http://www.databreaches.net/?p=10834
Gonzalez sentenced to 20 years for TJX hack
March 25, 2010 by admin
Albert Gonzalez was sentenced today to 20 years in prison for the TJX hack and breaches involving retailers, a new record in sentencing for hacking.* He faced up to 25 years. He has yet to be sentenced in the Heartland Payment Systems breach, but that sentencing is expected tomorrow, and the sentences are expected to run concurrently under a plea agreement struck between the defense and prosecutors.
Kim Zetter reports:
The sentence for the largest and costliest computer-crime case ever prosecuted is the longest ever imposed in a hacking or identity-theft case. And it is among the longest imposed for a financial crime. It beats out a sentence recently imposed on hacker Max Ray Vision, who received 13 years in prison for similar crimes and was ordered to pay $27.5 million in restitution.
Gonzalez, 28, who dubbed his criminal enterprise “Operation Get Rich or Die Tryin’,” argued in court that his only motive was technical curiosity and an obsession with conquering computer networks. But chat logs the government obtained showed Gonzalez confiding in one of his accomplices that his goal was to earn $15 million from his schemes, buy a yacht and then retire.
Read more on Threat Level.
*So far, the record I’ve seen for sentencing in cases involving ID theft is the 309 year sentence handed out to Robert Thompson.
(Related)
http://www.databreaches.net/?p=10847
Dave & Buster’s Settles FTC Charges it Failed to Protect Consumers’ Information
March 25, 2010 by admin
Entertainment operation Dave & Buster’s, Inc. has agreed to settle Federal Trade Commission charges that the company left consumers’ credit and debit card information vulnerable to hackers, resulting in several hundred thousand dollars in fraudulent charges. Dave & Buster’s operates 53 restaurant and entertainment complexes across the country under the names Dave & Buster’s, Dave & Buster’s Grand Sports CafĂ©, and Jillian’s.
Dave & Buster’s will put in place a comprehensive information security program as a condition for settling the case. This is the FTC’s 27th case challenging faulty data security practices by organizations that handle sensitive consumer information.
According to the FTC, Dave & Buster’s collects credit card numbers and expiration dates from customers in order to obtain authorization for payment card purchases. The agency alleges the company failed to take reasonable steps to secure this sensitive personal information on its computer network. Specifically, it failed to:
Take sufficient measures to detect and prevent unauthorized access to the network.
Adequately restrict outside access to the network, including access by Dave & Buster’s service providers.
Monitor and filter outbound data traffic to identify and block the export of sensitive personal information without authorization.
Use readily available security measures to limit access to its computer networks through wireless access points.
The FTC alleged that, as a result of these failures, a hacker exploited some of those vulnerabilities, installed unauthorized software and accessed about 130,000 credit and debit cards. The banks that issued the cards have claimed several hundred thousand dollars in fraudulent charges.
The settlement requires Dave & Buster’s to establish and maintain a program designed to protect the security, confidentiality, and integrity of personal information collected from customers. It also requires the company to obtain independent, professional audits, every other year for 10 years, to ensure that the security program meets the standards of the settlement. In addition, the proposed settlement contains standard record-keeping provisions to allow the FTC to monitor compliance.
The Commission vote to approve the complaint and proposed consent order was 4-0. An analysis of the proposed consent order will be published in the Federal Register shortly and will be subject to public comment for 30 days, until April 26, 2010, after which the Commission will decide whether to make it final.
… Copies of the complaint, proposed consent agreement, and an analysis of the agreement to aid in public comment are available from the FTC’s Web site at http://www.ftc.gov and also from the FTC’s Consumer Response Center, Room 130, 600 Pennsylvania Avenue, N.W., Washington, D.C. 20580.
Source: FTC
Spring is in the air, and students are in your computer system. Like many similar breaches, they claim to have great security and then state they will make many changes because of the breach.
http://www.databreaches.net/?p=10842
Student Hacks Into Valencia High System
March 25, 2010 by admin
Ah, it’s Spring, and young students’ thoughts turn to hacking….
Jeremiah McDaniel reports on yet another case, this one in California:
A Valencia High School student faces criminal charges for hacking into the school’s network.
The student hacked into the system and made changes to information according Paul Preisz, the school’s Principal.
“The student had access to everything,” [Which can only happen if they secured nothing... Bob] said Priesz. “He [the student] said that he changed things but then he changed them back.” [But we wouldn't know, because we don't bother logging anything. Bob]
The incident occurred on March 9 and, according to Priesz, he was able to gain access to the entire district’s system but only went into the Valencia portion.
Read more on KHTS AM-1220, Hometown Station
Interesting who the “anonymous” poster was. But if the email addresses were the same, was the Judge actually trying to be anonymous? Her daughter claims she did the posting, so did the paper mis-identify her?
http://www.pogowasright.org/?p=8568
Plain Dealer sparks ethical debate by unmasking anonymous poster
March 26, 2010 by Dissent
Henry J. Gomez reports:
By unmasking an anonymous poster at its companion Web site, The Plain Dealer finds itself in an ethical quandary, stirring a debate that balances the public’s need to know against the privacy concerns of online participants.
On one side are experts who believe the newspaper has violated a trust by exploring and revealing information about a critic. On the other are those, including Plain Dealer Editor Susan Goldberg, who believe that information is too important not to see the light of day.
Until this week, “lawmiss” was known only as one of thousands who, often known only by nicknames, share views on news blogs and stories reported at cleveland.com.
But after investigating a comment directed at the relative of a Plain Dealer reporter, editors learned that lawmiss had the same e-mail address as Cuyahoga County Common Pleas Judge Shirley Strickland Saffold. A closer look revealed that the user had offered opinions on three of Saffold’s cases, including the capital murder trial of accused serial killer Anthony Sowell.
Read more on The Plain Dealer. The article contains reaction statements from a number of organizations and individuals.
What do you think? Should the paper have delved into her identity on the basis of her comments? Even if you agree that once the newspaper knew her identity that it was too newsworthy not to reveal, should they ever have been in the position of knowing her identity?
I haven't seen much about this case, but apparently there is some political value in Privacy...
http://www.pogowasright.org/?p=8557
EFF to Press for New Privacy Protections Against Hidden Video Surveillance in Senate Hearing Monday
March 26, 2010 by Dissent
From EFF:
On Monday, March 29, at 10 a.m., the Subcommittee on Crime and Drugs of the U.S. Senate Judiciary Committee will hold a public hearing in the Philadelphia federal courthouse on whether the federal electronic privacy laws need to be updated to better regulate secret video surveillance. Senior Staff Attorney Kevin Bankston of the Electronic Frontier Foundation (EFF) will testify.
Subcommittee Chairman Arlen Specter called the hearing in response to recent allegations that public schools in the Lower Merion School District in Pennsylvania have secretly used webcams on school-issued laptops to visually monitor students while they were in their homes. At Monday’s hearing, Bankston will urge Congress to update the federal wiretapping statute to protect against secret video surveillance in the same way it protects against secret eavesdropping on private conversations. Such a change to the law would clearly require the government to obtain a search warrant before engaging in secret video surveillance of private places and would protect against similar spying by non-government actors, such as stalkers, computer criminals, private schools, [But not Public Schools? Bob] private employers and others.
“It doesn’t make sense that federal law regulates secret eavesdropping but doesn’t equally protect us from secret video surveillance, which can be even more invasive,” said Bankston. “Just as the federal wiretapping statute protects against electronic eavesdropping, it should also protect against secret video recording, whether in the home or in any other place where people have a reasonable expectation that they are not going to be photographed.”
WHO: Kevin Bankston Senior Staff Attorney, Electronic Frontier Foundation
WHAT: “Video Laptop Surveillance: Does Title III Need to Be Updated?” U.S. Senate Judiciary Committee, Subcommittee on Crime and Drugs
WHEN: 10 a.m. Monday, March 29
WHERE: U.S. District Court for the Eastern District of Pennsylvania Courtroom 3B 601 Market Street Philadelphia, PA 19106
For more on the hearing: http://judiciary.senate.gov/hearings/hearing.cfm?id=4492
(Related articles:
http://www.networkworld.com/news/2010/032210-high-school-webcam-follies-part.html
High school Webcam follies, part II: Dumb and dumber
… The two IT admins who had the ability to turn on the cams are on administrative leave pending the outcome of the district investigation (standard operating procedure, says the school district). One of these techs, Mike Perbix (whose voice can be heard in this video bubbling with excitement over the LANrev tracking technology) is cooperating with the investigation. So is the vice principal, Lindy Matsko. However, the other tech, Carol Cafiero, has refused to give a deposition in the case.
According to a report in the Philadelphia Daily News:
....her attorney, Charles Mandracchia, filed a motion yesterday to block her deposition, saying that it was "premature" and "unnecessary."
Mandracchia said that his client does not have access to pertinent documents. He expressed concern that Robbins' attorney, Mark Haltzman, would "ambush her" in a deposition.
… The Inquirer's Joe Tanfani has a great story detailing the history of the case, from the decision to adopt the tracking software (while forgetting to tell anyone about it) to what really happened in the Robbins case. From his account, it sounds like an accumulation of largely well-intentioned-but-brain-dead mistakes. It's worth a read.
[From the Inquirer's story:
In a new twist, sources say administrators decided to talk to Blake Robbins in part because they were worried about a threatening text message to the sophomore captured in their surveillance software.
[Are they now saying they also monitor student text messaging? Bob]
Perhaps China's insistence that companies “do it our way” is just a bit too much?
Dell To Leave China For India
Posted by timothy on Thursday March 25, @05:00PM
halfEvilTech writes
"India's Prime Minister, Manmohan Singh, told the Indian press that Dell chairman Michael Dell assured him that Dell was moving $25 billion in factories from China to India. Original motives were cited for environmental concerns. But later details come up as to dell wanting a 'safer environment conductive to enterprise.'"
Useful teacher stuff...
Screenpresso – A Lightweight Jing Alternative With Advanced Options (Windows Only)
… We have discussed convenient Firefox extensions for screen capturing, as well as desktop programs that facilitate instant uploading to media sharing sites, capturing entire webpages without having to scroll, or just make the Print Screen button archaic.
Jing is a popular choice in the sea of screen-capturing tools, but its image editing tools include only a handful of very basic features.
… In my search for a good alternative to jing that saved me from the latter’s missing features, I basically assaulted about ten free screen-capturing tools inside out, but only Screenpresso came out trumping all others.
… The current lack of video capturing in Screenpresso doesn’t really bother me as I prefer to use the web-based Screencast-O-Matic (review, website) tool that records your screen in unbelievably good quality and requires no signing-up.
For my Statistics students. Also note how closely the cost of a toasted cheese sandwich matches Al Gore's graph of Global Warming.
Or you could just stalk someone else?
http://www.killerstartups.com/Mobile/itag-com-stop-worrying-about-losing-your-smartphone
iTag.com - Stop Worrying About Losing Your Smartphone
There are few things that a true geek could fear more than losing his smartphone. And the truth is that no matter how diligent one is, disaster always strikes sooner or late. And in 9 out of 10 times, it strikes at the worst time you could ever imagine.
The services rendered by this company give everybody the peace of mind of knowing that if his smartphone becomes lost along the way he will be able to locate it easily. Although only Android phones are supported right now, this is meant to change before long
… This is done by installing an application that will pinpoint the location of the mobile by way of its provided GPS. The information can be accessed though the company’s website, and this service on the whole is provided for free.
However, note that a paid incarnation of iTag does exist, and that it will let you perform advanced operations such as deleting the whole memory of the phone by merely clicking a button, and also make it ring in order to find it even quicker.
Well, it's about time!
http://cellphones.org/blog/cell-phone-etiquette/
Cell Phone Etiquette
Posted by: admin on March 25th, 2010 at 1:27am
[I will also show my students these videos:
No comments:
Post a Comment