http://www.databreaches.net/?p=3247
OK: Personal Data Of 1M On Stolen DHS Laptop
April 23, 2009 by admin Filed under: Government Sector, Theft, U.S.
Well, here’s a laptop theft that will probably cost more than $50,000….. KOCO reports that a laptop stolen from an employee’s vehicle on April 3 contained personal information of up to 1 million people. According to the Oklahoma Department of Human Services, the computer had names, Social Security numbers and birthdates of people who receive state assistance. NewsOK has a bit more on the incident.
Update 1: OKDHS has a notice on its web site about the incident that says “The personal information included names, Social Security numbers, dates of birth and home addresses of clients who receive Medicaid; Child Care assistance; Temporary Assistance to Needy Families (TANF); Aid to the Aged, Blind and Disabled; and Supplemental Nutrition Assistance (SNAP or Food Stamps). The data did not contain driver’s license numbers, credit card or banking information. The potential breach did not affect Child Welfare services.”
Related (I couldn't find the paper yesterday. Pogo did!)
http://www.pogowasright.org/article.php?story=20090423162009615
Lost laptops cost companies $50k apiece
Thursday, April 23 2009 @ 04:20 PM EDT Contributed by: PrivacyNews
A single lost or stolen laptop costs a business an average of nearly $50,000. At least, that's the word from an Intel-sponsored study by the Ponemon Institute.
Source - The Register Related - Cost of a Lost Laptop White Paper Final 2.pdf
Thanks to Brian Honan for this link.
Security Tech: Once you have a fully secure device, who will you talk to? Will NSA set up a fully secure Facebook clone? Someone has to be first: Which President was first to use the telegraph? Telephone? Airplane?
http://tech.slashdot.org/article.pl?sid=09/04/24/0428235&from=rss
Obama To Get Secure BlackBerry 8830
Posted by timothy on Friday April 24, @07:54AM from the what-about-back-worn-radio-controller-devices dept. Communications Cellphones Government Security
CWmike writes
"President Barack Obama is set to receive a high-security BlackBerry 8830 soon, The Washington Times reported today. The device is said to be in the final stages of development at the National Security Agency, which will check that its encryption software meets federal standards. It might not be ready for months. It was reported that Obama will be able to send text and e-mail messages and make phone calls on the device, but only to those with the secure software loaded on their own devices. [Not that he'd want to, but this means the President can't send me an email? Bob] The list includes First Lady Michelle Obama and top aides. The security software is made by Genesis Key, whose CEO, Steven Garrett, is quoted as saying: 'We're going to put his BlackBerry back in his hand.' The Sectera Edge was pegged in January by analysts as the top device choice because of its reputation for secure data communications when used by other federal workers. And there are many reasons why Obama might have been told 'no' on his BlackBerry. But Obama may wish he had chosen a Sectera if BlackBerry has more outage problems like its latest last week, which meant no mobile e-mail for hours across the US."
[From the article:
In the interim, Mr. Obama has been using a patchwork of two devices, a BlackBerry and an NSA-supplied secure hand-held device known as Sectera Edge. The General Dynamics Corp.-made Sectera must be plugged into the presidential BlackBerry, making its use more cumbersome than a secure BlackBerry.
Privacy tech: Should all my students learn this?
http://yro.slashdot.org/article.pl?sid=09/04/23/1846207&from=rss
How Tor Helps Both Dissidents and the Police
Posted by timothy on Thursday April 23, @03:18PM from the can-I-join-your-group-I-hate-the-romans dept. Privacy Encryption Government News
Al writes
"Technology Review has a in-depth article about the anonymous networking software Tor and how it is helping dissidents spread information in oppressive regimes such as Syria, Zimbabwe and Mauritania, and opening up the unfiltered web for users in many more countries. In China, for instance, the computers found in some web cafes are configured to use Tor automatically. Interestingly, some police agencies even use the software to hide their activity from suspects. As filtering becomes ever more common in democratic countries such as the US, perhaps Tor (and similar tools such as I2P), will become even more valuable."
Related, but completely different? Security and Privacy are not always positively correlated. I read these examples as “Buy a new computer, lose access to your bank account.”
http://www.pogowasright.org/article.php?story=20090424044223646
Online banking ID tech equals privacy threat?
Friday, April 24 2009 @ 04:52 AM EDT Contributed by: PrivacyNews
A widely used technology to authenticate users when they log in for online banking may help reduce fraud but it does so at the expense of consumer privacy, a civil liberties attorney said during a panel at the RSA security conference on Thursday.
When logging into bank websites, users are typically asked for their username and password. But that's not all that is happening.
Source - Silicon.com
[From the article:
Wachovia, which recently merged with Wells Fargo, tags the consumer's computer with a unique identifier, said Chris Mathes, an information technology specialist in online customer protection at the bank.
The technology not only can be used to allow legitimate customers into websites but also to block computers that have been targeted as "bad actors", said Todd Inskeep, a senior vice president for the Center for the Future of Banking at Bank of America.
Another device fingerprinting technology provided by 41st Parameter is similar but doesn't tag the computer. Instead, the technology figures out the degree of probability that the computer accessing the site is the one that should be accessing it by querying the computer for things like time zone, language, browser type, Flash ID, cookie ID and IP address, said Ori Eisen, founder of the company. If enough of the answers match, the account can be accessed.
Security Planning: You always look for indications things are not as you expected. Sometimes this is a security failure, sometimes poor documentation, always worthy of review. That's why we keep logs! If security was perfect, nothing would ever go wrong and we would need no record of our perfection because we could recreate any event by executing an algorithm.
http://www.pogowasright.org/article.php?story=20090424053051878
Security Pro to Companies: Assume You're Owned
Friday, April 24 2009 @ 05:30 AM EDT Contributed by: PrivacyNews
Major companies should assume the bad guys have already broken into their network, and are better off diverting some resources from attack prevention to ferreting out existing invasions, says one prominent security expert.
Source - CIO
Thinking of upgrading?
http://www.techradar.com/news/computing/pc/windows-7-hack-cannot-be-fixed--594245
Windows 7 hack 'cannot be fixed'
3KB of code is all that's needed to take control of your PC
Researchers at a recent hackers' conference have shown how it's possible to take control of a Windows 7 machine during its boot sequence.
Demonstrating the code at the recent Hack In The Box event in Dubai, security researchers Vipin Kumar and Nitin Kumar used a piece of code called VBootkit 2.0 to take full control of a Windows 7 machine during the booting up process.
Based on the principle that Windows 7 is meant to be safe from attack during the boot up process, the duo showed that the code, which is only 3KB in size, could actually easily be run while the OS is starting up.
The attacker can then gain remote access to the computer and can change files around with the highest level of administrator privileges, and then return the system to its original passwords to leave the hack undetected.
Does Congress feel they “Must do something?” (Underlying theme of most bad laws.)
http://www.bespacific.com/mt/archives/021189.html
April 23, 2009
House Hearing on Communications Networks and Consumer Privacy
The Subcommittee on Communications, Technology, and the Internet held a hearing titled, Communications Networks and Consumer Privacy: Recent Developments on April 23, 2009. The hearing focused on technologies that network operators utilize to monitor consumer usage and how those technologies intersect with consumer privacy. The hearing explored three ways to monitor consumer usage on broadband and wireless networks: deep packet inspection (DPI); new uses for digital set-top boxes; and wireless Global Positioning System (GPS) tracking."
Testimony and Statement for the Record of Marc Rotenberg, Executive Director, EPIC Adjunct Professor, Georgetown University Law Center: "we believe it is becoming clear that unregulated collection of consumer data is posing an increasing danger to online privacy and maybe even to the economic model itself. A small number of companies and large advertising networks are obtaining an extraordinarily detailed profile of the interests, activities and personal characteristics of Internet users. Users have little idea how much information is gathered, who has access to it, or how it is used. This last point is critical because in the absence of legal rules, companies that are gathering this data will be free to use it for whatever purpose they wish – the data for a targeted ad today could become a detailed personal profile sold to a prospective employer or a government agency tomorrow."
See? Microsoft does sponsor research like this – but as they say in the article, they may not use it.
http://www.pogowasright.org/article.php?story=20090424052133926
Microsoft: How to study search data without risking privacy
Friday, April 24 2009 @ 05:21 AM EDT Contributed by: PrivacyNews
Data on Internet search queries is a potential gold mine for researchers, as a glimpse into the minds of the online population. But despite efforts to keep that data anonymous, its release is a mine field for personal privacy, as evidenced by AOL's legendary 2006 "screw up."
Source - Microsoft: TechFlash
[Other papers at the WWW2009 Conference: http://www2009.eprints.org/
Close to home. Let's see if I get this business model: We take the content from a newspaper that wasn't able to generate enough income to survive and try to sell it to an audience that doesn't read newspapers. (If you need more evidence that they don't get it, note that they didn't publish this story.)
http://news.slashdot.org/article.pl?sid=09/04/23/2121232&from=rss
Paid Online News Venture Fails To Get Subscribers
Posted by timothy on Thursday April 23, @05:49PM from the it-seemed-different-on-paper dept. The Media The Almighty Buck
Ian Lamont writes
"The idea of migrating people from free online news content to paid subscriptions has been dealt a blow. A venture meant to fill the void left by the print Rocky Mountain Times has attracted 3,000 subscribers — just 6% of its original goal of reaching 50,000 paid subscribers by Thursday. InDenverTimes.com is currently free, but the plan was to have gated premium content starting next month for a $5/month subscription. The project has entrepreneurial backing and articles from journalists who used to work for the print-focused Rocky Mountain News, which closed last month. However, a lack of paying subscribers and low online ad rates means that the venture might have to scale back its ambitions."
If it's easy enough, and free, people will do it!
http://www.makeuseof.com/tag/fling-ftp-automate-your-backup-using-this-free-ftp-client-windows/
Fling Ftp: Automate your Backup with free FTP client (Windows)
Apr. 23rd, 2009 By Karl L. Gechlik
Maybe you need to be a geek to find this interesting... This is the future, people!
http://www.atthebreach.com/blog/analysis-of-conficker/
April 23, 2009
Analysis of Conficker
Researchers at SRI International have published a comprehensive breakdown of the deep workings of Conficker, the malware worm. Their analysis reveals that Conficker is 1) a best-of-breed piece of malware that uses cutting edge cryptography 2) pushes the envelope on using the DNS system for “meeting point” style communications 3) implements a sophisticated peer-to-peer command and control structure 4) and works hard to escape detection and prevent its removal.
You can find the SRI analysis at http://mtc.sri.com/Conficker/addendumC/
[Paper also offers:
NEW: FREE DETECTION UTILITIES
Conficker C P2P Snort Detection Module
More than I ever wanted to know...
http://www.bespacific.com/mt/archives/021188.html
April 23, 2009
GPO Launches Federal Digital System (FDsys)
Public Printer of the United States: "I am pleased to announce the launch of FDsys, GPO's new Federal Digital System, an innovative tool to enable Americans and people worldwide to search and access the documents of the U.S. Government. FDsys is an one-stop site on which to find current, authentic, published information from all three branches of the U.S. government. I am especially pleased with our new Daily Compilation of Presidential Documents, which includes releases from the White House Press Office and remarks made by the President. FDsys also offers search capabilities to find documents released by Members of Congress and Congressional Committees, using only keyword and date information."
[From the website:
The migration of information from GPO Access into FDsys will be complete in mid-2009. The migration is occurring on a collection-by-collection basis
For my math students (Okay, it needs a little work...)
http://www.killerstartups.com/Web20/tricki-org-a-repository-of-mathematical-knowledge
Tricki.org - A Repository Of Mathematical Knowledge
Do you think you are mathematically challenged just because you cannot solve a mathematical problem? This solution was created in order to be a source of techniques to get around that very issue. On this site you will find a wide variety of methods concerning specific subareas of mathematics.
Users are allowed to get a number of articles about mathematical problems and solutions in a very effective way. Some of these articles are for beginners while others are intended for advanced users. If you want to find the way to solve algebra, geometry or probability problems this is the right site for you to find what you need.
For my Computer Security students. How cool is a school that teaches their students to hack it?
http://www.makeuseof.com/tag/how-to-get-into-blocked-websites-in-school-with-freeproxy/
How to Bypass Firewalls & Get into Blocked Websites in School or at Work with FreeProxy (Windows)
Apr. 23rd, 2009 By Ryan Dube
No comments:
Post a Comment