Tuesday, November 24, 2009

Try and save a few bucks by sewing your own tuxedo... Interesting that several stores recently replaced their credit card machines. Sounds like the crooks traveled around pretending to be from the card processor(?) and replaced the processor's machines with their own.

http://www.databreaches.net/?p=8394

Multi-state debit card fraud linked to Hancock Fabrics – police

November 23, 2009 by admin Filed under Business Sector, ID Theft, Of Note, U.S.

Linda McGlasson reports:

Bank customers in California, Wisconsin and Missouri are reporting fraudulent ATM withdrawals that police say are tied to transactions conducted with the Hancock Fabrics retail chain.

In California, Napa Police Department spokesman Brian McGovern says 60 residents reported their cards being used by thieves….. At about the same time, as many as 70 Wisconsin victims reported suspicious ATM withdrawals from their accounts, according to Wood and Portage county law enforcement, which also ties the thefts to machines in Hancock Fabrics stores…. And in Missouri, at least 10 customers at Hancock Fabrics in the St. Louis area reported their debit card numbers and pin numbers stolen during the week of November 9.

Read more on BankInfoSecurity.com

Hancock Fabrics, Inc. operates 264 stores in 37 states and an Internet store. Stores are primarily located in strip shopping centers.

As of the time of this posting, Hancock has neither denied nor confirmed that they have experienced a breach.



Perhaps I've become more sensitive to articles like this, but it seems to me like there is a increased reaction to security breaches of all kinds, but particularly HIPAA violations.

http://www.phiprivacy.net/?p=1526

At UMC, audits show privacy lapses are not new

By Dissent, November 24, 2009 8:40 am

Marshall Allen of the Las Vegas Sun is staying all over the UMC breach reported here previously. In today’s commentary, he reviews the findings of past audits of UMC’s HIPAA compliance:

University Medical Center, facing a possible FBI investigation for allowing confidential patient information to be leaked to outsiders, has a spotty record of adhering to patient privacy laws, Clark County auditors have previously found.

Three county audits since June 2007 showed that although UMC employees are almost universally aware of the patient privacy policies mandated by the Health Insurance Portability and Accountability Act, better known as HIPAA, they have had a more difficult time with implementation.

Failure by the UMC workforce to comply with privacy safeguards “makes the hospital vulnerable” to compromising patient information, county auditors wrote Sept. 15.

Read more in the Las Vegas Sun.



No good deed goes unpunished! Confirms some of what we thought was happening when tapes were stolen. They liked the box the tapes were in and only found out about the records when they watched the evening news.

http://www.databreaches.net/?p=8386

Sentencing in U. of Utah Hospitals and Clinics case

November 23, 2009 by admin Filed under Breach Incidents, Education Sector, Healthcare Sector, U.S.

Back in June 2008, the University of Utah Hospitals and Clinics revealed that a backup tape containing billing records, medical codes, and Social Security numbers on 2.2 million patients [up from 1.5 million Bob] was stolen from the vehicle of one of their contractors, Perpetual Storage. The tape was returned a month later after those receiving the stolen tapes understood what they had, [“Oh my, we've got a fortune in stolen IDs, let's turn our selves in?” Bob] and in December 2008, they were offered a plea deal.

Today, Stephen Hunt reports in the Salt Lake Tribune:

[...]

The U. spent about $500,000 notifying patients of the potential for identity theft, and offered free credit monitoring.

[...]

A judge sentenced Thomas Howard Anderson, one of two men charged with felony counts of receiving stolen property and possession of another’s identification documents, to probation and 60 days in jail. A restitution hearing for Anderson, 53, is pending.

The judge set restitution at $500 for co-defendant Shadd Dean Hartman, 38, who was sentenced to a year in jail. Prosecutor Matthew Lloyd said that amount covers the cost of the custom metal case, the only thing of interest to Hartman.

Jail time? wasn’t part of the plea deal. I wonder what happened. And if the U. spent $500,000 in breach costs, why aren’t they ordered to pay more in restitution? Or is this because they are just the receivers of the stolen property and not the thief?

[From the Tribune article:

But most of the panic subsided a month later when the records were returned uncompromised, [This suggests they didn't know what they had. Bob] and Monday the criminal case also ended quietly.

… Police have said the two had no way to access the partially encrypted data [PR speak for ASCII code? Bob] and that the duo believed the tapes were movies.

Anderson stashed the tapes in his garage until learning from media reports they contained billing records, medical codes and Social Security numbers. He then took the tapes to the U., where he was arrested.



I almost passed this one by, thinking it was another case of “overstatement.” Then I noticed the next article.

http://www.pogowasright.org/?p=5713

UK: Police arrest so they can boost DNA database, warns watchdog

November 24, 2009 by Dissent Filed under Non-U.S., Surveillance

Tom Whitehead reports:

Officers will arrest individuals for “everything” because they then have to power to take DNA samples, even if they wouldn’t have been detained under other circumstances.

The Human Genetics Commission (HGC) warned the alarming practice, which was revealed by a retired senior police officer, was creating a “spiral of suspicion” over the DNA database.

In a major review of the system, it said police should no longer be allowed to automatically take DNA samples for everyone they arrest and called for new rules on when it was right to do so.

[...]

Chris Huhne, the Liberal Democrat home affairs spokesman, said: “The Government’s cavalier attitude towards DNA retention has put us in the ridiculous situation where people are being arrested just to have their DNA harvested.”

James Brokenshire, the shadow home affairs minister, said: “Under Labour’s surveillance state everyone is treated as a potential suspect.”

Read more in the Telegraph.


(Related) Because any one of them could be Osama bin Laden?

http://www.pogowasright.org/?p=5706

UK group: 3/4 of young black men on DNA database

November 24, 2009 by Dissent Filed under Non-U.S., Surveillance

Gregory Katz reports:

As many as three quarters of all black men in Britain aged 18-35 have had their genetic information placed on the country’s massive DNA database, a group charged with reviewing officials’ use of genetic technology said Tuesday.

The Human Genetics Commission – an independent government advisory board made up of scientists, lawyers and other experts – said young black males were “very highly over-represented” on the DNA register and could be unfairly stigmatized by being placed on the database in such large numbers.

[...]

Last month, security minister Alan West acknowledged that the overrepresentation of blacks and other minorities on the database was worrying, but said that “our initial look at this makes us feel that this is to do with the fact that in the criminal justice system as a whole there is overrepresentation of black people.”

“It is not because of a problem with the DNA database itself,” he told lawmakers.

Read more of this AP story on Taiwan News.


(Related?) Same idea, simpler technology.

http://www.pogowasright.org/?p=5708

AU: Clubbers to have fingerprints scanned

November 24, 2009 by Dissent Filed under Businesses, Non-U.S.

Cassie White reports:

Party-goers in Brisbane’s Fortitude Valley will soon be forced to have their fingerprints scanned before entering some of the precinct’s most popular nightclubs…. between 15 and 20 nightclubs will be implementing it over the next three to six months.

But the move has been slammed as a “PR gimmick” by Terry O’Gorman from the Queensland Council for Civil Liberties.

For the licensees to say that if a patron gives their fingerprint that will somehow prevent incidents from occurring within a nightclub is just silly and downright illogical,” he said. [Does it increase their liability? Bob]

“But as well, we have significant concerns about peoples’ privacy, particularly with handing over their fingerprints.

“Even with the police they can only demand them in certain situations when a person is arrested, and even when police get fingerprints under statute they’re under very heavy obligation to ensure privacy safeguards are in place.

“There will be absolutely no privacy safeguards in place to ensure fingerprint materials being collected by pubs and clubs.

“It’s all very well for a relevant licensee to say they’ll be properly stored, but Queensland doesn’t have any privacy laws against which their storage records and procedures can be managed.”

Read more on ABC.



Another first!

http://news.cnet.com/8301-17852_3-10403864-71.html?part=rss&subj=news&tag=2547-1_3-0-20

Police arrest exec for not using Twitter

by Chris Matyszczyk November 23, 2009 4:22 PM PST



For your Security Manager

http://www.pogowasright.org/?p=5699

IE bug leaks private details from 50 million PDF files

November 23, 2009 by Dissent Filed under Breaches, Featured Headlines, Internet

Dan Goodin reports:

A bug in Microsoft’s Internet Explorer browser is causing more than 50 million files stored online to leak potentially sensitive information that could compromise user privacy, a security researcher said.

The documents stored in Adobe’s PDF format display the internal disk location where the file is stored, an oversight that can inadvertently expose real-world names and login IDs of users, the operating system being used and other information that is better kept private. The data can then be retrieved using simple web searches.

Google searches such as this one expose almost 4 million documents residing on users’ C drives alone.

Read more in The Register.



This should make Security managers feel all warm and fuzzy...

http://www.databreaches.net/?p=8381

41% of workers have stolen corporate data – survey

November 23, 2009 by admin Filed under Commentaries and Analyses, Of Note

From Cyber-Ark Software’s press release:

Stealing employer data has become endemic in our culture. According to a survey conducted with 300 office workers in New York City examining the impact of the recession on ethics and security, 85 percent of the respondents admitted to knowing that downloading corporate information from their employer was illegal, yet a quarter of those surveyed would take the data regardless of the penalties. In fact, 41 percent of respondents have already taken sensitive data with them to a new position, while 26 percent would pass on company information if it proved useful in getting friends or family a job.

The second annual “Global Recession and Its Effect on Work Ethics”transatlantic survey also polled 300 office workers in London, asking the same set of questions for comparison.

Protection of corporate data continues to lag, with 60 percent of those surveyed admitting that it is easy to take sensitive information from under their bosses noses – with the primary tool of choice remaining a portable storage device like a memory stick, USB flash drive or CD, followed by email and then paper coming in a close third.

… Tops on the hit list of information that people like to download is customer and contact details (23 percent), followed by access and password codes (11 percent). Other information that is coveted includes product information, plans and proposals. This is particularly worrying as, without the proper identity and access management solutions in place, many ex-employees can still get into the network to access content and download information long after they’ve left the building.



I wonder who their adviser is? (and do we have it on tape?) It sounds like this whole thing is an organized crime scam – get the government to pay you to advise pimps on how to get around the law...

http://www.databreaches.net/?p=8401

ACORN Dumped Sensitive Documents as Probe Began – PI

November 24, 2009 by admin Filed under Breach Incidents, Exposure, Miscellaneous, Of Note, Paper, U.S.

Joseph Abrams reports:

A private investigator says he found tens of thousands of sensitive documents dumped outside a California ACORN office just days after the state attorney general announced an inquiry into the community organizing group.

Derrick Roach, a licensed investigator based in San Diego, told FoxNews.com he paid an impromptu visit to the city’s ACORN branch on Oct. 9 and watched from his car as a man tossed bags of files into a Dumpster outside the building.

After ACORN staff left for the day, he says, he searched the trash bin and discovered more than 20,000 documents he believes point to illicit relationships between ACORN and a bank and a labor union — as well as confidential information that could put thousands at risk for identity theft.

“We’re talking people’s driver’s license numbers, dates of birth, Social Security numbers, credit card numbers, bank account numbers, tax returns, credit reports” — all tossed in public view in the Dumpster, he said.

Read more on Fox News. NBC also provides coverage, with more of an emphasis on the political angles.



Isn't this a crime? Something about 'bait & switch?'

http://yro.slashdot.org/story/09/11/24/0112201/Bing-Cashback-Can-Cost-You-Money?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Bing Cashback Can Cost You Money

Posted by timothy on Monday November 23, @11:38PM from the wotta-boggin dept.

paltemalte writes

"Microsoft and various retailers have teamed up to bring you cashback on purchases made via Bings price comparison feature. There is a little snag though — it seems that when you have a Bing cookie living in your browser, some retailers will quote you a higher price than if you come with no Bing cookie in your system."



Of course they do... If we define our system as the best, then by definition we are the best. (Politics 101)

http://tech.slashdot.org/story/09/11/23/1651218/Telcos-Want-Big-Subsidies-Not-Line-Sharing?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Telcos Want Big Subsidies, Not Line-Sharing

Posted by ScuttleMonkey on Monday November 23, @12:22PM from the give-us-money-and-leave-us-alone dept.

It seems that a recent survey of global broadband practices by Harvard's Berkman Center at the behest of the FCC has stirred the telecommunications hornet's nest. Both AT&T and Verizon are up in arms about some of the conclusions (except the ones that suggest offering large direct public subsidies).

"Harvard's Berkman Center study of global broadband practices, produced at the FCC's request, is an 'embarrassingly slanted econometric analysis that violates professional statistical standards and is insufficiently reliable to provide meaningful guidance,' declares AT&T. The study does nothing but promote the lead author's 'own extreme views,' warns a response from Verizon Wireless. Most importantly, it 'should not be relied upon by the FCC in formulating a National Broadband Plan,' concludes the United States Telecom Association. Reviewing the slew of criticisms, Berkman's blog wryly notes that the report seems to have been 'a mini stimulus act for telecommunications lawyers and consultants.'"

[The report: http://www.fcc.gov/stage/pdf/Berkman_Center_Broadband_Study_13Oct09.pdf



Fodder for my Disaster Recover class who keep telling me “No one can be that stupid, can they?” I wonder if anyone got a bonus for bring the project in under budget?

http://it.slashdot.org/story/09/11/24/0634220/New-Virginia-IT-Systems-Lack-Network-Backup?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

New Virginia IT Systems Lack Network Backup

Posted by timothy on Tuesday November 24, @08:17AM from the private-did-not-make-perfect dept.

1sockchuck writes

"Virginia's new state IT system is experiencing downtime in key services because of a mind-boggling oversight: the state apparently neglected to require network backup in a 10-year, $2.3 billion outsourcing deal with Northrop Grumman. The issue is causing serious downtime for state services. This fall the Virginia DMV has suffered 12 system outages spanning a total of more than 100 hours, and downtime hampered the state transportation department when a state of emergency was declared during the Nov. 11 Northeaster."



Something for the Forensics wiki?

http://www.bespacific.com/mt/archives/022866.html

November 23, 2009

New on LLRX.com - Strengthening Forensic Science: The Next Wave of Scholarship

Strengthening Forensic Science: The Next Wave of Scholarship: Ken Strutin's article focuses on threads of scholarly literature citing and commenting on the recent National Academy of Sciences report, Strengthening Forensic Science in the United States: A Path Forward, and highlights discussions where experts and practitioners rethink the merits of a wide range of forensic issues.



For my website students

http://www.makeuseof.com/tag/make-your-own-movie-from-photos-with-pinnacle-video-spin-windows/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Makeuseof+%28MakeUseOf.com%29

Make Your Own Movie From Photos With Pinnacle Video Spin [Windows]

Nov. 23rd, 2009 By Ryan Dube



I love lists (and I looked, no Centennial-man)

http://www.pcmag.com/article2/0,2817,2356002,00.asp

Our Favorite Blogs 2009

11.23.09

Fifty blogs we just can't get enough of.

No comments: