Friday, November 13, 2009

Once this data is in the hand of the bad guys, use becomes inevitable. How do bank justify waiting until bogus charges (which they guarantee) appear before replacing the cards rather than replacing the cards immediately?

http://www.databreaches.net/?p=8248

Heartland Update: Some St. Mary’s debit cards compromised

November 12, 2009 by admin Filed under Breach Incidents, Financial Sector, Hack, ID Theft, U.S.

Cards that were “low-risk” from Heartland breach recently used for fraud.

Denis Paiste reports:

St. Mary’s Bank is reissuing about 3,500 debit cards it had been monitoring since a security breach at a national processor in January.

We were told they were low-risk cards, but very recently we’ve been seeing some fraudulent activity,” St. Mary’s Director of Operations Carole Landry said.

The credit union’s Falcon software successfully blocked some attempted fraudulent transactions but about $5,000 in fraudulent transactions got through.

[Article link: http://www.unionleader.com/article.aspx?headline=Some+St.+Mary%27s+debit+cards+compromised&articleId=fee38f87-7176-452c-ba80-97fe1c63508a



Update (The extortion is new...) Hacking is a global industry.

http://www.databreaches.net/?p=8259

Follow-up: Settlement OK’d in DA Davidson hacker lawsuit, extortionists indicted

November 13, 2009 by admin Filed under Financial Sector, Hack, Of Note, U.S.

In January 2008, Davidson Companies, a Great Falls-based investment company, revealed that a hacker had broken into a database in 2007 and obtained the names and Social Security numbers of some 226,000 Davidson clients. A lawsuit filed against the company in April was re-filed in May of 2008. Now the lawsuit has settled and there has been progress on the law enforcement front in identifying those involved and bringing them to justice.

Claire Johnson of the Billings Gazette reports that a class action lawsuit filed against the company has now been settled. The terms of the settlement include a $1 million reserve for class members for reimbursement if they suffer losses through identity theft. The agreement also reportedly gives them until June 2011 to file a claim for losses.

Meanwhile, a criminal investigation into the hacking of Davidson’s computer files appears to have borne fruit. Investigators followed a trail that led to the arrest of three Latvians in the Netherlands. The suspects allegedly were to pick up money from the company in an extortion plot in which D.A. Davidson initially was advised to send the money to Russia.

The three Latvian suspects were extradited from the Netherlands and arrived in the United States on Oct. 22. Aleksandrs Hoholko, 29, Jevgenijs Kuzmenko, 25, and Vitalijs Drozdovs, 33, pleaded not guilty during an arraignment in Great Falls on Oct. 26.

A fourth “John Doe” defendant, identified as Robert Borko, has not appeared on charges.

Prosecutors allege that it was the fourth defendant who hacked into D.A. Davidson’s computer system and downloaded more than 300,000 client files.

He then sent the company an e-mail advising that their clients’ financial information had been compromised and attached 20,000 account records to prove his claim. In more e-mails, the hacker suggested that the company may want to keep the breach confidential, identified himself as a information technology security consultant and agreed to delete all the stolen information and identify security weaknesses.

Read more in the Billings Gazette.

Maybe my memory is shot, but I don’t recall ever hearing about the extortion aspects of this incident until now.



If they fought to get this information from Europe, do they already have it form this end?

http://www.pogowasright.org/?p=5330

EU draft council decision on sharing of banking data with the US and restructuring of SWIFT

November 12, 2009 by Dissent Filed under Non-U.S., Surveillance, U.S.

From Wikileaks.org:

Summary

The CIA and other intelligence agencies have long been interested in the Society for Worldwide Interbank Financial Telecomminications (sic), or SWIFT. The Society, headquartered in Belgium, is the primary system used for international, and some national, bank transfers. Whoever controls SWIFT has access to the full details of millions of yearly bank transfers, including, banks, time, names, amount and account numbers. Since 2002 the US government entered into a secret agreement to acquire SWIFT records.

Data handed over each year [to the CIA] by the Society for Worldwide Interbank Financial Telecommunication, or Swift, includes the details of an estimated 4.6 million British banking transactions.[1][2]

This document (see below) presents a new classified draft Council of the European Union decision on the “processing and transfer of Financial Messaging Data” from the EU to the US, as part of the “Terrorist Finance Tracking Programme”. The 24 paged draft, dated 10th of November 2009, if agreed to, will have substantial impact on the European SWIFT banking system and the privacy of European financial data.

Draft available on Wikileaks.org



Is the Governor a tech wizard who knows more than the lawmakers? Or is he just operating on really weird advice?

http://www.pogowasright.org/?p=5350

Rhode Island Governor Vetoes Restrictions on RFID

November 13, 2009 by Dissent Filed under Legislation, Surveillance, U.S., Youth

Claire Swedberg reports:

Rhode Island’s governor, Donald Carcieri (R), has vetoed the latest effort by the state’s legislature to pass a bill limiting how RFID technology would be employed to track students at schools and school functions, as well as vehicles as they are tracked by E-ZPass or other toll-collection systems. With his veto of Senate Bill 211 (S. 211) on Monday, Carcieri stated that local school and community officials should be allowed to decide if they need to use RFID to track students. He cited the potential for weather-related natural disasters, terrorist attacks or crimes that might prompt a school district to want to do so.

Read more on RFID Journal.

[From the article:

This is the third time the governor has vetoed a bill from the state's general assembly that would restrict the use of RFID technology.



Ignorance of the law is no excuse. “Gimme $200! It's the law!”

http://yro.slashdot.org/story/09/11/13/1310212/City-Laws-Only-Available-Via-200-License?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

City Laws Only Available Via $200 License

Posted by kdawson on Friday November 13, @09:00AM from the calling-doctor-malamud dept.

MrLint writes

"The City of Schenectady has decided that their laws are copyrighted, and that you cannot know them without paying for an 'exclusive license' for $200. This is not a first — Oregon has claimed publishing of laws online is a copyright violation."

This case is nuanced. The city has contracted with a private company to convert and encode its laws so they can be made available on the Web for free. While the company works on this project, it considers the electronic versions of the laws its property and offers a CD version, bundled with its software, for $200. The man who requested a copy of the laws plans to appeal.



Why do I think this is unworkable?

http://www.pogowasright.org/?p=5342

Confidential plans for 1.2 billion ID cards for India

November 13, 2009 by Dissent Filed under Featured Headlines, Non-U.S.

From Wikileaks.org:

This confidential working paper (49 pp) presents the current plan for India’s Unique ID Databse (sic) Project. Numerous RTI (Right to Information ) petitions failed to obtain this document about the world’s biggest citizen identification scheme.

Because the project will likely become a model for many countries the document is of global interest.

Jounalists can contact Nandan Nilekani, Chairman of UIDA, the Unique Identification Authority.

In order to create an ID, they propose collecting the following information:

  • Name

  • Date of birth

  • Place of birth

  • Gender

  • Father’s name

  • Father’s UID number (optional for adult residents)

  • Mother’s name

  • Mother’s UID number (optional for adult residents)

  • Address (Permanent and Present)

  • Expiry date

  • Photograph

  • Finger prints

Section 7 of the report deals with privacy and security issues.

To download the report, see Wikileaks.



“Free” just got more expensive.

http://www.pogowasright.org/?p=5325

Hotmail imposes tracking cookies for logout

November 12, 2009 by Dissent Filed under Internet

Chris Williams reports:

Hotmail users are now unable to log out of their account if the browser they are using does not accept third party cookies.

The move by Microsoft raises security concerns, particularly as PCs on corporate networks and in cybercafes and libraries are often set to reject cookies.

The error screen* that greets users who try to log out tells them they must re-enable third party cookies or close every browser window.

Read more on The Register.

[From the article:

*Complete with typo.



Hey kids! Have fun with Grandma!

http://science.slashdot.org/story/09/11/12/1559253/Keeping-Pacemakers-Safe-From-Hackers?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Keeping Pacemakers Safe From Hackers

Posted by samzenpus on Thursday November 12, @05:08PM from the blackest-of-black-hats dept.

An anonymous reader writes

"Researchers from the Swiss Federal Institute of Technology in Zurich and the French National Institute for Research in Computer Science and Control have now developed a scheme for protecting implantable medical devices against wireless attacks. The approach relies on using ultrasound waves to determine the exact distance between a medical device and the wireless reader attempting to communicate with it."

I had no idea that things have gotten so bad that hearts are being hacked.



Unusual. Extending the rules for politicians to us second class citizens.

http://www.pogowasright.org/?p=5327

TSA Changes Rules On Airport Searches … Very Quietly

November 12, 2009 by Dissent Filed under Court, Govt, Surveillance

TSA hassled the wrong person. Previous coverage here.

TSA has changed two rules about airport searches after an aide to Congressman Ron Paul recorded an incident on his iPhone. The rules changes have prompted the ACLU to drop legal action against TSA on behalf of Steve Bierfeldt.

Bierfeldt was detained in March while attempting to board a plane at Lambert-St. Louis International Airport carrying $4,700 in cash. TSA agents spent half an hour questioning him about why he was carrying so much cash, and Bierfeldt recorded the exchange on his iPhone.

Bierfeldt is the director of development for ‘Campaign for Liberty’, a group formed by Congressman Ron Paul’s after his failed presidential bid. Bierfeldt attempted to send a metal box with the cash and checks through a metal detector at the airport, precipitating the confrontation.

Read more on Aero-News Network. Hat-tip, Infowarrior

[From the article:

The new rules say "screening may not be conducted to detect evidence of crimes unrelated to transportation security" and that large amounts of cash do not comprise a threat to an airliner. The second directive says "traveling with large amounts of cash is not illegal." However, TSA said it would not release copies of the directives without a Freedom of Information request.


(Related) It could have been worse. TSA might give all its agents this new iPhone App... (Humor)

http://www.funnyvideoshack.com/videos/404/nude-it---new-iphone-app.html

Nude It - New iPhone App

Description: Do you want to see someone nude? Yeah, there's an app for that.


(Related) Not humorous. “Breath here, Comrade Citizen.” Another “No search warrant needed” technology? Perhaps we could call it the Hypochondriac's Friend?

http://news.cnet.com/8301-27083_3-10396624-247.html?part=rss&subj=news&tag=2547-1_3-0-20

Cough into your cell phone, not your sleeve

by Elizabeth Armstrong Moore November 12, 2009 2:06 PM PST

… Trained health workers are already able to distinguish cough types by sound. Thanks to software currently being developed by Star Analytical Services, people may soon be able to install an app to have this audio know-how at their fingertips.



Google is going beyond “look for it” to provide “Here you go” – at least, for topics that interest them.

http://www.bespacific.com/mt/archives/022782.html

November 12, 2009

World Bank Data Now in Google Search Results

News release: "Now, a special Google public data search feature will show numeric results for 17 World Development Indicators (WDI) reliably sourced to the World Bank, with a link to Google's public data graphing tool. Google's feature lets users see and compare country-by-country statistics and offers customized graphs with a ‘link’ or web address that can be easily embedded and shared in other websites. From the Google Public Data graphing tool, users can learn more about the data on the new World Bank Data Finder, which allows them to access indicator definitions, quick facts, interactive maps, and additional World Bank related resources."


(Related) Useful if the word gets to the right people...

http://www.bespacific.com/mt/archives/022770.html

November 12, 2009

Google: Finding flu vaccine information in one easy place

"This year, it's especially important to have clear information on what you can do to prepare for the flu season. With this in mind, we are happy to share a new feature for the U.S. which allows you to more easily find locations near you for getting both the seasonal and H1N1 flu vaccine. After expanding Google Flu Trends to a total of 20 countries and 38 languages, allowing more people to see near real-time estimates of flu activity, we began brainstorming with the U.S. Department for Health and Human Services (HHS), their flu.gov collaborators and the American Lung Association on the flu shot finder and other ways Google can be helpful to people this flu season. You can check out the flu shot finder at www.google.com/flushot. The same tool will also be available shortly on www.flu.gov and the American Lung Association websites. It's important to note that this project is just beginning and we have not yet received information about flu shot clinics for many locations. In addition, many locations that are shown are currently out of stock. We launched this service now in order to help disseminate information about locations where vaccines are available, and also to make more vaccine providers aware of the project so that they can contribute."



A couple of these are verrrry interesting.

http://www.techcrunch.com/2009/11/12/infinity-ventures-summit-in-miyazaki-japan-12-demos-from-japanese-startups/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29

Infinity Ventures Summit In Miyazaki, Japan: 12 Demos From Japanese Startups

by Serkan Toto on November 12, 2009

Moji Moji TV by Catalog (winner of the demo pad)

Best of show went to Moji Moji TV, which appears to be a very powerful speech recognition and transcription service for videos launched in private alpha last month. The engine supports Japanese only, but English and Chinese versions are in the works. Moji Moji extracts audio from a video (self-made movies, YouTube clips etc.) and automatically displays the spoken words as text, which then can be edited by the users. The text can be used to tag and sub movies, and it’s also possible to search for certain words or expressions within them. There’s also an iPhone app called Shabetter that automatically transcribes what you say into the iPhone mic and posts it to Twitter. More information on Moji Moji TV in English can be found here.

AEGISGUARD by KLab (fourth runner-up)

AEGISGUARD is anti-virus software that’s not only free to download but also completely available in English. The main purpose of the program is to protect your important files and folders from viruses (of which more than 5 million exist today) and malware by granting only white-listed programs access to them. [A security function that has been missing? Bob] AEGISGUARD developer KLab says this way, unknown or new viruses are effectively fenced out. The solution can be installed with conventional, blacklist-based antivirus software on the same PC.



I'll add this to my Swiss Army folder, since I often wind up sending entire books to my students.

http://www.killerstartups.com/Web-App-Tools/sizablesend-com-no-more-usb-devices?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+killerstartups%2FBkQV+%28KillerStartups.com%29

SizableSend.com - No More USB Devices

http://www.sizablesend.com/

SizableSend.com is a new service that will allow you to send and receive a much larger amount of files in a highly secure and flexible way.

Send 20GBs per session, 2GB max per file, unlimited usage - 100% FREE!

No comments: