http://www.pogowasright.org/?p=3241
FBI investigating laptops sent to US governors
August 27, 2009 by Dissent Filed under Breaches, Other
Robert McMillan of IDG News Service reports:
There may be a new type of Trojan Horse attack to worry about.
The U.S. Federal Bureau of Investigation is trying to figure out who sent five Hewlett-Packard laptop computers to West Virginia Governor Joe Mahchin a few weeks ago, with state officials worried that they may contain malicious software.
According to sources familiar with the investigation, other states have been targeted too, with HP laptops mysteriously ordered for officials in 10 states. Four of the orders were delivered, while the remaining six were intercepted, according to a source who spoke on condition of anonymity because of the ongoing investigation.
Read more on Network World.
(Related)
http://www.databreaches.net/?p=6923
Security test prompts federal fraud alert
August 28, 2009 by admin Filed under Financial Sector, U.S.
Robert McMillan of IDG News Service reports:
A sanctioned security test of a bank’s computer systems had some unexpected consequences this week, leading the federal agency that oversees U.S. credit unions to issue a fraud alert.
On Tuesday, the National Credit Union Administration (NCUA) warned all federally insured credit unions of a bogus letter that an unnamed credit union had received along with two CDs. The bogus letter claimed that the CDs contained NCUA anti-fraud training materials, but in its fraud alert, NCUA warned that running the CDs “could result in a possible security breach to your computer system, or have other adverse consequences.”
Only it turned out that the CDs were not sent by fraudsters. They were sent by employees of MicroSolved, a Columbus, Ohio, security testing company. “It was a part of some social engineering we were doing in a fully sanctioned penetration test,” said MicroSolved CEO Brent Huston in an e-mail message.
Read more on Computerworld
It’s interesting (to me, anyway), that this type of information was immediately and correctly shared throughout the system to prevent fraud, whereas details of actual compromises that might help other institutions prevent compromises of their own do not seem to be shared quickly or fully. [And apparently before checking the contents of the CDs Bob] To the contrary, they are often kept under tight wraps. Following the Heartland Payment Systems breach, Heartland indicated that it would share specifics with others and called for greater information sharing. Is that actually happening?
Hackers aren't the only problem you face with IT systems. Sometimes incompetence is even more deadly.
Bug Means High School Students' Schedule Errors May Last Days
Posted by timothy on Thursday August 27, @05:53PM from the ok-computer-meeting-people-is-easy dept.
Hugh Pickens writes
"The Washington Post reports that thousands of high school students in Prince George's County missed a third day of classes Wednesday, and school officials said it could take more than a week to sort out the chaos caused by a computerized class-scheduling system as students were placed in gyms, auditoriums, cafeterias, libraries and classes they didn't want or need at high schools across the county and their parents' fury over the logistical nightmare rose. 'The school year comes up the same time every year,' said Carolyn Oliver, the mother of a 16-year-old senior who spent Wednesday in the senior lounge at Bowie High School. 'When I heard they didn't have schedules, I was like, "What have they been doing all summer?"' When school opened Monday, about 8,000 high school students had no class schedules and were sent to wait in holding spaces while administrators tried to sort things out." (More below.)
"By Tuesday evening, that number was down to 4,000. As of noon Wednesday, 3,400 of the school district's 41,000 high school students had no class schedules, officials said. Superintendent William R. Hite Jr. said that some schools didn't realize there was a problem with schedules until school started and that the trouble was exacerbated by difficulties with SchoolMax, a $4.1 million computer system introduced last school year. SchoolMax went online in Prince George's a year ago to help the county track students' grades, attendance and discipline data. Last year, the program crashed at least four times and was plagued by errors that led to botched schedules, an overcount of students and mistakes on report cards. Jessica Pinkney, a junior, said she was moved to the cafeteria Wednesday morning after two days in the gymnasium because the cafeteria had air conditioning. 'We just sit and do nothing,' says Pinkney. 'But I'm meeting new people, so it's getting more interesting.'"
(Related) And sometimes acting before thinking produces some nasty (if inevitable) results too.
http://www.pogowasright.org/?p=3210
White House sued over free speech violations in healthcare battle
August 27, 2009 by Dissent Filed under Court, Featured Headlines, Govt, U.S.
The Office of the President and other White House officials are defendants in a free speech lawsuit filed by a prominent physician group, and a non-profit advocate for inner-city poor, according to a new press release.
The White House has “unlawfully collected information on political speech,” [What makes it “unlawful?” Bob] thereby illegally using the power of the White House to chill opposition to its plans for health care reform, according to the complaint filed in District Court for the District of Columbia, by the Association of American Physicians and Surgeons (AAPS) and the Coalition for Urban Renewal and Education (CURE)
The lawsuit was prompted by the White House solicitation for the public to report any “fishy” comments to ‘flag@whitehouse.gov.’ Although the White House slightly revised its data collection procedure last week, the email address still exists, the illegal activity continues, and is part of an “unlawful pattern and practice to collect and maintain information” on the exercise of free speech, which “continues in violation of the Privacy Act and First Amendment even if the Defendants terminate a particular information-collection component due to negative publicity.”
The lawsuit outlines how the White House has employed a form of “bait-and-switch” tactic of accusing the Plaintiffs and other opponents of spreading misinformation about the Administration’s goals for health care reform, and thereby refusing to ‘come clean’ about its real agenda.
The lawsuit outlines that the White House knew that the data collection would chill free speech, and in fact, intended to do just that:
“43. As part of their effort to advance the White House healthcare
reform agenda, Defendants have accused opponents (including
Plaintiffs) of spreading misinformation on issues such as whether
(a) health reform would provide public funding for abortions, (b) put
“death panels” in place to deny care to the elderly or infirm,
(c) amount to a government takeover of healthcare, and (d) increase
healthcare costs..the Defendants and the administration have spread
misinformation, semantics, and disinformation on these topics…..
“45. By denying and continuing to deny that healthcare reform
legislation includes “death panels” that make individual life-or-death
decisions on the elderly or infirm, the Defendants and the current
administration have ignored and implicitly denied and continue to
ignore and implicitly to deny both that their healthcare reform agenda
involves rationing healthcare…”
“My hate mail started shortly after the White House issued the ‘fishy’ request,” said Kathryn Serkes, Director of Policy and Public Affairs for AAPS. “We were quite visible and vocal before then, so it doesn’t seem like a coincidence. Who did they share their data with? With whom might they share it?”
AAPS and CURE demand that the White House remove all information already collected, and further, be prohibited from collecting any personal data in the future.
NOTE: AAPS is a non-partisan professional association of physicians dedicated since 1943 to protection of the patient-physician relationship. CURE, founded by Star Parker, serves poor and inner-city communities through church, individual, and market-based solutions to poverty.
The case number is Civil Action No. 09-1621-EGS. The full text of the complaint is available on request .
SOURCE Association of American Physicians and Surgeons (AAPS)
(Related) If you can't get away with a “chilling effect” try something else.
http://news.cnet.com/8301-13578_3-10320096-38.html?part=rss&subj=news&tag=2547-1_3-0-20
Bill would give president emergency control of Internet
by Declan McCullagh August 28, 2009 12:34 AM PDT
Internet companies and civil liberties groups were alarmed this spring when a U.S. Senate bill proposed handing the White House the power to disconnect private-sector computers from the Internet.
They're not much happier about a revised version that aides to Sen. Jay Rockefeller, a West Virginia Democrat, have spent months drafting behind closed doors. CNET News has obtained a copy of the 55-page draft (excerpt), which still appears to permit the president to seize temporary control of private-sector networks during a so-called cybersecurity emergency.
What is secure today, is hacker fodder tomorrow.
http://hardware.slashdot.org/story/09/08/27/180249/WPA-Encryption-Cracked-In-60-Seconds?from=rss
WPA Encryption Cracked In 60 Seconds
Posted by timothy on Thursday August 27, @02:38PM from the nicholas-cage-has-an-alibi dept.
carusoj writes
"Computer scientists in Japan say they've developed a way to break the WPA encryption system used in wireless routers in about one minute. Last November, security researchers first showed how WPA could be broken, but the Japanese researchers have taken the attack to a new level. The earlier attack worked on a smaller range of WPA devices and took between 12 and 15 minutes to work. Both attacks work only on WPA systems that use the Temporal Key Integrity Protocol (TKIP) algorithm. They do not work on newer WPA 2 devices or on WPA systems that use the stronger Advanced Encryption Standard (AES) algorithm."
Eco-hacking?
http://www.wired.com/dangerroom/2009/08/china-all-your-rare-earth-metals-belong-to-us/
China: All Your Rare-Earth Metals Belong to Us
By Nathan Hodge Email Author August 26, 2009 11:57 am
Rare-earth metals are the key to 21st Century technology: Without them, we wouldn’t have smartphones, hybrid cars or precision weapons. And China, which mines most of the world’s rare-earth metals, may be starting to catch on to their strategic value.
According to this alarming story in Britain’s Telegraph, China’s Ministry of Industry and Information Technology is weighing a total ban on exports of terbium, dysprosium, yttrium, thulium, and lutetium — and may restrict foreign sales of other rare-earth metals. But don’t panic yet: U.S.-based Molycorp Minerals is preparing to resume mining of rare earth ore deposits at a California facility, pictured here.
I'm shocked! Shocked I tell you!
http://www.wired.com/threatlevel/2009/08/maplight/
Hollywood, Big Software and Coal Miners Pros at Timely Political Donations
By Ryan Singel August 26, 2009 7:38 pm
Money in politics is an old story. But armed with a new tool that shows just how closely timed votes and contributions are, Threat Level uncovered some interesting connections between high tech industries, lawmakers and legislation that became the law of the land.
MAPLight.org’s new Money Near Votes site works by noting which groups support a bill and which oppose it, and watching their campaign contributions over time. MAPLight launched the tool Wednesday with a dramatic chart showing that bank lobbyists paid nearly $300,000 to politicians before and after a vote on a credit card reform measure.
This is too soon after the 9th Circuit's decision to be a result of that decision, isn't it?
http://www.pogowasright.org/?p=3219
New directives on border searches of electronic media
August 27, 2009 by Dissent Filed under Govt, Surveillance, U.S.
Department of Homeland Security (DHS) Secretary Janet Napolitano today announced new directives to enhance and clarify oversight for searches of computers and other electronic media at U.S. ports of entry.
“Keeping Americans safe in an increasingly digital world depends on our ability to lawfully screen materials entering the United States,” said Secretary Napolitano. “The new directives announced today strike the balance between respecting the civil liberties and privacy of all travelers while ensuring DHS can take the lawful actions necessary to secure our borders.”
The new directives address the circumstances under which U.S. Customs and Border Protection (CBP) and U.S. Immigration and Customs Enforcement (ICE) can conduct border searches of electronic media—consistent with the Department’s Constitutional authority to search other sensitive non-electronic materials, such as briefcases, backpacks and notebooks, at U.S. borders.
The directives, available at DHS.gov, will enhance transparency, accountability and oversight of electronic media searches at U.S. ports of entry and includes new administrative procedures designed to reflect broad considerations of civil liberties and privacy protections—measures designed to ensure that officers and agents understand their responsibilities to protect individual private information and that individuals understand their rights.
The DHS Privacy Office also released today a Privacy Impact Assessment, available at www.dhs.gov/privacy, in connection with the new directives to enhance public understanding of the authorities, policies, procedures and controls employed by DHS during border searches of electronic data to protect individuals’ privacy. The DHS Office for Civil Rights and Civil Liberties (CRCL) will also conduct a Civil Liberties Impact Assessment within 120 days.
In conjunction with the Privacy Office and CRCL, CBP will ensure training materials and procedures promote fair and consistent enforcement of the law relating to electronic media searches. CBP will also provide travelers subject to electronic device searches with clear and concise material informing them of the reasons for the search, how their data may be used and detailed information about their constitutional and statutory rights.
DHS conducts border searches of computers and other electronic media on a small percentage of international travelers seeking to enter the United States—searches often as basic as asking a traveler te to o turn on a devicensure it is what it appears to be.
Between Oct. 1, 2008, and Aug. 11, 2009, CBP encountered more than 221 million travelers at U.S. ports of entry. Approximately 1,000 laptop searches were performed in these instances—of those, just 46 were in-depth. [Does that sound like an under estimation to you? Bob]
The new directives will also allow DHS to develop automated, comprehensive data collection and analytic tools to facilitate accurate, thorough reporting on electronic media searched at the border, the outcomes of those searches and the nature of the data searched—further enhancing transparency and accountability.
Related documents:
CBP Border Search of Electronic Devices Containing Information (PDF, 10 pages - 4.87 MB)
ICE Border Searches of Electronic Media (PDF, 10 pages - 453 KB)
Privacy Impact Assessment: Border Searches of Electronic Information (PDF, 51 pages - 6 MB)
Source: Department of Homeland Security
Just a reminder that outsourcing isn't the ONLY way... Worth reading!
US Call-Center Jobs — That Pay $100K a Year
Posted by timothy on Thursday August 27, @01:50PM from the payment-for-the-gift-of-gab dept.
bheer writes
"BusinessWeek profiles a call center company called iQor which has grown revenues 40% year-on-year by (shock) treating employees as critical assets. It's done this not by nickel-and-diming, but by expanding its US operations (13 centers across the US now), giving employees universal health insurance, and paying salaries and bonuses that are nearly 50% above industry norms. The article notes that outsourcing will continue and globalization will continue to change the world's economic landscape. 'But the US is hardly helpless. With smart processes and the proper incentives, US companies can keep jobs here in America, and do so in a way that is actually better for the company and its employees.' Now if only other companies get a clue as well."
An interesting graphic for my Intro to Computing class (and as a perspective on e-Discovery)
http://www.mozy.com/blog/misc/physical-storage-vs-digital-storage/
Physical Storage vs. Digital Storage
August 26th, 2009 by nate
Last time we did one of these, we wanted to show you how much data we create with our digital lives. Now we want to show you how data storage has changed over the years. It’s pretty mind-blowing. Enjoy!
No comments:
Post a Comment