http://www.databreaches.net/?p=9239
Breach reports decline in 2009, but what does it mean?
December 31, 2009 by admin Filed under Commentaries and Analyses, Of Note
As of today’s date, breach compilations by both the Identity Theft Resource Center and Open Security Foundation indicate that there were fewer breach reports in 2009 relative to 2008. While some of the apparent decrease may be due to two sources used last year not being available online for the second half of this year, the entire decrease cannot be attributed to these two sources.
So why are breach reports down relative to last year? Are more entities now using encryption and safer methods of transporting data leading to a reduced number of breaches or reduced number of breaches that would trigger a breach disclosure? Has the arrest of a number of master cybercriminals put a significant dent in cybercrime? Either would be cause for some celebration. But there are other possible explanations for why breach reports might be down that would not be cause for celebration, such as:
Entities deciding not to report or disclose breaches despite any mandatory disclosure laws because of the cost of notification during these rough economic times;
Entities referring incidents to law enforcement in the partial hope that law enforcement will ask them not to disclose or reveal the breach so as not to interfere with any investigation;
Breaches becoming more sophisticated and entities not even realizing that they have been breached;
The media getting bored with breach reporting and not giving it as much coverage;
2008 may have represented an anomaly, as inspection of OSF’s nifty graphic at the top of their homepage suggests, with breach reports returning to pre-2008 levels in the spring, or;
None of the above.
So… why do you think that breach reports declined in 2009?
“We don't encrypt sensitive data. We don't log access to sensitive data. We don't check for files (even videos) being uploaded to our system. So we sure as heck aren't going to make any effort to protect you! Love, Your Alma Mater”
http://www.databreaches.net/?p=9257
WA: 130,000 at risk after computer breach at EWU
December 31, 2009 by admin Filed under Breach Incidents, Education Sector, Hack, U.S.
Levi Pulkkinen reports:
Following a computer breach earlier in December, Eastern Washington University will be notifying 130,000 current and former students that their identifying information may have been compromised.
While it remains unclear whether any students or alumni have had their identities stolen due to the breach, officials with the Cheney-based university are preparing to mail letters to those put at risk, a spokesman said.
Discovered during an assessment in early December, the breach was found in a system carrying student records dating back to 1987. Current and former students’ Social Security numbers, names and birth dates are stored on the system, which has since been secured.
While investigators found no evidence any information was taken — those behind the breach appeared to be storing video files on the system — those concerned their identities may have been stolen are encouraged to check their credit statements.
Read more on SeattlePI.com.
“Our blustery bluff failed, so we're not gonna play any longer.” (Terrorists/criminals, take note)
“We don't really understand the law, we were just angry” (Child psychologists, take note)
“This was a loser from the git go.” (Voters, take note)
“Can you say, 'Security Theater?'” (Airline passengers, take note)
http://www.pogowasright.org/?p=6724
“Never mind:” DHS drops attempts to subpoena bloggers who posted TSA directive
December 31, 2009 by Dissent Filed under Featured Headlines, U.S.
Chris Elliott has this happy update on the Department of Homeland Security’s attempt to subpoena his records:
The Department of Homeland Security has withdrawn a subpoena that would have required me to furnish it with all documents related to the Dec. 25 TSA Security Directive which was published on my Web site.
The move came after my attorneys were granted an extension on the government request. I also signaled my intent to challenge the subpoena in federal court next week.
Steven Frischling, the blogger at Flying With Fish who also received a subpoena also received an all-clear as he reported on Twitter:
HAPPY NEW YEAR TO ME! TSA’s Dep Chief Counsel for Enforcement just called me to let me know I am in the clear & good to go! Woo Woo #TSAFail
(Related) Or maybe they're just incompetent. But they are always a good source of bad examples.
http://www.pogowasright.org/?p=6733
Another TSA redaction error involving sensitive information
January 1, 2010 by Dissent Filed under Govt, Internet
From Cryptome.org:
The USA Merit Systems Protection Board published an online Opinion and Order which involved a TSA employee. A footnote states:
*The original unexpurgated version of this Opinion and Order contains Sensitive Security Information (SSI) protected by 49 C.F.R. Parts 15 and 1520. Per agreement between the Merit Systems Protection Board and the Transportation Security Administration (TSA), the TSA has redacted all SSI protected by 49 C.F.R. Parts 15 and 1520 from this version so that it can be made available to the public.
The SSI redactions were made in an insecure manner and could be easily removed.
As it has done in similar situations, Cryptome provides the unredacted version.
[NOTE: If you go to the website http://cryptome.org/0001/tsa-ssi-02.htm and copy the redacted document to your word processor, the redactions are removed. This is covered in both my Word Processing and Intro to Security classes. Bob]
Ah man, why didn't I think of this business model? (Instead of the NSA)
Underground Services Let Virus Writers Check Their Work
By Brian Krebs December 31, 2009 2:50 pm
I have often recommended file-scanning services like VirusTotal and Jotti, which allow visitors to upload a suspicious file and scan it against dozens of commercial anti-virus tools. If a scan generates any virus alerts or red flags, the report produced by the scan is shared with all of the participating anti-virus makers so that those vendors can incorporate detection for the newly discovered malware into their products.
… Enter upstart file-scanning services like av-check.com and virtest.com, which bank on the guarantee that they won’t share your malware with the anti-virus community.
For $1 per file scanned (or a $40 monthly membership) av-check.com will see if your file is detected by any of 22 anti-virus products, including AVAST, AVG, Avira, BitDefender, NOD32, F-Secure, Kaspersky, McAfee, Panda, Sophos, Symantec and Trend Micro.
What happens when a company that insists on staying 'old school' pushes a 'newer school' company too far?
http://news.cnet.com/8301-1023_3-10423304-93.html?part=rss&subj=news&tag=2547-1_3-0-20
Time Warner Cable shows subscribers how to cut cord
by Peter Kafka, AllThingsD December 31, 2009 5:30 PM PST
The nightmare scenario for cable companies is that customers drop their TV subscriptions and grab their video directly from the Web, turning the cable guys into mere providers of "dumb pipes."
But here's a comprehensive set of instructions from a big cable company showing its customers how to do just that. It suggests that they head to the likes of Hulu, Fancast, or "any search engine"--weird for it not to call out Google, no?--to find their favorite shows.
Time Warner Cable's instructions on "How to Connect Your PC to Your TV" can be accessed by clicking on the image at the bottom of this post. And here's a helpful video (sorry for the clumsy screen grab; the video kicks in at about the five-second mark, and there's some unpleasant coughing around 2:30. Yikes!):
The instructions (Time Warner Cable promised to provide them last week) are part of the company's game of chicken with News Corp.'s Fox, which is supposed to come to a head Thursday night. If you believe the posturing so far, Fox and its associated cable channels (Fox News, FX, etc.) will disappear after midnight because the two sides can't agree on a new rate.
For the Criminal Justice students
http://www.bespacific.com/mt/archives/023152.html
December 31, 2009
New on LLRX.com - Google Scholar: A New Way to Search for Cases and Related Legal Publications
Google Scholar: A New Way to Search for Cases and Related Legal Publications - Courtney Minick and David Tsai provide an overview of the new features Google Scholar provides for the legal research market.
[From the article:
Searches are conducted the same exact way you would conduct a search on Google.com. That is, there is no need for Boolean connectors anymore if you don't want to use them, and you still might get the exact case you're looking for. This article gives an overview on the new features Google Scholar provides for the legal research market.
For my data mining and analysis students. Blogs, Linkedin and nings.
http://www.bespacific.com/mt/archives/023144.html
December 31, 2009
Harnessing Free-Flowing Competitive Intelligence Through Social Media Sites
Harnessing Free-Flowing Competitive Intelligence Through Social Media Sites: "For competitive intelligence research purposes, traditional Web sites (read Web 1.0) have offered a range of valuable information for those seeking to get a leg up on the competition. But that information has had its limits—enter a new breed of Web resources that break out of the traditional information boundaries." Greg Lambert is Library & Records Manager at King & Spalding in Houston, TX.
For potential students. We offer degrees in 5 of the 6.
http://www.computerworld.com/s/article/345529/6_hottest_skills_for_2010
6 hottest skills for 2010
A slowly reviving economy will have organizations hiring in a few key areas, looking for IT pros with a mix of skills
By Mary Brandel December 29, 2009 06:00 AM ET
1. Programming/Application Development
2. Help Desk/Technical Support
3. Networking
4. Project Management
5. Security
6. Business Intelligence
For my website class. They don't have everything yet – at least I can't find “We don't need no stinking badges” – but they have a lot!
http://www.makeuseof.com/dir/movieclips-watch-free-movie-clips/
MovieClips: Share & Watch Free Movie Clips
By TehseenBaweja on Dec. 24th, 2009
No comments:
Post a Comment