Tuesday, January 12, 2010

I don't know why anyone would expect recovery services to be more virtuous than any other service – all should be covered by very clear contracts, shouldn't they? Get references? Make sure they're Bonded? Develop in-house expertise?

http://www.databreaches.net/?p=9379

Recovery firms may steal your data

January 11, 2010 by admin Filed under Commentaries and Analyses, Subcontractor

Judi Hasson reports:

A new survey finds that data-recovery services are responsible for a growing chunk of privacy breach incidents. It’s not really a surprise. An outside vendor contracted to repair your computer may not have the security mechanisms in place to prevent a theft. Or the company may have IT workers willing to dip into the database for their own purposes.

The Ponemon Institute surveyed 636 information technology professionals who had used data-recovery services or knew about them. Nearly 20 percent responded that they experienced a data breach when they hired a third-party data-recovery firm.

Read more on FierceCIO



Interesting, but are the fines big enough to have any effect? Will the maximum fine ever be invoked? Is there anything new here?

http://www.databreaches.net/?p=9389

UK: Data breaches to incur up to £500,000 penalty

January 12, 2010 by admin Filed under Breach Laws, Non-U.S.

New powers, designed to deter personal data security breaches, are expected to come into force on 6 April 2010. The Information Commissioner’s Office (ICO) will be able to order organizations to pay up to £500,000 as a penalty for serious breaches of the Data Protection Act. The ICO has produced statutory guidance about how it proposes to use this new power, which has been approved by the Secretary of State for Justice, and has been laid before Parliament today.

When serving monetary penalties, the Information Commissioner will carefully consider the circumstances, including the seriousness of the data breach; the likelihood of substantial damage and distress to individuals; whether the breach was deliberate or negligent and what reasonable steps the organization has taken to prevent breaches.

… For a data breach to attract a monetary penalty the Information Commissioner must be satisfied that there has been a serious breach that was likely to cause damage or distress and it was either deliberate or negligent and the organisation failed to take reasonable steps to prevent it.

Example – damage
Following a security breach by a data controller financial data is lost and an individual becomes the victim of identity fraud.
Example – distress
Following a security breach by a data controller medical details are stolen and an individual suffers worry and anxiety that his sensitive personal data will be made public even if his concerns do not materialise.
Example – deliberate
A marketing company collects personal data stating it is for the purpose of a competition and then, without consent, knowingly discloses the data to populate a tracing database for commercial purposes without informing the individuals concerned.

The guidance can be downloaded from the ICO website at http://www.ico.gov.uk/upload/documents/library/data_protection/detailed_specialist_guides/ico_guidance_monetary_penalties.pdf.

Source: Information Commissioner’s Office



This seems to match my observations. Will these anti-virus companies become more valuable or should I invest in the dark side?

http://www.bespacific.com/mt/archives/023233.html

January 11, 2010

Panda Security Publishes Virus Yearbook 2009

Annual Report PandaLabs 2009

  • "The last 12 months really have marked a turning point in the history of IT security. This has been for several reasons, yet without doubt the main one has been the way in which criminal organizations have consolidated underground business models. In 2009, hackers have made more money than in any previous year, underlined not least by the total number of new and different malware samples received by PandaLabs throughout the year, exceeding by far the forecasts we made in 2008. At time of writing, there are over 40 million malware samples in our Collective Intelligence system, and we are still receiving an average of 55,000 new samples every day. This trend, which began in 2008 and has been consolidated in 2009, will continue to determine the daytoday activity of anti-malware laboratories during 2010...In this report we will take a look at how malware is evolving worldwide and we will try to analyze the main trends of 2010. Without revealing too much, let’s just say the future doesn’t look too bright."



Is this an abuse of monopolistic power or just a demonstration of who benefits from whom? Lesson to be learned: Be careful of the threats you issue, someone might think you are serious.

http://www.techcrunch.com/2010/01/11/google-news-pulls-ap/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29

Foxy Tactics: Google News Pulls The AP’s Content As Contract Comes Up For Renewal

by Erick Schonfeld on January 11, 2010

Through much of last year, the Associated Press threw public barbs and veiled threats at Google, while in private it was renegotiating its licensing agreement with Google News. That agreement is believed to be up for renewal at the end of this month, yet no new AP stories have appeared directly on Google News since December 23, 2009. (AP stories licensed by other news sites such as ABC News or the New York Times do continue to appear, however).

… What’s going on here reminds me of what News Corp does to Time Warner Cable every four years or so when the contract for all the Fox television channels comes up. Fox threatens to pull its channels in a very public manner, and then at the eleventh hour a deal is struck, just like what happened on New Year’s. Google is trying its own Foxy negotiating tactic here. It is showing the AP in a very visible way what will happen if Google News no longer carries AP stories, and they are doing this before the negotiations are up so that the AP can measure the loss in readership that Google News brings.



Don't be too hard on the TSA, it's clear they have no idea what's going on in their own Agency. Remember, they aren't there to stop terrorists (the “Christmas bomber” and the TSA never crossed paths), they are there to provide “security theater” so Congress can show they “Did Something.”

http://www.bespacific.com/mt/archives/023228.html

January 11, 2010

EPIC Posts TSA Documents on Body Scanners

Follow up to previous postings on government implementation of whole body scanning technology at airports, news that EPIC has posted more than 250 pages of documents it obtained in a Freedom of Information Act lawsuit concerning body scanners. The documents, released by the Department of Homeland Security, reveal that Whole Body Imaging machines can record, store, and transmit digital strip search images of Americans. This contradicts assurances made by the TSA. The documents include TSA Procurement Specifications, TSA Operational Requirements, TSA contract with L3, TSA contract with Rapiscan (1), and TSA contract with Rapiscan (2). The DHS has withheld other documents that EPIC is seeking."



Interesting stuff, if true.

http://www.techcrunch.com/2010/01/11/rumpus-facebook-privacy/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29

Purported Interview With Facebook Employee Details Use Of ‘Master Password’

by Jason Kincaid on January 11, 2010

Earlier today, The Rumpus published a very revealing interview with someone claiming to be a Facebook employee. The interview covers a variety of subjects, including privacy restrictions at the world’s largest social network and some of the technological hurdles the site has to deal with. The biggest revelations? That Facebook collects more data about your habits than you may realize, and that there was once a ‘master password’ that would grant employees access to anyone’s Facebook profile — a password that some employees abused.



Because the government always knows best, and us second class citizens need to be treated like the “intellectually challenged.”

http://www.bespacific.com/mt/archives/023231.html

January 11, 2010

CBO: Estimated Premiums for "Bronze" Coverage Under the Patient Protection and Affordable Care Act

Estimated Premiums for "Bronze" Coverage Under the Patient Protection and Affordable Care Act, Letter to the Honorable Olympia Snowe, January 11, 2010

  • "This letter responds to your request for additional information about expected premiums under that proposal for policies that would meet the minimum requirements necessary to avoid paying a penalty for not having insurance. As a rule, individuals would be required to have a policy covering the “essential benefits” specified in the legislation and having an actuarial value of at least 60 percent in order to avoid such a penalty. (A plan’s actuarial value is the share of costs for covered services that it would pay, on average, with a broadly representative group of people enrolled.) That minimum level of coverage is designated as a “Bronze” plan."

[From the report:

Overall, CBO estimates that premiums for Bronze plans purchased individually in 2016 would probably average between $4,500 and $5,000 for single policies and between $12,000 and $12,500 for family policies.



A most intriguing (and profitable?) hack. Think of the Dark Side using this to change Safe.Site.com to Evil.Site.com when you click... (Hey, I'm from New Jersey. We know what “vig” is...)

http://news.cnet.com/8301-19882_3-10433077-250.html?part=rss&subj=news&tag=2547-1_3-0-20

VigLink monetizes your pages quietly

by Rafe Needleman January 12, 2010 5:00 AM PST

VigLink, now in private beta, is an interesting product that monetizes Web pages by automatically changing ordinary hyperlinks into affiliate links when they are clicked.

Many online merchants, Amazon.com being the best-known, have affiliate programs that pay referring sites for visitors when their browsing leads to a purchase. In many cases, even if the purchase occurs on a visit days after the user first clicked over to the site, the referring site can still get an affiliate payment. So it's financially in the interest of any content site to use affiliate coding in links to commerce sites.

VigLink, which can be enabled on any site by adding simple Javascript to the site's template, automatically converts links to commerce sites that are already on a site into properly-coded affiliate links--but only when they're clicked, so they don't look different when users hover over the links.



Useful Hacks

http://howto.wired.com/wiki/Get_Rid_of_Windows_Genuine_Advantage_Notifications?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Index+3+%28Top+Stories+2%29%29

Get Rid of Windows Genuine Advantage Notifications



I had not understood how businesses used Twitter. Now I get it. They are skimming at the margins! This is not the technology to grab 80% of the market; rather it trys to work with the remaining 20%.

http://www.makeuseof.com/tag/10-innovative-ways-to-use-twitter-for-business/

10 Innovative Ways To Use Twitter For Business

By Andra Picincu on Jan. 9th, 2010

Increasingly more companies use Twitter for business – to do market research, do brand advocacy and reputation management and provide selected highlights from a conference or event. Twitter allows them to expand their brand and thus generate new opportunities.

In this article, Mahendra shows you how you can integrate Twitter into your Powerpoint presentation and receive instant feedback. [ARGH! Bob] Steven has written about using hashtags effectively. And also, you can learn more about Twitter Lists to follow people more closely.



Serious stuff here in Colorado. Just knowing you can dial 112, 999 and 911 might save your life.

http://www.makeuseof.com/tag/how-to-survive-in-the-wilderness-using-your-mobile-phone/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Makeuseof+%28MakeUseOf.com%29

How To Survive in the Wilderness Using Your Mobile Phone

By Dean Sherwin on Jan. 11th, 2010

… If you are struggling to get a signal dial ‘112′ – the international number that will connect you to your emergency services. You don’t need to have a signal on your network. All mobile phone masts will allow a phone to connect to their network regardless if it’s registered with another network once the call is to the emergency services.

The myth of not having any signal at all is an internet hoax. You do, just not on your own network’s. Furthermore, the phone’s keypad doesn’t have to be unlocked to facilitate those not familiar with mobile phones and doesn’t even need a sim card.



Oo! Oo! I love lists! Apparently there are at least ten other people in the world who do too.

http://www.makeuseof.com/tag/are-you-a-list-maniac-check-out-these-ten-sites-that-are-about-top-10-lists/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Makeuseof+%28MakeUseOf.com%29

Are You A List Maniac? Check Out These Ten Sites That Are About Top 10 Lists

By Saikat Basu on Jan. 11th, 2010



Another freebie that my website students might find useful – but only if they download it TODAY!

http://www.giveawayoftheday.com/website-x5-smart-7-holiday/

Giveaway of the Day - WebSite X5 Smart 7

No comments: