http://www.pogowasright.org/?p=4514
T-Mobile sued over Sidekick data loss
October 14, 2009 by Dissent
… The Sidekick service disruption occurred last week, and a class action lawsuit (pdf) was filed against T-Mobile USA by Oren Rosenthal in Superior Court in Washington on October 12.
Is this an indication of “Icebergs, dead ahead?” It would be useful if the bank could signal if this was a new “TJX-like” breach or a breach reported earlier (and the crooks are just getting around to using the data)
http://www.databreaches.net/?p=7803
Bank of Bermuda moves to protect customers after security breach
October 13, 2009 by admin Filed under Breach Incidents, Financial Sector, ID Theft, Non-U.S., U.S.
From the your-guess-is-as-good-as-mine dept, Amanda Dale reports:
Several hundred Bank of Bermuda accounts were closed yesterday and cards cancelled as an overseas retailer reported a breach in customer security.
Bank spokeswoman Susan Jackson said: “Bank of Bermuda received notification from Visa and MasterCard that an overseas vendor has been compromised and that a number of Visa and MasterCard accounts may have been affected, including a number of cards issued by the Bank of Bermuda.
Read more on The Royal Gazette.
Interesting to compare with the policies and reactions of other organizations. Lots of questions remain.
http://www.databreaches.net/?p=7805
Audit of DRS data breach completed
October 13, 2009 by admin Filed under Commentaries and Analyses, Government Sector, U.S.
Patricia Daddona reports:
An audit of a 2007 data breach of state taxpayer’s personal information on a stolen laptop shows the state took too long to address the situation but has since made strides to prevent future incidents.
Two years ago, some 106,000 Connecticut taxpayers’ names and Social Security numbers were compromised when an employee, now identified as Jason Purslow of the Department of Revenue Services, the state’s tax-collection agency, left a laptop computer in a parked car on Long Island.
Read more on The Day.
[From the article:
… “DRS botched [probably not the actual wording of the audit report. Bob] its initial response to the theft,” Blumenthal said in a statement. “Inexcusably, our tax agency exposed more than 100,000 taxpayers for nearly a week to possible plundering of personal assets.”
Other lax conditions included the agency not tracking where sensitive data was stored, not securing it with encryption technologies and allowing employees to “casually roam electronic files with little consequence” or reliable record of their visits, he said.
… According to the report, in August of 2007, Purslow was on a family trip when he took the laptop with him to complete critical testing of a new department system due to be activated that Monday. The testing did not involve the taxpayer information, which had been unknowingly transferred to Purslow's laptop. [No indication they disciplined the person responsible for putting taxpayer data on the computer. Probably because they don't know who did it. Bob]
Stolen on Aug. 17 between 5 and 9 p.m., the laptop was reported missing by Purslow the next day. By the following Monday, Purslow had formally reported the theft, but until Aug. 23, the department took no steps to determine whether confidential information was compromised.
In October of 2007, Purslow was suspended 30 days without pay. The laptop has not been recovered.
Using the same logic, McDonald's should be able to access your grocery store purchases to ensure proper nutrition?
http://www.pogowasright.org/?p=4517
AU: Banks to spy on your bills under proposed changes to Privacy Act
October 14, 2009 by Dissent Filed under Govt, Legislation, Non-U.S.
Nick Gardner reports:
Consumers will have black marks lodged on their credit files for missing just one utility bill or credit card repayment under proposed changes to the Privacy Act.
The controversial proposals will give banks carte blanche to view every aspect of our financial affairs, including accounts with other institutions, relationships with utility companies, when accounts are opened and closed, and, crucially, the repayment history of all accounts going back two years.
Read more in The Herald Sun.
Related: Government to re-write Privacy Act (Australian IT)
The full response from the government can be found here (pdf), while the original 2700-page report by the ALRC can be found here.
Strange that this isn't part of the Health Care package... Would we need an amendment?
http://thenextweb.com/europe/2009/10/14/finland-country-world-broadband-legal/
Finland becomes the first country in the world to make broadband a legal right.
By Zee on October 14, 2009
… According to YLE.fi, starting next July, every person in Finland will have the right to a one-megabit broadband connection, says the Ministry of Transport and Communications.
Finland is reportedly the world’s first country to create laws guaranteeing broadband access. The government had already decided to make a 100 Mb broadband connection a legal right by the end of 2015.
Inconsistency is the only constant. (I told you his threats were merely negotiating ploys)
http://thenextweb.com/europe/2009/10/14/murdoch-skynews-streaming-live-website-247for-free/
What’s that Murdoch? SkyNews now streaming live on its website 24/7…for free.
By Zee on October 14, 2009
… There is no log in and no need to have a Sky account, with just one click and anyone in the UK/Republic of Ireland can watch Sky News live from the websites home page.
http://skyplayer.sky.com/vod/page/playLiveTv.do [Silverlight required Bob]
Clear evidence of hacking and a claim that Delta had her emails. Should be a fun case!
http://www.wired.com/threatlevel/2009/10/delta/
Passenger Advocate Sues Delta for Allegedly Hacking Her E-Mail
By Kim Zetter October 13, 2009 3:27 pm
An airline passenger advocate has accused Delta Airlines of hacking her e-mail accounts and computer in order to sabotage her organization’s lobbying efforts to pass federal legislation to help stranded fliers, according to a lawsuit filed in Texas Tuesday.
How should I categorize this one? Twits to the rescue? Free speech v. mad judge? How to write about a gag order?
In the UK, a Few Tweets Restore Freedom of Speech
Posted by kdawson on Wednesday October 14, @05:28AM from the inconvenient-truths dept.
Several readers wrote to us about the situation in the UK that saw the Guardian newspaper forbidden by a judge from reporting a question in UK parliament. The press's freedom to do so has been fought for since at least 1688 and fully acknowledged since the 19th century. At issue was a matter of public record — but the country's libel laws meant that the newspaper could not inform the public of what parliament was up to. The question concerned the oil trading company Trafigura, the toxic waste scandal they are involved in, and their generous use of libel lawyers to silence those who would report on the whole thing. After tweeters and bloggers shouted about Trafigura all over the Internet, the company's lawyers agreed to drop the gag request.
[From the article:
Today's published Commons order papers contain a question to be answered by a minister later this week. The Guardian is prevented from identifying the MP who has asked the question, what the question is, which minister might answer it, or where the question is to be found.
The Guardian is also forbidden from telling its readers why the paper is prevented – for the first time in memory – from reporting parliament. Legal obstacles, which cannot be identified, involve proceedings, which cannot be mentioned, on behalf of a client who must remain secret.
… The editor, Alan Rusbridger, said: "The media laws in this country increasingly place newspapers in a Kafkaesque world in which we cannot tell the public anything about information which is being suppressed, nor the proceedings which suppress it. It is doubly menacing when those restraints include the reporting of parliament itself."
(Related) If they had been a bit faster with this, Miley Cyrus might not have quit! (Let's sue them!)
http://www.makeuseof.com/tag/the-complete-guide-to-twitter-pdf/
Twitter: Best Practices and Tips [PDF Guide]
Oct. 14th, 2009 By Simon Slangen
(Related) Free speech or cyber-bullying? The email is pretty funny and like all humor has a (vague) basis in fact, but probably not is appropriate coming from your boss.
http://www.wired.com/threatlevel/2009/10/obama-email-exhibit-a/
E-Mail Mocking Obama Is ‘Exhibit A’ in Wrongful-Firing Suit
By David Kravets October 13, 2009 3:30 pm
The president of a Midwest office supply company is in court after a salesman claimed the boss’ pre-election e-mail rant against Barack Obama amounted to an edict: Vote for Obama and you’re fired.
… What’s more, it’s an open question of whether Snell and his colleagues were being cyberbullied by president Matthew Brandt’s e-mail – underscoring that office humor in the digital age might get lost in translation — especially when undertaken by the boss.
“It was an ill-advised attempt at humor. Obviously, the better practice is to confine the use of company e-mails for business,” said Bill Tretbar, the company’s attorney, in a telephone interview.
Interesting idea. For the price of a thumb drive (CD's are not pocket=friendly) and some thoughtful structuring of the OS and applications, this might be very effective. Any user could make it worthless with a few simple commands, but would that be so different from today's environment?
Washington Post Says Use Linux To Avoid Bank Fraud
Posted by kdawson on Tuesday October 13, @10:27PM from the just-common-sense dept.
christian.einfeldt writes
"Washington Post Security Fix columnist Brian Krebs recommends that banking customers consider using a Linux LiveCD, rather than Microsoft Windows, to access their on-line banking. He tells a story of two businesses that lost $100K and $447K, respectively, when thieves — armed with malware on the company controller's PC — were able to intercept one of the controller's log-in codes, and then delay the controller from logging in. Krebs notes that he is not alone in recommending the use of non-Windows machines for banking; The Financial Services Information Sharing and Analysis Center, an industry group supported by some of the world's largest banks, recently issued guidelines urging businesses to carry out all online banking activities from 'a stand-alone, hardened, and completely locked down computer system from where regular e-mail and Web browsing [are] not possible.' Krebs concludes his article with a link to an earlier column in which he steps readers through the process of booting a Linux LiveCD to do their on-line banking."
Police in Australia offer similar advice, according to an item sent in by reader The Mad Hatterz: "Detective Inspector Bruce van der Graaf from the Computer Crime Investigation Unit told the hearing that he uses two rules to protect himself from cybercriminals when banking online. The first rule, he said, was to never click on hyperlinks to the banking site and the second was to avoid Microsoft Windows."
(Related) I think they assume that once an attack vector is understood and patched, it stay patched forever. That is not my experience. I see it much more as “Those who do not study cyber-history are doomed to repeat it.”
http://www.bespacific.com/mt/archives/022557.html
October 13, 2009
Rand: Cyberdeterrence and cyberwar
Cyberdeterrence and cyberwar, by Martin C. Libicki: "This monograph presents the results of a fiscal year 2008 study, “Defining and Implementing Cyber Command and Cyber Warfare.” It discusses the use and limits of power in cyberspace, which has been likened to a medium of potential conflict, much as the air and space domains are. The study was conducted to help clarify and focus attention on the operational realities behind the phrase “fly and fight in cyberspace.” The basic message is simple: Cyberspace is its own medium with its own rules. Cyberattacks, for instance, are enabled not through the generation of force but by the exploitation of the enemy’s vulnerabilities. Permanent effects are hard to produce. The medium is fraught with ambiguities about who attacked and why, about what they achieved and whether they can do so again. Something that works today may not work tomorrow (indeed, precisely because it did work today). Thus, deterrence and warfighting tenets established in other media do not necessarily translate reliably into cyberspace. Such tenets must be rethought. This monograph is an attempt to start this rethinking."
Is this a variation of Moore's Law? As computers become more capable, users demand more of IT, especially as they see others using “free” applications in the cloud. (I had always assumed the end users operated with at least their heads in the cloud.)
http://news.cnet.com/8301-19413_3-10373490-240.html?part=rss&subj=news&tag=2547-1_3-0-20
Cloud computing and the big rethink: Part 4
by James Urquhart October 13, 2009 1:50 PM PDT
… The answer is simple: the need for cloud-operated infrastructure comes from the need for more efficient application delivery and operations, which in turn comes from the accelerated need for new software functionality driven by end users.
The most obvious place where this is the case is software as a service. Cloud applications and services that fall under this category are targeted at end users; they deliver computing and storage functionality that meet specific business needs (such as customer relationship management (CRM) or application development and testing).
(Related) Users see “Unlimited free storage” and wonder why IT is hesitating.
http://news.cnet.com/8301-13846_3-10374646-62.html?part=rss&subj=news&tag=2547-1_3-0-20
Cloud storage--the consumers best friend?
by Dave Rosenberg October 13, 2009 7:57 PM PDT
Storing files on your hard drive alone is risky since hardware failures can result in losing of all your data. The best way to back up your information is to store it in the cloud--or at least somewhere other than your local system.
… This is a fairly crowded market with companies like Mozy and Box.net offering various services, but Livedrive's offering looks a lot more what we expect to see from the mythical GDrive--Google's supposed online storage system
Tools & Techniques If it's good enough for Google... Actually, if they put thousands of man-hours into developing a tool and then offer me a copy for free, the least I can do is take it for a spin.
Google To Send Detailed Info About Hacked Web Sites
Posted by kdawson on Wednesday October 14, @12:28AM from the see-yourself-as-others-see-you dept.
alphadogg writes
"In an effort to promote the 'general health of the Web,' Google will send Webmasters snippets of malicious code in the hopes of getting infected Web sites cleaned up faster. The new information will appear as part of Google's Webmaster Tools, a suite of tools that provide data about a Web site, such as site visits. 'We understand the frustration of Webmasters whose sites have been compromised without their knowledge and who discover that their site has been flagged,' wrote Lucas Ballard on Google's online security blog. To Webmasters who are registered with Google, the company will send them an email notifying them of suspicious content along with a list of the affected pages. They'll also be able to see part of the malicious code."
Another of the new Webmaster Tools is Fetch as Googlebot, which shows you a page as Google's crawler sees it. This should allow Webmasters to see malicious code that bad guys have hidden on their sites via "cloaking," among other benefits.
I keep telling my Disaster Recovery class, it's the little things that get you. (This could be mistaken for a cyber-war attack.)
http://www.networkworld.com/community/node/46115
Missing dot drops Sweden off the Internet
E-mail and almost a million Web sites darkened by error By Paul McNamara on Tue, 10/13/09 - 7:35am.
What was essentially a typo last night resulted in the temporary disappearance from the Internet of almost a million Web sites in Sweden -- every address with a .se top-level down name.
Tools & Techniques Useful now that we're using PDF formatted e-textbooks.
http://www.makeuseof.com/tag/how-to-convert-a-pdf-to-text-with-pdf-text-extractor/
How to Convert A PDF to Text With Text Extractor
Oct. 14th, 2009 By Karl L. Gechlik
No comments:
Post a Comment