Gonzalez pleads guilty, sentenced to 15-25 years
The Associated Press has reported that Albert Gonzalez has agreed to plead guilty to conspiracy, wire fraud and aggravated identity theft charges.
Under a plea agreement with federal prosecutors filed in Boston on Friday, Albert Gonzalez would serve a sentence of 15 to 25 years after pleading guilty to a 19-count indictment. He would also forfeit some $2.8 million in cash, a Miami condo, a car and expensive jewelry.
Gonzalez, 28, is charged with swiping credit and debit card numbers of more than 170 million accounts.
Kim Zetter of Threat Level reports:
The agreement resolves the case against Gonzalez in Massachusetts — which charged him with hacking into TJX, Barnes & Noble and OfficeMax — as well as a case in the eastern district of New York that charged him with hacking into the Dave & Busters restaurant change.
Still outstanding are charges filed last week in New Jersey alleging that Gonzalez also hacked into Heartland Payment Systems, Hannaford Brothers, ATMs stationed in 7-11 stores, and two unnamed national retailers.
Yesterday, StorefrontBacktalk indicated that the two unnamed retailers are J.C. Penney and Target.
Update 1: The Associated Press has published more detail.
You might wonder why they bothered to notify the AG if the database was encrypted. It looks to me that is was not really encrypted, but might squeak by based on some vague legal definition of encryption. Much more likely the data was in some database format and not “encrypted” at all. But we'll never know since there is no requirement to report the impact of a breach.
Normandeau Associates reports theft and recovery of stolen laptop
Normandeau Associates, an environmental consulting firm based in New Hampshire, notified the New Hampshire Attorney General of the theft of a laptop with an encrypted employee database. The theft occurred in 2008, and the laptop was recovered in February 2009, but Normandeau did not learn of the problem until June 2009, [How could that be? The manager responsible was in a coma? Bob] at which point they notified 277 employees in New Hampshire. As they explain (pdf):
In June, 2009, Normandeau learned that one of its laptop computers had been stolen from the home of a Normandeau employee in November, 2008, and later returned in February, 2009. The password protected laptop contained an encrypted employee database with personal information, including names, social security numbers, and bank account numbers of past and present Normandeau employees. The perpetrator required specific computer software to access the encrypted database in its existing format on the laptop, and it is unknown if access was actually made. [Are we to assume the employee did not have the software on his computer to access the database he downloaded? How stupid is this guy? Bob]
The local police were notified [Apparently not by the employee! Bob] about the theft and Normandeau conducted an internal investigation. Nonnandeau also consulted with a computer forensic analyst, but was unable to determine if unauthorized access to the database actually occurred. There is no evidence of misuse of the personal information. [This is a very safe statement to make. Worthless, but safe. Since employees didn't know about the theft, they were unlikely to notify the firm of any Identity Theft issues. Bob]
Normandeau has policies that prohibit personal information from being downloaded onto its laptop computers. In this instance, the database was temporarily stored on the laptop during restorative maintenance to the company’s network, and contrary to company policy, not thereafter removed. The company took action against the responsible person for unintentionally failing to remove the database containing the personal information as required by company policy. No further precautionary actions were required to prevent similar breaches. [Near gibberish. Translation: “We're not going to change anything.” Bob]
(Related) Lessons: Most organizations still don't encrypt. Laptops are still targets of thieves. Apparently, unlimited downloading of patient data (personal data) is still okay...
Laptops containing medical details of Birmingham patients stolen
In the U.K.:
Laptops containing the private and medical details of more than 7,000 Birmingham NHS patients, including sick children, have been stolen prompting a massive security alert.
Surgical firm Trulife used by four hospitals – Birmingham Children’s Hospital, City Hospital, in Winson Green, Sandwell Hospital, in West Bromwich, and Rowley Regis Hospital – has revealed that three computers have been taken.
One of them was taken after being left in a car by an employee, while another was snatched during a mugging.
None of the information on the missing laptops had been encrypted.
Between 3,000 and 3,500 Children’s Hospital patients are affected plus a further 3,633 patients from City, Sandwell and Rowley Regis.
The first laptop went missing at the premises of a Birmingham hospital in March 2006, a second was stolen in a mugging in March 2007 and the third was stolen after being left in a Trulife employee’s car in February last year.
Update your statistics.
Biggest Breaches of 2009
Linda McGlasson of BankInfoSecurity.com provides an analysis and commentary, based on ITRC’s statistics for this year.
There have been 356 data breaches so far in 2009, according to the Identity Theft Resource Center (ITRC). And 46 of those breaches have involved financial institutions - up from 34 at this same time last year.
The good news, Foley says, is that, based on percentages, financial institutions consistently have lower percentages of data breaches than other organizations. “This means they’re doing a better job of controlling and protecting their data,” she says.
The bad news is when financial institutions - or their third-party service providers — are breached … it’s big.
Read more on BankInfoSecurity.com
Good news, bad news? “If you're innocent, you have nothing to worry about.”
Swedish police to publicly identify suspects
Police in Skåne in southern Sweden will shortly begin publishing pictures of criminal suspects on the police website, a practice that may soon be adopted all over the country.
The pictures will be taken from surveillance cameras and the police hope that the general public will help investigate and identify criminals.
Anne Ramberg, general secretary of the Swedish Bar Association (Advokatsamfundet), argues that innocent people may suffer anxiety as a result of this method. She writes publicly that the pictures are a further sign that more societal surveillance leads to “an insidious shifting of the boundaries”.
Read more on The Local (Sweden)
Worth a review
Privacy missing from Google Books settlement
If Google digitizes the world’s books, how will it keep track of what you read?
That’s one of the unanswered questions that librarians and privacy experts are grappling with as Google attempts to settle a long-running lawsuit by publishers and copyright holders and move ahead with its effort to digitize millions of books, known as the Google Books Library Project.
“Which way are we going to go?” said Michael Zimmer, a professor from the University of Wisconsin at Milwaukee. “ Is this service going to be an extension of the library, or an extension of Web searching?”
Zimmer spoke at a panel discussion at the University of California, Berkeley, on Friday. He was one of several panelists who called on Google to make a stronger privacy commitment as it develops the Google Books service.
Read more on PC World.
Michael Zimmer has posted a draft of the talk he gave as well as his slides on his blog, here.
Yes. Youse gotta problem wit dat?
Is "Good Enough" the Future of Technology?
Posted by Soulskill on Saturday August 29, @02:08AM from the seems-to-work-for-the-movie-industry dept.
"In an article titled 'The Good Enough Revolution: When Cheap and Simple Is Just Fine,' Wired claims that the future of technology, warfare and medicine will be filled with 'good enough' solutions; situations where feature-rich and expensive products are replaced with bare-bones infrastructures and solutions. 'We now favor flexibility over high fidelity, convenience over features, quick and dirty over slow and polished. Having it here and now is more important than having it perfect. These changes run so deep and wide, they're actually altering what we mean when we describe a product as "high-quality."'"
(Related) but rather simplistic...
What technology tells us about society
by Matt Asay August 28, 2009 8:10 AM PDT
Twitter has become an excellent way to quickly scan headlines. It's terrible at just about everything else. It's hard to have a coherent discussion in 140-character soundbites, and even harder when the architecture of Twitter is set to "broadcast" rather than "discourse." But maybe, just maybe, Twitter's not to blame. We are.
After all, Twitter is simply a creation of our society, and reflects our priorities.
Not all of society, of course. After all, as The New York Times reported, teenagers, usually technology's early adopters, hardly use Twitter at all, with only 11 percent of people aged 11 to 17 using the service. They are, however, heavily into Facebook, preferring to share with friends rather than talk at strangers.
A generational thing?
Perhaps. But I think the technology we build and use says a lot about society.
Oooo! I like it!
Crime Expert Backs Call For "License To Compute"
Posted by ScuttleMonkey on Friday August 28, @06:08PM from the natural-selection-working-just-fine dept.
The Cable Guy writes to mention that Russel Smith, one of Australia's principal criminologists, is pushing for first-time computer users to be required to earn a license to browse the web.
"The Australian Computer Society launched computer driver's licenses in 1999. It aimed to give users a basic level of competency before they started using PCs. But the growth in cybercrime has led to IT security experts such as Eugene Kaspersky to call for more formalized recognition of a user's identity so they can travel the net safely. Last week Dr. Smith sat in front of a Federal Government Inquiry into cybercrime and advised Australia's senior politicians on initiatives in train to fight cybercrime. He said that education was secondary to better technology solutions." [This is incredibly illogical... “Let's build a device but not teach people how to use it!” Bob]
Monopolies are good? Perhaps the rule should be “Subscribers get to choose their provider?”
Court of Appeals Rejects FCC's Cable Subscriber Cap
Posted by Soulskill on Friday August 28, @06:59PM from the pack-'em-in dept.
"The US Court of Appeals Friday threw out the FCC's cap on the number of cable subscribers one operator can serve, saying the FCC was 'derelict' in not giving DBS its due as a legitimate competitor. 'We agree with Comcast that the 30% subscriber limit is arbitrary and capricious. We therefore grant the petition and vacate the Rule,' said the court, which concluded that there was ample evidence of an increasingly competitive communications marketplace and that cable did not have undue control on the programming pipeline. The FCC commissioner's statement (PDF) is available online."
Breaking News! I am not on this list!
August 28, 2009
Federal Reserve Board Must Release Bank Bailout Info to News Organizations
Reporters Committee for Freedom of the Press: "The string of FOIA lawsuits for release of records of the government's emergency lending programs finally saw its first victory Monday. The Federal Reserve Board must release to Bloomberg News records identifying the financial firms it loaned bailout funds to as well as the assets or amounts put up as collateral, the news agency reported. Chief Judge Loretta Preska in Manhattan federal court issued the first ruling requiring disclosure in a handful of suits in New York federal court brought separately by Bloomberg, Fox News and the New York Times. Bloomberg reported that she rejected the argument that the records were exempt from release under FOIA because they might harm the competitive advantage of the borrowers."
This is filed under Humor, but we know better!
Hilarious New iPhone Commercial
By: Dahlia Rideout
With one University going entirely to eBooks and another to “programed learning” site like this one should prove useful.
All About Online Learning - TheeLearningCoach.com
Online learning has gone from being a curiosity and even something regarded as unreliable to a form of education revered and respected both by teachers and students the world over. As such, it is only appropriate that there are resources which intend to guide people and show them which online providers of education are the best available, or the ones that will suit their specific needs more minutely and accurately.
The opening screen of the blog, then, showcases the most recent sites and products to have been reviewed, whereas the obligatory list of categories is available for you to focus your stay at the site even more.