Wednesday, February 04, 2009

Sounds to me like they agreed to follow the law and pay for the Connecticut AG's cell phone. i.e. This is not a huge settlement, but after all the fuss Connecticut has to make it look big.

http://www.databreaches.net/?p=1238

State Reaches Settlement With BNY Mellon

Posted February 3rd, 2009 by admin

[...]

BNY Mellon was directed to immediately notify each affected bank customer by mail and provide 24 months of credit protection for the financial accounts that might be affected by the data breach.

In addition, BNY Mellon was presented and complied with numerous subpoenas from the Department of Consumer Protection concerning its actions before and after the data loss occurred.

Officials said BNY Mellon will also reimburse customers for any funds stolen from their accounts as a direct result of the data breach.

Finally, the bank will pay $150,000 to the State of Connecticut General Fund.

Read more on WFSB



Interesting! Perhaps a new field for Psychiatrists? Identity Theft anxiety?

http://www.pogowasright.org/article.php?story=20090203084755759

Watch out! Privacy litigation damages becoming more viable

Tuesday, February 03 2009 @ 08:47 AM EST Contributed by: PrivacyNews

Until now, lawsuits seeking to recover significant damages based on the loss of, or unauthorized access to, sensitive personal information have not been especially successful for plaintiffs. Most companies suffering data breaches have escaped by offering affected consumers inexpensive credit monitoring services.

But two recent cases show plaintiffs a way to expose many previously safe companies to substantial claims for damages.

Source - WTN News

[From the article:

Two recent cases may make such circumstances much more dangerous. In Pinero v. Jackson Hewitt Tax Service, Inc., No. 08-3535 (E.D. La. Jan. 7, 2009), a U.S. federal court refused to dismiss a claim for damages by a consumer whose tax returns were found by a third party in an unsecured dumpster outside a tax preparer's office.

… But the Court left standing Pinero's allegations that using false promises of data protection to lure customers to enter into a consumer services contract was an unfair trade practice under the Louisiana “Little Federal Trade Commission” law. The court also recognized that a claim based on a common law “fraudulent inducement” theory could stand, if properly pled.

The second case, In Department of Veterans Affairs Data Theft Litigation, No. 06-0506, (D. D.C. Jan. 27, 2009), involves the settlement of multiple consolidated class action lawsuits against the U.S. Department of Veterans Affairs.

The suit settled in late January with an agreement that the Veterans Administration would create a $20 million fund to pay the expenses of anyone directly affected by the breach, including credit-monitoring expenses and mental health costs for those who found themselves in extreme emotional distress as a result of the breach.



There's gold in them there tills... (I blogged on this back on Dec 24th so I'm glad the FBI “discovered” it.)

http://www.myfoxny.com/dpp/news/090202_FBI_Investigates_9_Million_ATM_Scam

FBI Investigates $9 Million ATM Scam

Last Edited: Tuesday, 03 Feb 2009, 12:08 PM EST Created On: Monday, 02 Feb 2009, 9:15 PM EST

Reported by John Deutzman

According to the FBI , ATMs from 49 cities were hit -- including Atlanta, Chicago, New York, Montreal, Moscow and Hong Kong.

… The computer system for a company called RBS WorldPay was hacked. One service of the company is the ability for employers to pay employees with the money going directly to a card, called payroll cards, a lot like a debit card that can be used in any ATM. The hacker was able to infiltrate the supposedly secure system and steal the information necessary to duplicate or clone people's ATM cards.

… "Over 130 different ATM machines in 49 cities worldwide were accessed in a 30-minute period on November 8," Agents Rice said. "So you can get an idea of the number of people involved in this and the scope of the operation."

Here is the amazing part: With these cashers ready to do their dirty work around the world, the hacker somehow had the ability to lift those limits we all have on our ATM cards. For example, I'm only allowed to take out $500 a day, but the cashers were able to cash once, twice, three times over and over again. When it was all over, they only used 100 cards but they ripped off $9 million.

The RBS Web site says that card holders will not be responsible for any unauthorized transactions. But there is fear that the hackers might have had access to sensitive information used in identity theft for a potential 1.5 million customers -- including their including Social Security numbers.

RBS WorldPay told Fox 5 the company has hired a security firm to try to figure out what happened and to prevent it from happening again.



Yet another demonstration that passwords alone do not provide adequate security.

http://www.databreaches.net/?p=1250

Hackers break into AT&T e-mail accounts

Posted February 4th, 2009 by admin

Hackers broke into AT&T Inc.’s Worldnet e-mail accounts that “use easy-to-guess user passwords,” a spokesman confirmed Tuesday.

The hackers took over a few hundred accounts [Not an isolated incident Bob] and began sending out large amounts of spam during the past three weeks, said Mike Barger, AT&T spokesman. AT&T disabled those accounts.

AT&T also sent notices to all of its 600,000 e-mail customers notifying them to strengthen their passwords to a “complex password” by Feb. 15 to better protect their account. A complex password is a combination of letters and numbers that does not contain a person’s first or last name or any sequential numbers like 1-2-3.

Source - San Antonio Express



Most parents probably purchased the pictures without thinking of privacy.

http://www.pogowasright.org/article.php?story=20090204033746853

European court expands image privacy rights

Wednesday, February 04 2009 @ 05:43 AM EST Contributed by: PrivacyNews

The European Court of Human Rights has expanded the reach of privacy rights by ruling that a photographer breached someone's privacy just by taking a photograph, even though that photograph was never published.

Privacy law expert Rosemary Jay of Pinsent Masons, the law firm behind OUT-LAW.COM, said that the ruling increased the reach of privacy law, but would not create a US-style image right, which is a commercial right rather than a privacy-related one.

Source - Out-Law.com

[From the article:

The case concerned a newborn baby, Anastasios Reklos, who was put into a sterile unit when born. As a commercial service operated by the hospital his photograph was taken.

His parents objected and asked for the negatives to be given to them. The hospital refused, and the Greek courts would not hear the case.

The European Court of Human Rights (ECHR) has now ruled that the taking of the photograph without the baby's parents' permission was a violation of his rights to privacy. The ruling is available only in French.



For my Security students. When I discuss Controls, this document explains the absolute minimum. After all, who is less innovative and further behind the times than the government?

http://www.bespacific.com/mt/archives/020488.html

February 03, 2009

New from GAO: Federal Information System Controls Audit Manual

Federal Information System Controls Audit Manual (FISCAM), GAO-09-232G, February 02, 2009.

  • "FISCAM presents a methodology for performing information system (IS) control audits of federal and other governmental entities in accordance with professional standards. This version supersedes the prior version, Federal Information System Controls Audit Manual: Volume I Financial Statement Audits, AIMD-12.19.6, January 1, 2001. The FISCAM is designed to be used primarily on financial and performance audits and attestation engagements performed in accordance with GAGAS, as presented in Government Auditing Standards (also know as the "Yellow Book")."



Have we reached saturation? Possibly...

http://www.iht.com/articles/2009/02/03/technology/cell.4-422335.php

Future looks gloomy for cellphone market

By Matt Richtel Published: February 3, 2009

SAN FRANCISCO: Cellphone sales are falling, manufacturers have announced thousands of layoffs and wireless carriers are finding it harder to acquire and keep customers.

It sounds like another tale of "recession bites industry," but there are signs that this downturn is masking something more fundamental, that the cellphone industry's best days are behind it.



Lest we forget that the law business is a business.

http://www.bespacific.com/mt/archives/020482.html

February 03, 2009

Hildebrandt and Citi Private Bank 2009 Client Advisory on Trends in Legal Market

"Hildebrandt and Citi Private Bank...present this 2009 Client Advisory highlighting the trends that we perceived in the legal market in 2008, as well as the trends that we believe will impact the market in 2009."

  • "...firms have turned to fairly aggressive measures to reduce their costs, improve their cash positions, and shore up their capital base. In recent months, firms have imposed strict controls on discretionary spending, cut bonuses, frozen associate salaries, postponed new initiatives, and engaged in a number of layoffs of both professional and administrative staff. Some firms have revamped their partner compensation schedules to slow distributions and improve their cash positions. And many firms have embarked on serious efforts to winnow out underperforming lawyers andunprofitable practices."



There are differences...

http://www.bespacific.com/mt/archives/020480.html

February 03, 2009

Characteristics of New Firms: A Comparison by Gender

News release: "While the country's 6.5 million privately held, women-owned firms generated an estimated $940 billion in sales and employed 7.1 million people in 2002, according to the U.S. Census Bureau, a Kauffman Foundation research report released today indicates that women-owned firms have relatively underperformed men-owned firms in a number of measures. The Kauffman Foundation research tracked new businesses' performance measures from 2004 to 2006 and correlated the data to gender based on primary owner characteristics, firm characteristics, industry and outcomes."



Nobody gets my piggy bank unless they are on this list!

http://www.bespacific.com/mt/archives/020481.html

February 03, 2009

The 2008 Bank Performance Scorecard: America's Top 150 Banks

Bank Direct Magazine: "There is not much flash and glitz among this year’s crop of top-performing U.S. banks and thrifts. But given all that’s occurred in the last six months, maybe slow and steady really is the name of the game. In fact, over a recent 12-month period, as the credit and financial markets came unhinged and some of the country’s best-known depository financial institutions teetered on the brink of collapse, “steady at the helm” was the governing mantra for the highest-ranked banks. That is just one salient feature of this year’s class of top performers among banks and thrifts, according to our annual Bank Performance Scorecard. Based on measurement criteria and analysis compiled by Sandler O’Neill & Partners L.P., a New York-based investment banking firm that specializes in the financial services industry, the scorecard features the institutions that maintain top standing in good times and bad—often with recurring high scorers."



Once you have firmly established your brand name, you can begin to exploit it!”

http://news.slashdot.org/article.pl?sid=09/02/03/232221&from=rss

NASA and Google To Back New "Singularity University"

Posted by kdawson on Tuesday February 03, @06:45PM from the can-that-be-taught dept.

Slatterz and Keith Kleiner were among several readers to send in word of Singularity University, announced at TED today by Ray Kurzweil. He and X Prize founder Peter Diamandis began talking about creating the school last year, after Diamandis read Kurzweil's 2005 book The Singularity is Near. NASA and Google are both supporting the project, NASA with space and Google with cash. The school aims to foster "disruptive innovation." As envisioned, Singularity U. will sponsor 3-day and 10-day courses for executives year-round, and its main offering will be a single 9-week course of study over the summer for 120 students, each of which will pay $25,000 for the privilege. Announced faculty so far includes Nobel Prize winning physicist George Smoot, NASA Ames chief scientist Stephanie Langhoff, Vint Cerf, and Will Wright, creator of the video games Spore and The Sims.



Don't let your kids see this!

http://news.yahoo.com/s/nm/20090203/od_nm/us_tv_judge

Judge rules TV essential, awards damages

Tue Feb 3, 3:04 pm ET

SAO PAULO (Reuters) – A Brazilian judge awarded $2,600 in damages to a man who sued a store for not replacing his faulty television set, ruling that it was an "essential good" needed to watch soccer and a popular reality TV show.



No disclosure for this type of breach.

http://entertainment.slashdot.org/article.pl?sid=09/02/03/194238&from=rss

Comcast Apologizes For Super Bowl Porn Glitch

Posted by kdawson on Tuesday February 03, @02:59PM from the pay-per-view-malfunction dept. Television Entertainment

DrinkDr.Pepper writes

"Just after the last touchdown by the Cardinals, with 3 minutes to go in the game, approximately 30 seconds of pornographic material was shown, seen by an unknown number of Comcast customers in Tucson, Arizona who were watching the game in standard definition. Comcast has apologized (they used the word 'mortified') and is issuing a $10 credit to any customer who claims to have been impacted. Various news accounts suggest that the incident was a malicious act, but no one knows how it was done or by whom."



Worth a mention to my Database students...

http://news.cnet.com/8301-13505_3-10156188-16.html?part=rss&subj=news&tag=2547-1_3-0-5

Open-source database market shows muscles

Posted by Matt Asay February 3, 2009 5:07 PM PST

While Sun Microsystems' MySQL gets the limelight, with its 55 percent quarterly billings increase, other open-source database competitors like Ingres and Enterprise are also doing well.

Ingres on Tuesday reported a significant uptick in its 2008 revenue, climbing 32 percent to $68 million over $52 million in 2007. EnterpriseDB didn't provide revenue numbers, but it also recently reported a banner year, with greater than 50 percent growth in new customer accounts and "comparable bookings growth."



Tools & Techniques We could hack this by adding sensors so that any car getting too close would be hit by the full force of the lasers... Think of it as a big bug zapper!

http://blog.wired.com/cars/2009/02/lightlanes-lase.html

LightLane's Lasers Make an Instant Bike Lane

By Keith Barry February 03, 2009 5:37:18 PM

… Their bike-mounted gadget, called LightLane, beams two bright red lines and the universal symbol for cyclist on the pavement, neatly delineating a bike lane to remind motorists to yield a little space.



Our friend in Anchorage sent the link to this website. She is purchasing dust masks, eye protection, and other Volcanic Ash defensive tools. Redoubt is about 100 miles from Anchorage. (About as far as Vail) Might be useful in my Business Continuity class.

http://www.avo.alaska.edu/activity/Redoubt.php

Alaska Volcano Observatory

No comments: