Tuesday, January 27, 2009

Update

http://www.databreaches.net/?p=1001

Pointer: More CUs report Heartland breach impact

Posted January 26th, 2009 by admin

The Credit Union National Association is also posting their own roundup of how some credit unions are being affected by the Heartland Payment Systems breach.

[From the roundup article:

AVCU said it learned of the developing breach from its processor on Jan. 9, more than a week before Heartland issued its press release on Inauguration Day.



Update

http://www.databreaches.net/?p=998

UK: Hackers steal details of 4.5 million in attack on Monster jobs site

Posted January 26th, 2009 by admin

Alexi Mostrous reports:

The personal details of millions of job seekers have been stolen in the largest data protection theft in Britain, The Times has learned.

Hackers gained access to confidential information provided by 4.5 million people to Monster.co.uk, the online recruitment site.

Names, passwords, telephone numbers, email addresses, birth dates, sex and ethnicity data as well as other “demographic information”, were all stolen, the company admitted today.

Read more on Times Online

Comment: it makes you wonder what the worldwide total is on this breach.



It may be what they intended, but is it what they promised?

http://www.pogowasright.org/article.php?story=20090126080128522

400,000 council staff to have access to massive database on every child in England

Monday, January 26 2009 @ 08:01 AM EST Contributed by: PrivacyNews

from the disaster-waiting-to-happen dept.

Almost 400,000 people will have access to a controversial new database containing the details of every child in England, a minister said today.

The ContactPoint computer contains the name, address, date of birth, GP and school of all under-18s.

Parents will not have the option of requesting that their child is removed from the list, Children's Minister Baroness Delyth Morgan said today.

Source - Daily Mail

[From the article:

Ministers said parents had no right to withdraw their children from the online directory, which will be accessed by nearly 400,000 people and began operating today. [Vote for me! Bob]

… The directory will be protected from hackers through sophisticated passwords, PINs and user identities, she said. [Care to wager? Bob]

… The launch comes amid controversy over a second 'Big Brother' plan in a Government Bill, due to be debated today, which will allow all public bodies to share in bulk with each other the private details of every person in Britain.


No doubt this is completely unrelated... (Another huge FBI computer system upgrade? They don't have the best success record.)

http://www.pogowasright.org/article.php?story=20090126102129735

BEYOND FINGERPRINTS: Our New Identification Sytem

Monday, January 26 2009 @ 10:21 AM EST Contributed by:PrivacyNews
Palm prints are taken from the scene of a diffused roadside bomb in Iraq. Later, an individual entering a New York airport is arrested on an unrelated charge. A full set of prints are taken during the booking process and submitted to our Next Generation Identification (NGI) system. A positive ID connects the man to the roadside bomb.

A ski mask-wearing bank robber leaves with his loot, and witnesses tell police they noticed a red skull tattoo on his hand. A search of NGI’s Interstate Photo System for a red skull tattoo provides a potential candidate list that could ultimately lead to the identification of the bank robber.

Both cases are hypothetical, but in the not-too-distant future these scenarios could really happen…thanks to the ongoing development of the Next Generation Identification system—a logical evolution of our current Integrated Automated Fingerprint Identification System (IAFIS).

That evolution will include not only enhanced fingerprint capabilities but also other forms of biometric identification like palm prints, iris scans, facial imaging, scars, marks, and tattoos—in one searchable system.

Source - FBI

[From the FBI site:

NGI is not strictly an FBI system. It’s a joint effort and is being developed in full collaboration with its primary users—our local, state, and federal partners…



No doubt someone will suggest that all laundry and dry cleaning business must be owned and operated by “gen-u-wine 'merkins”

http://www.databreaches.net/?p=983

UK: Financial Workers Regularly Forget USB Sticks at Dry Cleaners

Posted January 26th, 2009 by admin

From the this-is-not-what-we-meant-by-cleaning-your-drive dept:

As data loss reaches an all time high, a new survey shows financial workers in the UK are regularly forgetting USB sticks at the dry cleaners.

According to a survey by Texas-based data security firm Credant Technologies, 9,000 USB sticks were forgotten in people’s pockets in the UK last year as they took their clothes to the local dry cleaners.

Financial workers in the City of London are particularly forgetful: one dry cleaner in the heart of the financial district said he is getting an average of 1 USB stick every two weeks, while another said he had found at least 80 in the last year.

Read more in Wall Street Technology



No “special processes” if the data is used as intended?

http://www.bespacific.com/mt/archives/020413.html

January 26, 2009

Report: Rethinking the Role of Consent in Protecting Health Information Privacy

News release: "CDT today released a major policy paper intended to move the health privacy debate from its outdated focus on patient consent to a comprehensive framework that will provide more effective privacy protection. CDT is advocating for the inclusion of privacy protections in the President's economic stimulus bill, which contains at least $20 billion for a national health information technology network. CDT's paper argues that personal health information should easily flow for treatment, payment, and certain core administrative tasks without requiring patient consent, but that stricter limits need to be placed on marketing and other secondary uses."



Sometimes you gotta try various policies to see which ones raise the fewest complaints. OR “We didn't mean to say what we said the first time we said we didn't mean to say what we said.”

http://news.cnet.com/8301-13739_3-10150534-46.html?part=rss&subj=news&tag=2547-1_3-0-5

White House yanks 'YouTube' from privacy policy

Posted by Chris Soghoian January 26, 2009 6:17 PM PST

Someone at the White House appears to be listening to those of us in the privacy community. For the third time in just six days, the Obama administration has modified the White House Web site privacy policy in response to criticism from the blogosphere.



No hackers here! Just flushing out all those missing Bush e-mails.

http://news.cnet.com/8301-13578_3-10150715-38.html?part=rss&subj=news&tag=2547-1_3-0-5

White House e-mail down for a day

Posted by Stephanie Condon January 27, 2009 6:46 AM PST

… Most White House aides, the first lady's office, and other executive offices were without e-mail for more than eight hours, CBS News reported, after the outage blocked all incoming and outgoing messages beginning around 10 a.m.



Do you suppose they missed this in the background check, or hired him because of it? “We only hire the biggest crooks to protect you!”

http://it.slashdot.org/article.pl?sid=09%2F01%2F26%2F1523245&from=rss

Confessed Botnet Master Is a Security Professional

Posted by CmdrTaco on Monday January 26, @11:42AM from the he-should-know-better dept. Security

An anonymous reader writes

"John Schiefer, the Los Angeles security consultant who in last 2007 admitted wielding a 250,000-node botnet to steal bank passwords, sometimes from work, says he's spent the past 15 months working as a professional in the security scene while awaiting sentencing. Prosecutors are pushing for a five-year sentence, noting the exceptional threat he represented to society."



It's not enough! Let's go back to those gunpowder flashes to alert you! ...and let's make electric cars whinny when they start and leave a trail of 'road apples' so we know where they've been! ...and we could put police manikins at intersections with red-light cameras!

http://news.slashdot.org/article.pl?sid=09%2F01%2F26%2F1846209&from=rss

New Law Will Require Camera Phones To "Click"

Posted by ScuttleMonkey on Monday January 26, @03:08PM from the pointless-wastes-of-time dept. Privacy Politics Technology

An anonymous reader writes

"A new bill is being introduced called the Camera Phone Predator Alert Act, which would require any mobile phone containing a digital camera to sound a tone whenever a photograph is taken with the phone's camera. It would also prohibit such a phone from being equipped with a means of disabling or silencing the tone." [A 20 minute hack? Bob]



Tools for Macs

http://www.killerstartups.com/Video-Music-Photo/layersapp-com-screen-forensics-for-mac-users

LayersApp.com - Screen Forensics For Mac Usershttp://www google co uk/reader/view/?tab=my

http://www.layersapp.com

This is one for all the many Mac users who are keen Killer Startups followers. Layers is a new app that enables anybody to capture his displays as a Photoshop layered image. That is, through such an application it is possible to capture different windows separately and naming each layer on its own, as well as repositioning the images as the user sees fit.

Captures can be saved as layered PSD images or composite PNG files, and a tool that goes by the name of “Inspector” is used to customize each capture. Of course, the system is fully adaptable as regards customization and attribution of hotkeys and the like.

As far as system requirements are concerned, Layers is available to those who run Mac OS X 10.5 – IE, the vast majority of Mac users out there. You can purchase the full version at the site for an amount that is set down online, or procure a free evaluation copy. I advice you to check the site out and keep this neat app in mind should image processing tasks be the order of the day.

No comments: