http://www.databreaches.net/?p=10573
Wickenburg Unified School District struggles to secure sensitive student data
March 10, 2010 by admin
Pat Kossan reports that data security in the Wickenburg Unified School District was found seriously lacking in a state audit:
Wickenburg Unified School District has not secured its computer system containing sensitive student data, including student addresses, birth dates and Social Security numbers, state auditors found.
Staffers from the Arizona Office of the Auditor General originally went to Wickenburg to determine why its 2008 administrative costs were 10 percent higher than similar districts.
But the most unnerving part of their report, released last Friday, has less to do with the district’s money problems and more to do with potential problems with student privacy. Among the issues auditors noted:
The district’s network was accessible to unauthorized users, putting the data in jeopardy of being stolen, changed or deleted.
Employees who didn’t need access had it anyway, including a custodian and a groundskeeper.
Backup servers with student data were kept in an unlocked room with an unlocked window.
Read more in the Arizona Republic.
Again, guessing how many records were taken/exposed makes you look (even more) incompetent. Would any bank be this uncertain about the amount of your loan?
http://www.databreaches.net/?p=10582
(update) HSBC: Data theft incident broader than first thought
March 11, 2010 by admin
Two reports out yesterday indicate that the theft of HSBC client data was bigger than initially reported, but the reports differ as to how big it really was.
Jeremy Kirk reports:
HSBC said Thursday about 15,000 accounts of its Swiss private banking unit were compromised after an employee allegedly stole data, some of which ended up in the hands of French tax authorities.
The latest figure is sharply higher than the one the bank gave in December, when HSBC said the number of account records taken was less than 10. HSBC said it does not think the records could be used to access an account.
The data was allegedly stolen by a former IT employee about three years ago, HSBC said. The employee left Switzerland, and French authorities ended up with the files, which were then passed to the Swiss Federal Prosecutor. French authorities had been investigating up to 3,000 people thought to be avoiding taxes.
Read more on Computerworld.
Meanwhile, Frank Jordans of the Associated Press reports that HSBC said it was 24,000 clients whose data were stolen.
Not all hacks are to steal Identities. I wonder if the logs show who he deleted (or failed to add)
Former TSA Analyst Charged With Computer Tampering
Posted by samzenpus on Wednesday March 10, @10:19PM
angry tapir writes
"A Transportation Security Administration analyst has been indicted with tampering with databases used by the TSA to identify possible terrorists who may be trying to fly in the US. If convicted, he faces 10 years in prison."
[From the article:
He was expected to make his initial appearance in federal court in Denver Wednesday.
1) Low tech governments can buy most of this stuff on the Internet. 2) It's not just governments (see next article) NOTE: Their criteria is interesting, if a bit conservative.
http://www.pogowasright.org/?p=8215
Hi-tech governments growing keener on snooping, says report
March 10, 2010 by Dissent
Today’s theme seems to be surveillance. From Out-Law.com:
Western industrial countries are becoming more willing [We can, therefore we must! Bob] to spy on their citizens, according to an analysis of snooping that says that the UK is sixth in a world ranking for electronic state surveillance.
Privacy technology company CryptoHippie has produced its second annual report on surveillance trends and says in it that countries that previously showed restraint in their monitoring of individuals have lost some of that self-control.
“When we produced our first Electronic Police State report, the top ten nations were of two types: those that had the will to spy on every citizen, but lacked ability [and] those who had the ability, but were restrained in will,” it said in its 2010 report. “This is changing: the able have become willing and their traditional restraints have failed.”
Read more on Out-Law.com
Related: The Electronic Police State: 2010 National Rankings
(Related) Tools & Techniques.
New Phone Allows Bosses To Snoop On Staff
Posted by samzenpus on Thursday March 11, @12:21AM
tad001 writes
"The Japanese phone giant KDDI has developed a way to track users movements in fine detail. It works by analyzing the movement of accelerometers, found in many handsets. Activities such as walking, climbing stairs, or even cleaning can be identified, the researchers say. The company plans to sell the service to clients such as managers, foremen, and employment agencies."
[From the article:
For example, the KDDI mobile phone strapped to a cleaning worker's waist can tell the difference between actions performed such as scrubbing, sweeping, walking an even emptying a rubbish bin.
The aim of the new system, according to KDDI, is to enable employees to work more efficiently [They'll have to explain that one to me. Bob] and managers to easily evaluate their employees' performance while away from the office.
"It's part of our research into a total ubiquitous technology society, [Translation: ubiquitous surveillance society. Bob] and activity recognition is an important part of that," said Hiroyuki Yokoyama, head of web data research at KKDI's research labs in Tokyo.
(Related) More data sucked into the Cloud for all to see?
http://www.pogowasright.org/?p=8222
Privacy Protection Needed As Smart Grid Arrives
March 11, 2010 by Dissent
Privacy advocates are warning that “smart meters” intended to precisely measure and control [as in, someone (not just my Hacking 101 students) could shut off my gas and electric? Bob] home electrical consumption could erode the privacy of daily life unless regulators limit data collection and disclosure. In a joint filing this week, the Center for Democracy & Technology (CDT) and the Electronic Frontier Foundation (EFF) urged the California Public Utilities Commission (PUC) to adopt rules to protect the privacy and security of consumers’ energy-usage information. The Samuelson Law, Technology & Public Policy Clinic at UC Berkeley School of Law drafted the comments for CDT.
Smart meters being installed now in California will collect 750 to 3,000 data points a month per household. This detailed energy usage data can indicate whether someone is at home or out, entertaining guests, or using particular appliances. Marketers and others may seek such data. To head off misuse of the information, CDT and EFF urged the California PUC to adopt comprehensive privacy standards for the collection, retention, use and disclosure of consumers’ household energy data.
“In the absence of clear rules, this potentially beneficial smart grid technology could mean yet another intrusion on private life,” said Jim Dempsey, San Francisco-based Vice President of CDT. “The PUC should act now, before our privacy is eroded.”
CDT and EFF argue that utilities collecting detailed information about energy use in the home must specify in advance how they are going to use that data [Very difficult until they can see what the data is telling them. Bob] and must confine their collection to legitimate purposes. Disclosure to marketers or government agencies should be restricted. In addition, utility companies should ensure that consumers have access to their own data, so they can take advantage of innovative energy efficiency services.
“The Smart Grid offers great promise for fighting climate change and improving energy policy, but it can also amass vast amounts of data that reveals intimate details of consumers’ lives,” said Jennifer Lynch, an attorney with the Samuelson Clinic. “Building privacy protections into the Grid from the beginning protects both the environment and consumers from harm.”
The California PUC is conducting a rulemaking proceeding to consider setting policies, standards, and protocols to guide the development of the smart grid system. The stimulus law signed by President Obama in February 2009 included $4.5 billion to modernize the electric grid. The electric utilities’ ongoing smart meter projects are one aspect of this initiative. However, increases in efficiency and economy promised by the Smart Grid need to be measured against the potential privacy risks.
“The data points gathered by advanced energy metering projects will allow the reconstruction of your life: when you wake up, when get home, when you go on vacation. It’s not hard to imagine a divorce lawyer subpoenaing this information, or an insurance company interpreting the data in a way that allows it to penalize customers, or criminals intercepting the information to plan a burglary,” said EFF Senior Staff Attorney Lee Tien. “We must have meaningful rules to protect this extremely sensitive information.”
For the full comments to the California PUC: http://www.eff.org/files/CDTEFFJointComment030910.pdf
For more on California’s smart grid initiative: http://www.cpuc.ca.gov/PUC/energy/smartgrid.htm
For this release: http://www.eff.org/press/archives/2010/03/09
Lee Tien also blogs about this issue on EFF’s site, here.
When should public events be private? If tourists had videotaped this event, it would already be on YouTube. Hard to believe no one had a camera going...
http://www.pogowasright.org/?p=8218
The SeaWorld Killer Whale Death Video and the Right to Privacy
March 10, 2010 by Dissent
Yesterday, I reported on a lawsuit filed by the family of the SeaWorld trainer who was tragically killed during a show. The family does not want video taken of the incident released to the public, but Florida’s open records law would seem to require that they be made available.
Today, Dan Solove blogs about the case over on Concurring Opinions. He seems to think the family has a good case. I’m not sure that I understand how the family even has standing to assert informational privacy claims over someone who is dead and who died publicly, but I think that SeaWorld has a good case to block dissemination. Keep in mind that the video in question is the property of SeaWorld and was taken by their own surveillance cameras. The video was reportedly provided to the state as materials to assist in their investigation (just as a news organization might cooperate by providing tape to investigators), so it’s not the same thing as autopsy photos where the photos (records) were created by the state itself. If news tapes provided to assist the state are generally exempt from the obligation to make copies under public records law, I would think the SeaWorld tape should be treated similarly. But then, I am not a lawyer. Dan is. Go read his analysis, here.
Good thing this guy wasn't a rapist... I wonder where you draw the line?
http://www.pogowasright.org/?p=8236
Customer “Upskirted” at Store Loses Privacy Lawsuit
March 11, 2010 by Dissent
Matthew Heller writes:
A customer at a T.J. Maxx store in upstate New York has lost her lawsuit against the retailer for allowing a man to take photos up her skirt by using her as “human bait” in a sting operation.
Security workers did not warn customers that they were surreptitiously videotaping the man as he visited the store in Watertown, N.Y. Svetlana Van Buren, who sued the parent company of T.J. Maxx for premises liability and invasion of privacy, alleged she “unwittingly became a sex crime victim” by walking into the trap they had set for him.
“TJX knew it, in bushel baskets full, that this was a bad guy who was preying on women in their store,” Van Buren’s attorney told a Jefferson County Supreme Court jury. She was seeking at least $75,000 in damages.
[...]
But after a three-day trial, the jury cleared TJX Companies of any liability.
Read more on OnPoint.
This should be amusing...
http://www.bespacific.com/mt/archives/023718.html
March 10, 2010
Connecticut AG Sues Credit Agencies For Tainted Ratings That Enabled Financial Meltdown
News release: "Attorney General Richard Blumenthal today sued two of the nation’s largest credit rating agencies -- Moody’s and Standard & Poor’s -- for knowingly assigning tainted credit ratings to risky investments backed by sub-prime loans. Blumenthal said Moody’s and S&P’s alleged misconduct enabled the worst economic downturn in the nation since The Great Depression. The lawsuits, unique and unlike others filed on behalf of specific investors or pension funds, are sovereign enforcement actions brought under the Connecticut Unfair Trade Practices Act."
Zillman collects lists of useful websites. Great for research if you can sift through the haystack.
http://www.bespacific.com/mt/archives/023709.html
March 10, 2010
New on LLRX.com: The Web Guide for the New Economy
New on LLRX.com: The Web Guide for the New Economy - This guide by Marcus P. Zillman showcases the latest world wide web resources for discovering new knowledge on and understanding about developments with regard to the New Economy. The rapid changes in government transparency policies have resulted in the release of large volumes of data pertinent to researchers that public, advocacy and corporate entities are publishing to the web.
This might be a fun project for my students.
http://www.killerstartups.com/Comm/phonebooth-com-implementing-a-cloud-phone-system
Phonebooth.com - Implementing A Cloud Phone System
Simply put, Phonebooth is a cloud phone system that will let freelancers and small businesses implement an advanced phone system. This will give any organization a more professional outlook, as a business phone number that comes complete with advanced call routing can be implemented at no cost to begin with. A paid version is also available in order to accommodate escalating demands, and that includes support for HD office phones, conference calling and detailed call records.
Furthermore, a version of this service which is particularly aimed at mobile phone users is available. Much like the other incarnation of the service (IE, the one for offices) this will let any individual have a separate business number that he can give out instead of his personal number. It’s like having an independent number only for business matters.
When all is said and done, this service caters for a need which every budding businessman faces daily: the projection of a more professional image. And since the service is so comprehensive, it can also be counted upon as things prosper and the company begins expanding itself.
Interesting idea. I might need a mobile device after all...
http://news.cnet.com/8301-19882_3-10467398-250.html?part=rss&subj=news&tag=2547-1_3-0-20
Springpad bookmarks the world
by Rafe Needleman March 10, 2010 5:06 PM PST
Springpad is a cool little utility to bookmark things you find on the Web and in the real world as well.
When you're on the Web site, it's very easy to create a new free-form note or to-do item. If you're typing in a name of a product or business (like a movie, the model name of a camera, or a restaurant), Springpad will probably identify it as you're typing and create a note with specific items info for the category it fits in. There's also a bookmarklet that makes it fast to save an item from a Web page, providing the site you're on is recognized by the app. I found that products on Amazon pages were picked up appropriately, but when I tried to save a product from CNET reviews pages they were just saved as Web bookmarks, not products.
Things you save can be flagged as "wants" or "haves" and can be shared with your buddies on the service or on your other social networks. You can also see what friends are sharing (see also: Blippy).
The product has special powers on the major recipe sites like Epicurious and the Food Network. It will analyze the text and save the ingredients in a separate field. The app is also getting integrated to some food sites themselves, like Wine Library TV, so when you want to save something there it can park it on a Springpad list (I couldn't find the integration, though).
No comments:
Post a Comment