Friday, June 19, 2009

Lots of 'breach' follow-ups today. Funny how articles come in clumps...


Also a good lesson for my programming students.

http://www.databreaches.net/?p=5625

Pointer: TJX Hacker Was Awash in Cash; His Penniless Coder Faces Prison

June 18, 2009 @ 3:59 pm by admin

Kim Zetter has a nice human-interest piece over on Threat Level about those involved in the TJX hack:

Accused TJX hacker kingpin Albert Gonzalez called his credit card theft ring “Operation Get Rich or Die Tryin.”

He spent $75,000 on a birthday party for himself and once complained that he had to manually count $340,000 in pilfered $20 bills because his counting machine broke. But while Gonzalez apparently lived high off ill-gotten gains, a programmer who claims he earned nothing from the scheme sits broke and unemployed, his career in shambles, while awaiting sentencing for a piece of software he crafted for his friend.

Read more on Threat Level.



“Old breaches never die, they just fraud away...”

http://www.databreaches.net/?p=5613

Breach exposes debit card accounts at Suncoast Federal Credit Union to fraud

June 18, 2009 @ 7:07 am by admin

This story was first reported earlier this week, but I waited until there was confirmation that it was linked to the Heartland Payment Systems breach. This newest story provides more detail but still leaves some questions unanswered.

Nicole Norfleet of the St. Petersburg Times reports:

About 56,000 members of Suncoast Schools Federal Credit Union have been notified that their debit card accounts were exposed to fraud.

It is the latest casualty of last year’s breach of Heartland Payment Systems, one of the country’s largest credit card processors, where information from more than 100 million credit and debit card transactions was exposed.

Not until the end of May did Suncoast discover that some of its customers who use Visa Check Cards could be in danger. [How could they not know? Heartland's records were less complete than the hackers? Bob] The Tampa credit union is issuing new cards to all members whose accounts were compromised.

[...]

Suncoast, which has more than 450,000 members, has determined that less than 1,000 members were actually affected by fraud as of Wednesday, McKay-Bass said. …. The credit union began notifying affected members by letter in the first week of June, McKay-Bass said.

Comment:

What do they mean that they discovered “at the end of the May?” Is that when they were first notified by Visa? Visa had informed this site that all notifications were made prior to that. Or does SunCoast mean that they had had the list of card numbers, but didn’t notify their customers because they didn’t see any evidence of misuse until the end of the May?

A number of institutions first started reporting fraud and card replacement after Visa’s May 19th deadline to submit claims for partial recovery of costs.

SunCoast did not reply to a request for clarification about the incident.



Will this cause Heartland to be hated by other card processors? It will if they can turn it into a competitive advantage.

http://www.pogowasright.org/?p=245

Heartland Gets Religion on Security

Heartland Payment Systems CEO Bob Carr is an unlikely spokesman for tech security. But that’s what he’s emerging as.

The credit-card processor suffered one of the largest data breaches ever disclosed last year. But rather than taking the time-honored approach of staying quiet and hoping that the negative publicity goes away, Carr is talking openly about what went wrong, the problems with the industry’s security standards, and a new product his company developed to help merchants protect customer data.

[...]

Carr also believes that the vast majority of breaches go unreported. He says that around 300 companies were victimized by the same hacker as Heartland, but that most have never come forward. He points to loopholes in the state laws meant to protect consumers in the event of a data breach as the reason.

Read more in Forbes.



Sounds like more than a “traffic stop.”

http://www.databreaches.net/?p=5627

Sensitive documents found inside vehicle owned by Clayton County sheriff’s employee

June 18, 2009 @ 4:10 pm by admin

Kathy Jefcoats of the Atlanta Journal-Constitution reports that Genevieve Prejean, a Clayton County sheriff’s employee, is under investigation after local police found a stack of sensitive material inside her car during a traffic stop. A convicted felon, Brandyn Keith Mathis, was driving her car at the time of the stop:

Prejean told police she took home the stack of documents generated from Georgia Crime Information Center. Prejean told police she left the documents in a bag inside the car but officers found the papers inside her glove compartment, Sanchez said. …. Sanchez said Prejean could be charged with unlawfully disseminating the sensitive materials, which contain names, phone numbers, dates of birth and Social Security numbers.

“Those documents are not supposed to even leave the building,” Sanchez said. “She could be fined $50,000 and possibly receive up to 15 years in prison. The Sheriff’s Office can also be sanctioned for allowing the documents out in public.”



Employers should check job applicants, but sometimes they go a bit too far... I wouldn't give my passwords, but perhaps the HR guy would accept a list of his passwords? … the Mayor's passwords?

http://www.pogowasright.org/?p=331

Would you trade your online passwords for a chance at a job?

I’ve long since given up trying to understand things like who thought up Pet Rocks or why people eat sweetbreads. I’m pretty sure, though, something I read today will have me scratching my head for a long time to come.

ReadWriteWeb is reporting that applicants for jobs with the City of Bozeman, Montana, are expected to provide information about any social networking sites they’re a part of, complete with passwords. Let me say right off the bat that I understand new pre-employment policies that request pointers to a personal Web site, Facebook or MySpace page. Personally, I think teasing out information from the vast Internet about prospective employees ought to be the responsibility of Human Resources, but I can also argue that it’s more efficient to just ask people to provide it. But passwords? You have to be kidding me.

Read more on Computerworld.


(Related) Employer overreach?

http://www.pogowasright.org/?p=340

Employee Privacy Violated?

If you join an invite-only forum and post about work from your own home computer on your own time, can your employer fire you for joining the forum? Fox News interviews an employee who is suing over that issue:



Ethics? People still have ethics these days?

http://www.pogowasright.org/?p=313

Draft Paper: “But the Data is Already Public”: On the Ethics of Research in Facebook

I haven’t had a chance to read this yet, but Michael Zimmer has a draft paper available based on his critique of the “Taste, Ties, and Time” Facebook data release that is sure to be thought-provoking. Michael notes on his blog that he will be presenting his paper at the 8th International Conference of Computer Ethics Philosophical Enquiry in Corfu, Greece:

Recall that last fall, a group of researchers affiliated with the Berkman Center for Internet & Society at Harvard University released a dataset of Facebook profile information from an entire cohort (the class of 2009) of college students from “an anonymous, northeastern American university.” While the researchers took good faith steps to preserve the anonymity of the source of the data (and, presumably, the privacy of the subjects), I quickly narrowed it down to 7 possible universities, and then with only a little more effort, identified the source (with some confidence) as Harvard College. All this without ever even downloading or looking at the actual data.

The researchers have since pulled the data out of circulation, and plan to make it available again this month, presumably with some of the anonymity and privacy concerns addressed.

The draft paper I am presenting, “But the Data is Already Public”: On the Ethics of Research in Facebook (PDF of draft), retells the circumstances around the T3 project and my partial re-identification of the dataset. It also describes some of the good faith efforts made by the T3 researchers to try to ensure the anonymity of the data, but exposes the limitations and errors in their procedures. Finally, it highlights the broader challenges for engaging in research on/in social networking sites that this case brings to light.



I seem to remember a certain DU Law professor who went to Korea and taught them about Privacy. I hope YouTube never finds out who he was...

http://www.pogowasright.org/?p=82

Korea vs YouTube - The Battle over Real Name Verification

Nicole Wong, Deputy General Counsel at Google, discusses the challenges of protecting human rights online in a global context. Wong describes YouTube’s recent clash with Korea over real name verification and user anonymity. The complete presentation can be viewed at http://fora.tv/2009/05/04/Corporate_Responsibility_and_Complicity.



First, pass a “secret” law that says “We can do whatever we want.” Second... Well, there is no second.

http://www.pogowasright.org/?p=334

ACLU, Ron Paul’s Campaign for Liberty sue TSA over ‘illegal’ detention

The American Civil Liberties Union may have just earned itself a few more Republican admirers.

Announcing a lawsuit against the Transportation Security Administration for the “illegal” detention of the Campaign for Liberty’s treasurer in April at a St. Louis airport, the ACLU damned what it called a “troubling pattern” of aggressive invasions of privacy by the TSA.

Steve Bierfeldt, the man at the center of the controversy, recorded his confrontation with the airport security agents on his phone. The audio caused waves of indignation across the Internet, as he was seemingly harassed merely for carrying cash and Ron Paul campaign material.

Read more on PrisonPlanet. You can listen to the audio of Bierfeldt’s detention here.



'cause people who read might be terrorists!

https://aspen.ald.lib.co.us/patroninfo~S0/1136119/items?renewsome=TRUE&renew0=i2296005&renew1=i2578834

Notice to AOL Email Users

Recently, some library patrons have not been receiving Arapahoe Library District's courtesy reminder emails. After analyzing the problem, it became clear that almost all of the people affected have AOL email addresses.

If you are currently using AOL for email, and would like to receive courtesy reminder emails, we suggest you use an alternate email account. There are a number of reliable providers of free email: Gmail, Yahoo! Mail, and others.



How do you distinguish between “can't get it” and “don't give a damn?”

http://www.bespacific.com/mt/archives/021626.html

June 18, 2009

Pew: As Broadband Expands Rapidly, America's Poor Lag

Pew Internet & American Life Project: Home Broadband Adoption 2009, by John Horrigan, June 17, 2009

  • "An April 2009 survey by the Pew Research Center’s Internet & American Life Project shows 63% of adult Americans now have broadband internet connections at home, a 15% increases from a year earlier. April’s level of high-speed adoption represents a significant jump from figures gathered by the Project since the end of 2007 (54%)."



“It's not about the law, it's about “fair” [Translation: “I think I should get anything I want for free.”]

http://dallasmorningviewsblog.dallasnews.com/archives/2009/06/should-att-be-a.html

Should AT&T be allowed to be the iPhone's exclusive carrier?

11:37 AM Wed, Jun 17, 2009 Jarrett Rush

This is an interesting question raised by the folks over at BoingBoing, and prompted by a letter from four senators to the head of the FCC. They ask whether it's fair to consumers that phone manufacturers can enter into exclusive contracts with certain cellular providers.



I wonder if the State Department asked them to do this too?

http://news.cnet.com/8301-13578_3-10268577-38.html?part=rss&subj=news&tag=2547-1_3-0-5

Google, Facebook rush Iranian language support

by Stephen Shankland June 18, 2009 11:18 PM PDT

Twitter has the starring role as opening up Net communications about Iran's turbulent politics, but Google and Facebook are jumping in with their its own hasty efforts.

Google is adding Farsi, or Persian, language support to its translation service, the company announced Thursday night. Google rushed out the support specifically because of events in Iran, said Principal Scientist Franz Och in a blog posting.



Perhaps this is part of the new “Newspaper business model?”

http://news.slashdot.org/story/09/06/19/0152259/Newspaper-Crowdsources-700000-Page-Investigation-of-MP-Expenses?from=rss

Newspaper Crowdsources 700,000-Page Investigation of MP Expenses

Posted by timothy on Friday June 19, @04:50AM from the would-like-to-see-this-for-the-us-federal-budget dept.

projector writes with an interesting project from the UK:

"The Guardian are crowd-sourcing the investigation of 700,000 pages of UK MPs' expenses data. Readers are being invited to categorize each document, transcribe the handwritten expenses details into an online form and alert the newspaper if any claims merit further investigation. 'Some pages will be covering letters, or claim forms for office stationery. But somewhere in here is the receipt for a duck island. And who knows what else may turn up. If you find something which you think needs further attention, simply hit the button marked "investigate this!" and we'll take a closer look.'"


(Related)

http://www.hollywoodreporter.com/hr/content_display/technology/news/e3i149b78bd4728016537e2ca0d21bae958

Internet still the leading source for news

Survey: More than half would select Web for sole source

Reuters June 17, 2009, 01:29 PM ET

NEW YORK -- The Internet is by far the most popular source of information and the preferred choice for news ahead of television, newspapers and radio, according to a new poll in the U.S.

But just a small fraction of U.S. adults considered social Web sites such as Facebook and MySpace as a good source of news and even fewer would opt for Twitter.



If you aren't comfortable with “free software” would free software from IBM make a difference?

http://hothardware.com/News/IBM-takes-a-swipe-at-Microsoft-Offices-market/

IBM takes a swipe at Microsoft Office's market

Thursday, June 18, 2009 - by Amy Vernon

In a bold swipe at Microsoft's share of the office (both the office as in location and Office as in program) software market, IBM today announced the newest version of its Lotus Symphony could fully support any files from Office 2007.

The kicker: Lotus Symphony is a free business productivity software suite. In this economy, companies looking to shave pennies anywhere and everywhere might look closer than usual at freeware, especially freeware developed and supported by IBM.



This could be fun for my website students...

http://www.labnol.org/internet/turn-home-computer-into-web-server/9111/

June 16, 2009

Turn Your Home Computer into a Web Server in 2 Minutes

You may find this technique useful even if you are not a very tech-savvy user.

… Now if any of the above reasons look convincing enough, here’s how you can convert your Windows, Mac or Linux PC into a web server in less than two minutes - no technical knowledge required.

Go to labs.opera.com, download the Opera Unite software and install it. Congratulations, you are now running a web server on your machine and just need another minute to configure local file folders that you want to share with others over the internet.



It's real simple. Make using the Internet (any technology) part of the class and students will avoid it like the plague.

http://news.cnet.com/8301-1035_3-10267489-94.html?part=rss&subj=news&tag=2547-1_3-0-5

Teen cheating morphs with new tech, poll shows

by Lance Whitney June 18, 2009 7:30 AM PDT

Parents have yet another reason for a long, hard talk with their kids. More than half of teens admit to using the Internet to cheat, a new poll shows, while 35 percent say they've used their cell phones.

The results were released Thursday by Common Sense Media, which commissioned research firm Benenson Strategy Group to conduct the poll.

The report (PDF) uncovered several alarming trends. More than 38 percent of teens say they've copied content from the Internet and presented it as their own work, while 21 percent have downloaded an actual paper to turn in as their own. Around 65 percent say they've seen other students cheat on tests using their cell phones.

No comments: