delicious. You can scroll through these and open them up in new tabs, or pick from one of the tags SimilarWeb believes to be related to that page. This will pull up an entirely new list of places it thinks you should visit.

What makes the service shine is that users can re-arrange the lists and submit new sites that are not yet in SimilarWeb's index. There are thumbs up and down buttons which can raise or lower a site's standing on the list. Down-voting any site will actually remove it from the list. As a result, if users continue to vote the list gets more accurate.

No comments: