Tuesday, February 24, 2009

Once you have a tool that works, why wouldn't you try every payment system you could identify?

http://www.databreaches.net/?p=1728

Just weeks after Heartland breach, another payment processor said to be hit

February 23, 2009 by admin

Jai Vijayan of Computerworld has gotten more info on the as-yet-unnamed processor breach. In addition to getting confirmation from Visa and MasterCard that the breach occurred and that the window was February 2008 to January 2009, Jai also found a more recent advisory from the Alabama Credit Union:

ACU initially posted the alert on Feb. 17, saying then that it had been contacted by Visa about the breach and told that about 250 credit cards issued by the credit union had been compromised. An update posted two days later said Visa had informed ACU that a “lengthy list” of ATM and debit card numbers also had been exposed.

The alert said that fraudulent transactions had been carried out with some of the stolen ATM and debit card numbers, primarily involving $100 purchases of prepaid phone cards, gift cards and money orders from Wal-Mart stores. As a result, ACU said it was limiting purchases on all of the cards on Visa’s list to $99 per day while working to issue new cards to customers. Customers will still be able to conduct PIN-based ATM transactions at the usual dollar limits with their existing cards until the replacement ones arrive, the credit union said, adding that all of the cards on the list will be blocked no later than March 3. [Immediate locks would impact legitimate customers. Bob]

Read more on Computerworld.

[From the article:

But as was the case at Heartland, malicious software was placed on the unidentified payment processor's systems, the credit union said.

… Visa began releasing lists of affected card numbers on Feb. 9, and MasterCard followed suit two days later, according to the credit union.



Counting on the broader definition of “harm?” A new legal strategy for victims?

http://www.databreaches.net/?p=1733

Starbucks sued after laptop data breach

February 23, 2009 by admin

Robert McMillan of IDG News Service reports:

A Chicago-area Starbucks employee has brought a class-action lawsuit against the coffee retailer, claiming damages from an October 2008 data breach.

Laura Krottner was one of 97,000 employees notified late last year after a Starbucks laptop containing employee names, addresses and Social Security numbers was stolen on Oct. 29. Krottner’s suit accuses the company of fraud and negligence.

The lawsuit was filed Thursday in federal court in Seattle. Starbucks has offered employees one-year’s free credit monitoring and protection, but Krottner is asking the court to extend that to five years. She is also seeking unspecified damages and asking that Starbucks be ordered to submit to periodic security audits of its computer systems.

Read more on IT World



The future of the book? Includes a suggestion for bypassing the DRM.

http://www.bespacific.com/mt/archives/020652.html

February 23, 2009

Google Book Search Settlement - New Commercial and Access Models Await Readers

Timothy B. Lee: "Speaking at Princeton on Thursday, Richard Sarnoff, chairman of the Association of American Publishers, discussed the landmark settlement in the Google Book Search case. Sarnoff speculated that the agreement could effectively give Google and Amazon a "duopoly" in the online book market."



Clearly we need a secure (private) way to exchange data. (Don't we HPS & TJX?) Even if some will use it to download the latest U2 album or a copy of Slumdog Millionaire.

http://yro.slashdot.org/article.pl?sid=09/02/23/2245231&from=rss

Combining BitTorrent With Darknets For P2P Privacy

Posted by kdawson on Monday February 23, @06:05PM from the your-move dept. Privacy Security

CSEMike writes

"Currently popular peer-to-peer networks suffer from a lack of privacy. For applications like BitTorrent or Gnutella, sharing a file means exposing your behavior to anyone interested in monitoring it. OneSwarm is a new file sharing application developed by researchers at the University of Washington that improves privacy in peer-to-peer networks. Instead of communicating directly, sharing in OneSwarm is friend-to-friend; senders and receivers exchange data using multiple intermediaries in an overlay mesh. OneSwarm is built on (and backwards compatible with) BitTorrent, but includes numerous extensions to improve privacy while providing good performance: point-to-point encryption using SSL, source-address rewriting, and multi-path and multi-source downloading. Clients and source are available for Linux, Mac OS X, and Windows."



This is an interesting twist. Perhaps I should slap together some credentials identifying me as the senior editor of Centennial-Man. Then I could as rude questions almost anywhere...

http://tech.slashdot.org/article.pl?sid=09/02/23/1625252&from=rss

Chinese Blogger Chosen As Head of Investigation

Posted by ScuttleMonkey on Monday February 23, @12:47PM from the wash-the-people's-truck dept. The Internet Government

Lew Perin writes

"China hasn't developed much of a reputation for government transparency. And in Yunnan province, the case of a guy who died in police custody was starting to look like a cover up. But then the provincial government startled everyone by choosing a prominent local blogger to head the official investigation into the death. 'The unorthodox move to make popular bloggers heads of an investigation committee is a tacit admission by the Yunnan government of the power of the internet — especially blogs — in shaping Chinese public opinion. It also belies the widespread suspicion of the official version of Li's death.'"



Geek stuff. Become your own cloud?

http://it.slashdot.org/article.pl?sid=09/02/23/1851235&from=rss

Citrix XenServer Virtualization Platform Now Free

Posted by ScuttleMonkey on Monday February 23, @03:01PM from the gateway-drugs-and-other-business-models dept. Software IT

Pedro writes

"Citrix announced today that they are giving away their Xen OSS based virtualization platform XenServer with all the goodies included for free. The big highlights are XenMotion, which lets you move VMs from box to box without downtime, and multi server management. The same stuff in VMware land is $5k. They plan to sell new products for XenServer and also the same stuff on Microsoft's virtualization technology called Hyper-V. It will be interesting to see what VMware does. The announcement comes the day before VMware's big user event VMworld."



This is clearly opportunistic marketing, but it looks like there may be some real value hidden here.

http://it.slashdot.org/article.pl?sid=09/02/23/220227&from=rss

Microsoft Unveils "Elevate America"

Posted by ScuttleMonkey on Monday February 23, @05:15PM from the we-really-need-some-good-pr-what-can-we-do dept. Microsoft IT

nandemoari writes

"In response to the current economic crisis, Microsoft Corp. has come out with a stimulus plan of their own. Their goal is to help a large group of individuals use their computers to land employment in ways other than to generate a compelling resume. The new online initiative, Elevate America, is set to equip close to 2 million people (over the next three years) with the skills needed to succeed in the field of technology."



When I think of it, several of my friends are looking for sponsors (donors) Why didn't I think of this approach? (Attention White Hat Hacker Club!)

http://www.killerstartups.com/Web20/groupable-com-find-a-sponsor-for-your-group

Groupable.com - Find A Sponsor For Your Group

http://www.groupable.com/

No matter what cause you champion, or the group you are part of – this site will let you connect with sponsors on both a local and global scale. The aim of Groupable is to let you further your passion and spread the word in order to keep the flame alive. Book lovers, wine aficionados, otakus and stamp collectors are all accounted for. In actuality, anybody who is a fervent follower and defender of any concept or idea is going to put this site to immediate use.

In order to reach out to the world, all you have to do is create a free account. When doing so, you will be able to pick the group’s name at the same time that you select a category from the many ones on offer.

Once an account has been created, your group will be visible to hundreds of sponsors that will provide you with the resources for furthering your message by sponsoring your cause.

All in all, the site acts as an effective marketplace where corporate sponsors and groups of different denomination come together and connect. If you have a group or are part of one, and think that a little pushing is necessary in order to go forwards, you might just find a helping hand in here.



So, this is good news? “The gooder you txt the smrtr u b?”

http://news.cnet.com/8301-17852_3-10170480-71.html?part=rss&subj=news&tag=2547-1_3-0-5

Your little texting runt may not be illiterate

by Chris Matyszczyk February 23, 2009 7:37 PM PST

… Researchers at Coventry University in the United Kingdom decided to test whether those who are stunted texters really are literate-lite.

The academics' paper, published in the British Journal of Developmental Psychology, has a title that has one desperate to see the 12-year-old's texted version: "Exploring the Relationship Between Children's Knowledge of Text Message Abbreviations and School Literacy Outcomes."



Now they'll have to kill him! Something for the conspiracy fans.

http://blog.wired.com/27bstroke6/2009/02/dtv-converters.html

Hidden Cameras in DTV Converters? YouTube Hoax Fans Conspiracy Fears

By Kevin Poulsen February 23, 2009 3:42:24 PM

[Don't tell anyone:

In an interview with Threat Level, Chronister admits the whole thing was a hoax, concocted in about five minutes with a hot glue gun and parts from an old cell phone. The reaction surprised even him.

[Here's the video: http://www.youtube.com/watch?v=TQ4iIM8Eljc&feature=related

No comments: