(follow-up) Culpeper breach: no one’s responsible because it was a hack?
As a follow-up to the incident reported here, a Culpeper resident wrote a letter to the editor of their local paper that provides a bit more information on the breach and the position of the town in terms of its responsibility — or lack of responsibility — to provide any free credit monitoring.
According to a letter published in the Culpeper Star-Exponent, the town manager allegedly wrote that neither the town nor its vendor were responsible for the breach because the breach was the result of a criminal act and was not the result of negligence on the part of the town or their vendor. The letter goes on to say that the town’s attorney informed the writer that the data breach was due to the previously unnamed vendor, Capital Software Inc., being hacked.
So if it’s a hack, no one’s responsible for providing free credit monitoring services? What world are the Culpeper town manager and attorney living in?
Related? Another incidence of “Hacks aren't our fault?” Bad security? No Problem! (It's only second class citizen data.)
IRS Awards Tax Payment Contract to RBS Worldpay
Brian Krebs of The Washington Post reports that
The Internal Revenue Service has awarded a contract to process tax return payments for the coming filing season to RBS Worldpay, a company that recently disclosed that a hacker break-in jeopardized financial data on 1.5 million payroll card holders and at least 1.1 million Social Security numbers.
The contract award comes a month after credit card giant Visa said RBS was no longer in compliance with the Payment Card Industry (PCI) security standards, a set of guidelines designed to protect cardholder data.
Related Another case of “We have no idea what we're talking about, but listen to how firmly we say it!”
IN: Security breach results in no charges in Clark County
Friday, April 24 2009 @ 11:54 AM EDT Contributed by: PrivacyNews
No charges will be filed against an employee who installed suspicious programs on computers in the auditor’s office in Clark County.
In an e-mail, prosecutor Steve Stewart said the results of a sheriff’s department investigation was turned over to him Tuesday.
“I agree with [Sheriff Danny Rodden’s] assessment that while the actions may have been a violation of county policy, they do not constitute a crime and no criminal charges will be filed,” Stewart said.
Source - The News and Tribune
[From the article:
Two programs —Cane & Abel and LCP — were found on the computers. The programs can be used to breach security and discover user passwords on the county’s network, county systems administrator Matt Dyer previously wrote in an e-mail to commissioners.
… County Auditor Keith Groth told The Evening News in previous interviews that he believed the programs were used in the ordinary course of business for his office, confirming that they was used to access the passwords of other auditor's office employees.
He also said that three desktop computers and a laptop computer owned by the county have both programs installed on them so that employees can work remotely from their homes on overtime. However, neither of the programs have a remote-access feature.
In an interview Thursday, Groth said that the software has been removed, but he has yet to look over the sheriff’s report. [But he made the decision based on it? Bob]
Local: Sort of a “taxation without representation” kind of funding? Traffic ticket fines pay for cost of felony record keeping?
CO: Expansion of DNA sampling law progresses in Senate
Saturday, April 25 2009 @ 04:44 AM EDT Contributed by: PrivacyNews
Senate Bill 241, proposed by John Morse, would require anyone arrested for a felony to submit a DNA sample. The proposed law expands DNA collection from the current law that limits DNA collection to those who are convicted and would affect approximately 60,000 people each year.
Although there are provisions to allow people to request their DNA be removed from the database if they are not subsequently charged with a felony, the issue raises a lot of privacy and constitutional issues, as Colleen Slevin of Associated Press reports.
[From the article:
The testing would cost the state about $1 million a year and would be paid for with a $5 fee charged to anyone convicted of a misdemeanor or felony, as well as anyone who gets a traffic ticket. Morse said there wouldn't be enough money collected to start testing until October 2010.
Think everyone who steals your Identity must be a genius? (Just a short look at the video)
Watch an ID thief’s ‘commercial’
Bob Sullivan of MSNBC reports on an ID thief’s poorly thought out use of YouTube to advertise personal data for sale.
For my Computer Forensics class
DNS plays role in Craigslist killer case
Network technology may have played a critical role in law enforcement officials catching the alleged Craigslist killer before he was able to strike again.
According to DNSstuff, the vendor's DNS tools were used as part of the ongoing investigation to track and then capture alleged Craigslist killer Philip Markoff.
… As investigators build their case, DNSstuff's CTO Paul Parisi earlier this week recorded a videotaped interview with WCVB TV/DT Boston Channel 5 detailing exactly how DNS technology can lead law enforcement officials practically to the doorstep of criminals by tracking the IP address of devices used to a specific location.
Very similar to the insurance scamers that claimed a back injury then were photographed jumping on a trampoline.
Facebook surfing while sick costs woman job
Fri Apr 24, 12:13 pm ET
ZURICH (Reuters) – A Swiss insurance worker lost her job after surfing popular social network site Facebook while off sick, her employer said Friday.
The woman said she could not work in front of a computer as she needed to lie in the dark but was then seen to be active [Not that they monitor her computer or anything... Bob] on Facebook, which insurer Nationale Suisse said in a statement had destroyed its trust in the employee.
Keyboard shortcuts for common apps
working smarter with keyboard shortcuts
This could be very cool. I'll have to
play seriously examine this one!
gStepOne.com - The Google Wizard Writer
… what if rather than simply receiving a list of passive information, we also received an interactive, Google-generated wizard with each step linked to the appropriate web information, videos and tools providing us guidance and all about how to do things.
This function has now become available through gStepOne. gStepOne is a Google wizard writer. It is the first step in Google’s transition from world information service to Worldwide Wizard, from collective memory to virtual helper.
How does it work? Simply draw a map of the steps in a task by dragging and dropping shapes onto the page. Link the steps and give each one a name. gStepOne googles the web for supporting “How to” information and training for each step, and then generates the wizard.
… Use it to write any kind of wizard: for business, for clubs, for community organizations, or just for fun.
Just in case a student should actually stumble across my blog...
Japan's 'exam hell' now reaches into preschool
By Yuriko Nagano Yuriko Nagano – Thu Apr 23, 5:00 am ET
Tokyo – It's a quiet afternoon in suburban Tokyo as a well-dressed boy and his mother enter Nikken, a cram school for kindergartners and preschoolers. The mother bows to staff, confirms a pickup time, and drives off in her Mercedes as the boy hunkers down at that most iconic of Japanese institutions: the cram school.
Japan's juken, or "exam hell," has long evoked images of stressed kids competing for slots at top universities in an all-or-nothing exam. But this approach has increasingly moved down the ladder.
Now, in what is known as ojuken, nursery-schoolers are doing worksheets and attending special classes to secure a seat in primary school that their parents hope will ensure their long-term success.