Cyberthieves find workplace networks are easy pickings
Byron Acohido provides a write-up of some of the TJX and Heartland Payment Systems incidents that emphasizes the point that many hacks go undetected or unnoticed — and that cyberthieves often take considerable time to start and continue stealing data:
Companies, understandably, rarely discuss data breaches. However, proof that data thieves are targeting hundreds of organizations using similar approaches to breach networks comes from Verizon Business, a division of Verizon Communications that sells consulting services to other corporations. Since 2004, Verizon has dispatched forensic specialists to conduct CSI-like probes of nearly 600 cases of corporate data theft.
In the vast majority of those cases, investigators discovered thieves routinely took days after initially penetrating a network to locate and break into valuable databases. And most often, the intruders spent weeks to years extracting data before being discovered.
“It’s one of the more shocking statistics we’ve run across,” says Verizon principal researcher Wade Baker. “The length of time it takes an organization to discover that data is leaving is often five to six months” after the initial breach.
That pattern suggests “many organizations right now have breaches they don’t know about and won’t discover for some time to come,” says Baker.
Read more on USA Today.
Political Rule # 4: “In the end, you can't tell one party from another.”
Round-Up of Reactions to PATRIOT Vote
Kevin Bankston of EFF provides a round-up of reactions to the Senate Judiciary Committee’s vote on a bill reauthorizing portions of the PATRIOT Act that were set to expire this year:
Yesterday, as the Senate Judiciary Committee voted to recommend and send to the Senate floor a USA PATRIOT Act renewal bill lacking critical civil liberties reforms, EFF’s reaction was much the same as Senator Feingold’s, as he expressed in his post-vote blog post at Daily Kos.
Feingold, one of only three Democrats to vote against the bill and a sponsor of the PATRIOT reform bill the JUSTICE Act, was left scratching his head over how a Democratic super-majority with a Democratic Administration could so thoroughly fail at reforming the PATRIOT Act, a law long maligned by Democrats as an affront to civil liberties. [Political Rule #407.b “Never fix anything you can blame the other party for.” Bob] He closed by posing a choice to his Democratic colleagues: “In the end…Democrats have to decide if they are going to stand up for the rights of the American people or allow the FBI to write our laws.”
However, the biggest disappointment of all yesterday was the Obama Administration itself. Of the seven amendments to water down the bill’s civil liberties protections that were offered by the Committee Republicans, at least five of them were recommended by Obama’s Justice Department. As one anonymous Democratic staffer told the New York Times, the amendments “were a verbatim transfer of the text of amendments the Obama administration had privately sent to Congress on Wednesday.”
Read more on EFF.
Ah, that explains a lot. Big Brother owns the phone companies...
Telephone Company Is Arm of Government, Feds Admit in Spy Suit
By Ryan Singel October 8, 2009 8:24 pm
The Department of Justice has finally admitted it in court papers: The nation’s telecom companies are an arm of the government — at least when it comes to secret spying.
… The feds argued that the documents showing consultation over the controversial telecom immunity proposal weren’t subject to the Freedom of Information Act since they were protected as “intra-agency” records: [“See, we was really just talking to ourselves. ...and buying ourselves dinner. … and taking ourselves on golf outings. ...and contributing to our reelection.” Bob]
Canada: New decision on warrantless access to ISP customer data
David Fraser writes:
A friend just provided me with a copy of a recent decision of the Ontario Court of Justice considering the admissibility of information obtained without a warrant from the suspect’s internet service provider, Bell. R. v. Cuttell is not on CanLii yet, but I’ve put a copy here.
The Court concluded there is a reasonable expectation of privacy in your account records, but this expectation can be destroyed by your ISP if their service agreement grants them wide latitude to hand over customer information. The judge accepts that a broadly-worded statement in Bell’s contract with the customer might supplant the reasonable expectation of privacy. (I would also question whether a form contract that the customer likey has not read would be enough to mean that subjectively there is no reasonable expectation of privacy.)
In this case, there was no proof brought by the police that the Bell contract applied to this customer so a Charter breach was found.
Read more on Canadian Privacy Law Blog.
Related: The debate about warrantless access to ISP customer information on Slaw and Fraser’s commentary.
(Related) Hint! Hint! My Forensic students better find a way to work this into our discussion...
2 People Died In A Sweat Lodge Last Night. And Deleted Tweets Have Surfaced.
by MG Siegler on October 9, 2009
Last night, at a retreat in Arizona, two people died and another 19 had to be hospitalized after something went horribly wrong at a sweat lodge. Normally, such a story, while interesting, wouldn’t be right for TechCrunch. But there’s a tech angle here.
Apparently, the man who rented the place and threw the retreat, author James Arthur Ray, is also an avid Twitter user. And yes, during the night of the incident he was tweeting about it. Ray later deleted those tweets and all the tweets about the retreat. But, as Mark Maunder discovered, they’re still available in Twitter search. And a couple are pretty interesting:
… The fact that these tweets still exist in Twitter Search is very interesting. Twitter recently updated its terms of service agreement, making it very clear that “your tweets belong to you.” But that ownership for whatever reason, be it technical or otherwise, doesn’t fully extend to the point that when you delete a tweet, it is gone forever.
This could become amusing...
FCC To Probe Google Voice Over Call Blocking
Posted by Soulskill on Friday October 09, @07:15PM from the keep-your-eye-on-the-ball dept.
Over the past few months, we've been following the FCC's inquiry into Apple and AT&T after they rejected Google Voice from the App store. A couple weeks ago, AT&T did their best to deflect the FCC by dangling a shiny object in front of them — the use of Google Voice to block calls. It now appears the FCC has taken the bait, as they've sent an official inquiry to Google asking why the service restricts connections. "In its letter, the FCC asked Google to describe how its calls are routed and whether calls to particular numbers are prohibited. It also asks for information on how restrictions are implemented, how Google informs customers about those restrictions, whether Google Voice services are free, and if Google ever plans to charge for them in the future." Richard Whitt has already posted a brief explanation on Google's Public Policy blog. "The reason we restrict calls to certain local phone carriers' numbers is simple. Not only do they charge exorbitant termination rates for calls, but they also partner with adult sex chat lines and 'free' conference calling centers to drive high volumes of traffic." The FCC also received a push from members of the House of Representatives on Wednesday.
For my Computer Security students. This is what you must secure...
Report: Two of every five of workers telecommute
by Lance Whitney October 9, 2009 12:50 PM PDT
… More than 38 million people, or 37 percent of the total U.S. workforce, work from home at least once a month, according to the report "Telework and the Technologies Enabling Work Outside Corporate Walls" released Thursday by the Consumer Electronics Association.
The CEA survey found that among telecommuters, 98 percent use computer technology, such as PCs and printers; 90 percent use communications equipment, including cell phones and fax machines; and 75 percent use accessories, such as surge protectors and docking stations.
Am I reading this correctly? Is Microsoft about to install Office on every computer exactly like it installs Internet Explorer? What are they thinking?
Microsoft Ditching Works for Ad-Supported Office Starter 2010
Thursday, October 08, 2009 - by Michael Santo
Microsoft Works, which is frequently offered as part of new PCs, is about to meet its end. Instead, in an interesting move, Microsoft announced it will allow OEMs to install the entire Office 2010 Suite on new PCs in a free, ad-supported form, but with much functionality disabled unless an activation key is purchased.
… This software, of course, will come pre-installed on new PCs. For those with older systems, Microsoft will sort of stream Office 2010 to their PCs when required using Click-To-Run, a new technology, which the company unveiled in the July invitation-only Technical Preview of Office 2010. It downloads the essential pieces you need for the task at hand, and does the rest in the background.
The computer auditors are finally speaking up. I wonder if anyone in this country will bother to have this article translated from the Canadian?
Open Source Could Have Saved Ontario Hundreds of Millions
Posted by Soulskill on Saturday October 10, @12:06AM from the proprietary-pocket-change dept.
Platinum Dragon writes
"Ontario's auditor-general released a blistering report this week detailing how successive governments threw away a billion dollars developing an integrated electronic medical record system. This CBC article highlights an open source system developed at McMaster University that is already used by hundreds of doctors in Ontario. As one of the developers points out, 'we don't have very high-priced executives and consultants,' some of whom cost Ontario taxpayers $2,700 per day."
The McMaster University researchers claim their system could be rolled out for two percent of the billion-dollars-plus already spent on the project. The report itself (PDF) also makes note of the excessive consultation spending: "By 2008, the Ministry’s eHealth Program Branch had fewer than 30 full-time employees but was engaging more than 300 consultants, a number of whom held senior management positions."
Interesting that they noticed what the Streisand Effect was doing to them and backed down.
Ralph Lauren admits it needs Photoshop lessons
by Chris Matyszczyk October 9, 2009 1:11 PM PDT
… Ralph Lauren has gurgitated a mea gulpa: "For over 42 years we have built a brand based on quality and integrity. After further investigation, we have learned that we are responsible for the poor imaging and retouching that resulted in a very distorted image of a woman's body."
Stunning! WATCH THE VIDEO DEMO! My website students will all look like Michelangelo!
PhotoSketch picture software wins plaudits
An image manipulation tool built by a group of Chinese students has taken the internet by storm.
By Claudine Beaumont, Technology Editor Published: 3:18PM BST 06 Oct 2009
PhotoSketch, which transforms basic stick-figure drawings in to a photograph, has been described by technology website Mashable as "mind blowing".
Think of this as a personal alibi generator!
LogEarth.net - Keep Track Of Your Position
… This site gives you all the information you need to know … to help you out when it comes to tracking your movements using a GPS logger.
Interesting freebie from ISACA. Governance, Risk & Compliance seminar online. (You need to register)
GRC & IT Virtual Seminar
ISACA and SearchCompliance.com have teamed up to present a free one-day virtual seminar (Tuesday, November 3rd.) demystifying GRC and IT frameworks. Join us for this unique opportunity to network with hundreds of like-minded auditors, IT strategists and business leaders.