Update, with some interesting comments from the analysts. Heartland closed at $9.17, down from a 52 week high of $33 – obviously not all of the drop was due to the breach as it was trading in the high teens at the start of the year.

http://www.databreaches.net/?p=1321

Susquehanna Upgrades Heartland Payment Systems (HPY) to Neutral

Posted February 5th, 2009 by admin

Susquehanna analyst says, “We are upgrading HPY to Neutral from Negative, as it has achieved our price objective. Although considerable risk persists related to the credit/debit card data breach disclosed last month, we believe such penalties are contemplated in the current valuation. We consulted a range of experts, including reformed hackers, data security auditors (PCI DSS), and competing ISOs. Although we think we understand the mechanics of a prospective penalty, these sources suggest a range of outcomes that is frankly too broad to reasonably base (from tens of millions to billions of dollars). It seems no one (outside the FBI and organized crime, perhaps) knows the extent of the breach (Did they get the coveted magnetic stripes? Was the data encrypted?) These details will likely dictate the penalties, the difference between going concern and back to business. We are reducing our estimates sharply on a “best guess” assumption regarding merchant flight, increased capex, and association penalties toward $25 mln.”

Source - StreetInsider.com

Trivial in comparison, but so were the changes that would have prevented it.

http://www.databreaches.net/?p=1319

phpBB hacked, 400,000+ account details intercepted

Posted February 5th, 2009 by admin

The online bulletin board phpBB (php Bulletin Board) was taken offline on Sunday, following a security breach that allowed access to user account details. phpBB is an open-source software package used to run discussion forums on web sites. The breach was caused when the attacker gained access through an unpatched security bug in PHPlist, a third-party open source email application, used for managing newsletters. The attacker had access for more than two weeks before the breach was discovered.

Read more on Heise Online. The Register also has coverage.

Thanks to Brian Honan for the links.

[From the Heise article:

The writer also claims to have created a script that was able to break more than 28,000 passwords which were hashed using an unsalted MD5 algorithm. According to The Register, the blogger then posted the password details to the internet. [Many users use the same password on several account... Bob]

[From the Register article:

Sadly, the attack could have been prevented by adding a single line to an administrator's index file.

There are several interesting points, including what the CISO isn't responsible for...

http://www.pogowasright.org/article.php?story=20090205082536212

Financial institutions brace for rise in security breaches

Thursday, February 05 2009 @ 08:25 AM EST Contributed by: PrivacyNews

Financial institutions are facing an increased risk of security breaches this year owing to budgetary constraints and an increased threat of insider misconduct, according to the latest annual Global Security Survey from Deloitte.

The research found that internal and external security breaches at financial institutions worldwide actually fell over the past year, but that employee misconduct is a growing concern.

Source - IT News

[The survey is here:

http://www.deloitte.com/dtt/cda/doc/content/dtt_fsi_GlobalSecuritySurvey_0901.pdf

The Information Systems Audit and Control Association has a new exposure draft out. Might be useful for your Security Manager... If nothing else, can we agree on their definition of IT Risk? (page 11)

http://www.isaca.org/Template.cfm?Section=Home&Template=/ContentManagement/ContentDisplay.cfm&ContentID=47643

Enterprise Risk: Identify, Govern and Manage Risk The Risk IT Framework Exposure Draft

This IT enterprise risk management framework was designed to allow business managers to identify and assess IT-related business risks and manage them effectively.

Download (1.2M PDF)

Once again the evil troll in Marketing out-technos the Security elf. Perhaps I could charge rent for using my screen real-estate – double if you don't have a contract?

http://it.slashdot.org/article.pl?sid=09/02/05/1410230&from=rss

Why Your Pop-Up Blocker Doesn't Work Anymore

Posted by CmdrTaco on Thursday February 05, @09:59AM from the hate-them-so-much dept. Spam

An anonymous reader writes

"If you've noticed that pop-up ad windows seem to have made an unwelcome return into your life, it's because they're not using the same easily blockable technology as before. The Adimpact system uses DHTML to annoy you, and there's no immediate prospect of a solution."

The new trend. Force anyone who still thinks 15MB is “good enough” to move to a faster (more expensive) service. NOTE: It has nothing to do with volume. By the time a 15MB subscriber has downloaded their 100Gigabytes, the faster user will have downloaded 4 times as much.

http://tech.slashdot.org/article.pl?sid=09/02/05/1913206&from=rss

Charter Cable Capping Usage Nationwide This Month

Posted by timothy on Thursday February 05, @02:23PM from the coming-soon-to-you-from-them dept.

An anonymous reader writes with this snippet from DSL Reports, with possible bad news for Charter customers who live outside the test areas for the bandwidth caps the company's been playing with:

"Yesterday we cited an anonymous insider at Charter who informed us that the company would very soon be implementing new caps. Today, Charter's Eric Ketzer confirmed the plans, and informed us that Charter's new, $140 60Mbps tier will not have any limitations. Speeds of 15Mbps or slower will have a 100GB monthly cap, while 15-25Mbps speeds will have a 250GB monthly cap. 'In order to continue providing the best possible experience for our Internet customers, later this month we will be updating our Acceptable Use Policy (AUP) to establish monthly residential bandwidth consumption thresholds,' Ketzer confirms. 'More than 99% of our customers will not be affected by our updated policy, as they consume far less bandwidth than the threshold allows,' he says."

But if they're lucky, customers will be able to hit that cap quickly.

Related An alternative, but the site has already been overwhelmed (slashdotted), but of course Google had already archived it at: http://74.125.47.132/search?q=cache:Ngzp1j7HI10J:bennett.com/blog/+bennet.com+blog+WISPs&hl=en&ct=clnk&cd=1&gl=us&client=firefox-a

http://hardware.slashdot.org/article.pl?sid=09/02/06/0158225&from=rss

WISPS Mean Cable and DSL Aren't the Only Choices

Posted by timothy on Friday February 06, @07:33AM from the ephemeral-connection dept. Wireless Networking The Internet Technology

Brett Glass writes

"Feel like you're stuck with a no-win choice between expensive cable modem service and slow DSL for Internet? Currently using satellite, with long latencies that make it impossible to do VoIP or interactive gaming? One of America's best kept secrets, so it seems, is the wide coverage of WISPs — terrestrial (not satellite or cellular) wireless broadband Internet providers. The linked article gives an overview of WISPs and provides a handy map showing their nationwide coverage (more than 750,000 square miles of the continental US — and only about one third of the WISPs in the US are on the map so far). Most WISPs are small, independent, consumer-friendly, and tech savvy, making them a better choice than big, corporate ISPs who can't even tell a penny from a dollar."

“Now you can use technology to increase revenue!” Red Light Camera salesmen...

http://yro.slashdot.org/article.pl?sid=09/02/06/009214&from=rss

Italian Red Lights Rigged With Short Yellow Light

Posted by timothy on Thursday February 05, @09:42PM from the decent-pellet-gun-might-help dept.

suraj.sun writes with an excerpt from Ars Technica which brings to mind the importance of auditable code for hardware used in law enforcement:

"It's no secret that red light cameras are often used to generate more ticket revenue for the cities that implement them, but a scam has been uncovered in Italy that has led to one arrest and 108 investigations over traffic systems being rigged to stop sooner for the sole purpose of ticketing more motorists."

[from the article:

… some speculating that up to a million Italian drivers have been unfairly slapped with fines.

No bias here! Try getting a grade lower than “A” without cutting taxes...

http://www.bespacific.com/mt/archives/020509.html

February 05, 2009

Rescuing the American Economy A Guide to How the Stimulus Works

Center for American Progress. Rescuing the American Economy - A Guide to How the Stimulus Works, by Michael Ettlinger | February 5, 2009.

• "The economy was already performing badly by many measures before the recession started in December 2007, but the poor economic performance was partially camouflaged by rising asset values—especially home values. Those rising asset values made many people and businesses feel well off and comfortable going into debt. Rising asset values, consumer overconfidence, and borrowing fueled economic activity and gave the economy a veneer of well-being, even though real family income remained lower than it had been before the recession of 2001."

• Brief: Recovery and Reinvestment 101

• Interactive Map: Beyond the Beltway: Helping Those Most in Need

• Column: How to Help 12 Million Low-Income Children

• Interactive: Build Your Own Stimulus Package

• Related postings on financial system

Related Pick your cause(s) from the list!

http://www.bespacific.com/mt/archives/020507.html

February 05, 2009

Recent CRS Reports: Causes of the Financial Crisis, Alternative Fuels and Advanced Technology Vehicles

• February 02, 2009 - Medicaid: The Federal Medical Assistance Percentage

• February 02, 2009 - Proposed Funding for Workforce Development in the American Recovery and Reinvestment Act (ARRA) of 2009

• January 29, 2009 - Causes of the Financial Crisis

• January 29, 2009 - The Worker, Retiree, and Employer Recovery Act of 2008: An Overview

• January 27, 2009 - Alternative Fuels and Advanced Technology Vehicles: Issues in Congress

I don't know... Perhaps rewarding students for taking/posting notes will work, but are the students who don't take notes likely to want these?

http://www.killerstartups.com/User-Gen-Content/isleptthroughclass-com-college-class-notes

ISleptThroughClass.com - College Class Notes

http://www.isleptthroughclass.com/

Keeping college life balanced is not really easy. In actuality, that is the fun of it – provided you don’t go too far in any direction. Relaxation is a vital part of hard work, so that if you missed a class because you couldn’t make it since you were too knackered to get there in time, or if you made it there only to sleep through it then this site will come to the rescue.

In a nutshell, it stands as a portal where notes can be both downloaded and uploaded. The ones who use the site – the ones who do the hard work, IE the uploaders of contents – earn points for their contributions, and these can later be redeemed for prizes at stores such as Victoria’s Secret and Nike. A rewards catalog is likewise featured, so you can see what’s in store before signing up.