Tuesday, December 15, 2009

Being cool is dangerous...

http://www.techcrunch.com/2009/12/14/rockyou-hack-security-myspace-facebook-passwords/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29

RockYou Hack: From Bad To Worse

by Nik Cubrilovic on December 14, 2009

Earlier today news spread that social application site RockYou had suffered a data breached that resulted in the exposure of over 32 Million user accounts. To compound the severity of the security breach, it was found that RockYou are storing all user account data in plain text in their database, exposing all that information to attackers. RockYou have yet to inform users of the breach, and their blog is eerily silent – but the details of the security breach are going from bad to worse.

The first issue is that RockYou attempted to downplay the entire incident, first by covering it up by not notifying users and then downplaying it in an official statement as being an issue that only affected ‘older’ applications. The hacker responsible for the initial breach published a small portion of the dataset he had retrieved [A “bragging rights” rather than an “Identity Theft” hack? Bob] and was able to show that not only did he have access to their entire database, but also passwords were stored in the clear. This matter now appears worse than originally suspected as the dataset also contains a table where RockYou have stored user credentials for social networks and other partner sites.


(Related) Now you have a checklist for security violations? “Oh look, they failed to do this, and this, and this...”

http://www.pogowasright.org/?p=6310

Guidelines Aimed at Thwarting ID Theft, Security Breaches Unveiled

December 14, 2009 by Dissent Filed under Breaches

Responding to concerns about identity theft and security breaches linked to portable devices, the AICPA [American Institute of Certified Public Accountants] and the Canadian Institute of Chartered Accountants have expanded Generally Accepted Privacy Principles to include protocols for securing personal information.

The AICPA/CICA Generally Accepted Privacy Principles are recognized by the IRS and other organizations. The privacy framework offers guidance and best practices for securing portable devices, breach management and ensuring continued effectiveness of privacy controls. The guidance also covers disposal and destruction of personal information. [...]

Free copies of the principles, along with additional privacy resources, are available at www.aicpa.org/privacy and www.cica.ca/privacy.

Read more in the Journal of Accountancy. Hat-tip, Corporate Reporting to Stakeholders.



Civil disobedience? Hacktivism? Or just users calling AT&T to task?

http://www.crunchgear.com/2009/12/15/operation-chokehold-will-blow-up-att-on-friday/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29

Operation Chokehold will blow up AT&T on Friday

by John Biggs on December 15, 2009

Fake Steve is rustling some feathers this week with his Operation Chokehold, a planned bit of corporate disobedience against AT&T. He’s telling iPhone users to go nuts with the data on Friday, December 18, just to show AT&T’s CEO De La Vega, the man who suggested education would encourage users not to use his network so much, what uneducated users really can do to his preciously twee airwaves.



This has been wild since it started, but I at least thought they had a case...

http://yro.slashdot.org/story/09/12/15/0121259/The-Trial-of-Terry-Childs-Begins?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

The Trial of Terry Childs Begins

Posted by kdawson on Tuesday December 15, @08:07AM from the there-but-for-luck-and-precedent-go-we-all dept.

snydeq writes

"Opening arguments were heard today in the trial against IT admin Terry Childs, who was arrested 18 months ago for refusing to hand over passwords to the San Francisco city network. InfoWorld's Paul Venezia, who has been following the case from the start, speculates that the 18-month wait is due to the fact that 'the DA has done no homework on the technical issues in play here and is instead more than willing to use the Frankenstein offense: It's different, so it must be killed.' On the other hand, the city — which has held Childs on $5 million bail despite having already dropped three of the four charges against him — may have finally figured out 'just how ridiculous the whole scenario is but is too far down the line to pull back the reins and is continuing with the prosecution just to save face,' Venezia writes. The trial is expected to last until mid-March. San Francisco Mayor Gavin Newsom, to whom Childs eventually gave the city's network passwords, will be included in the roster of those who will testify in the case — one that could put all admins in danger should Childs be found guilty of tampering."



Local But does that immunize the tax preparer?

http://www.pogowasright.org/?p=6315

Colo. court: immigrants tax records are private

December 14, 2009 by Dissent Filed under Breaches, Court, Featured Headlines, U.S.

Ivan Moreno of the Associated Press reports:

The Colorado Supreme Court ruled Monday that authorities violated the constitutional and privacy rights of suspected illegal immigrants when they used tax returns to try and build hundreds of identity theft cases against them.

The ruling affirmed a decision by a Weld County district judge who suppressed evidence against one of the defendants. In that case, investigators raided a tax business that catered to Latinos in Greeley, an agricultural city on the northern plains of Colorado with a heavily Hispanic population.

Read more in the San Francisco Examiner. Previous coverage on this case linked from here and here.



Maybe those privacy policies don't always apply?

http://www.pogowasright.org/?p=6321

Online Commenter Did Not Waive Right to Anonymity by Agreeing to News Website’s Privacy Policy

December 14, 2009 by Dissent Filed under Court, Featured Headlines, Internet

Eric Goldman’s Technology & Marketing Law Blog discusses a recent court opinion concerning unmasking anonymous online commenters that I hadn’t heard about:

Sedersten v. Taylor, 2009 U.S. Dist LEXIS 114525 (Case No. 09-3031-CV-S-GAF) (W.D. Mo. Dec. 9. 2009).

A Missouri district judge rejected a plaintiff’s attempt to unmask an online commenter based in part on the argument that language in the website’s privacy policy resulted in a waiver of anonymity.

[...]

Plaintiff argued that “bornandraisedhere” waived any right to anonymity by agreeing to the terms of the News-Leader’s privacy policy, which provided that the News-Leader:

reserve[s] the right to use, and to disclose to third parties, all of the information collected from and about [users] while [users use] the Site in any way and for any purpose . . . .

Read more on Technology & Marketing Law Blog “anonymity” by kitakitts, Flickr, used under Creative Commons License.



Zillman gathers automatically (using his own software) but there are gems in these reports.

http://www.bespacific.com/mt/archives/023018.html

December 14, 2009

New on LLRX.com - Deep Web Research 2010

Deep Web Research 2010: Marcus P. Zillman is a an internet search expert whose extensive knowledge of how to leverage the "invisible" or "deep" web is exemplified in this guide. The Deep Web covers somewhere in the vicinity of 1 trillion pages of information located through the world wide web in various files and formats. Current search engines are able to locate around 200 billion pages. Marcus identifies sources to mitigate the odds on behalf of serious searchers.



For my statistics students. Earthquakes cause tweets! (Post hoc, ergo propter hoc)

http://www.wired.com/wiredscience/2009/12/twitter-earthquake-alerts/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Index+3+%28Top+Stories+2%29%29

Freaked-Out Tweets After Earthquakes Help Scientists

By Alexis Madrigal December 14, 2009 1:30 pm



For my thumb drive using students (all my students)

http://howto.wired.com/wiki/Encrypt_Your_Thumb_Drive?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Index+3+%28Top+Stories+2%29%29

Encrypt Your Thumb Drive



Now this could be useful!

http://www.webmonkey.com/blog/Use_Google_For_Text-to-Speech_Translations_in_the_Browser?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Index+3+%28Top+Stories+2%29%29

Use Google for Text-to-Speech Translations in the Browser

By Scott Gilbertson December 14, 2009



Make those 360 degree vistas.

http://www.makeuseof.com/tag/how-to-make-amazing-panoramas-in-windows-for-free/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Makeuseof+%28MakeUseOf.com%29

How To Make Amazing Panoramas In Windows For Free



Humor Dilbert explains “tech support by intimidation.”

http://dilbert.com/strips/comic/2009-12-15/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+DilbertDailyStrip+%28Dilbert+Daily+Strip%29



Humor Don McMillan has expanded his video diatribe against PowerPoint. I'll show this every time I teach presentations. (Apparently, there are shorter versions too)

http://www.youtube.com/watch?v=KbSPPFYxx3o

No comments: