Saturday, September 04, 2010

Working for a University doesn't make you smart. Even “not for profits” must be run like a business – and security must be managed to AT LEAST Best Practice levels.

College Data Breaches Underscore Higher Ed Security Challenges

September 3, 2010 by admin

Brian Prince reports:

Reports surfaced this week that the University of Virginia fell victim to a cyber-attack that stole nearly $1 million. Unfortunately for administrators at colleges and universities, their institutions are just as vulnerable to data breach woes as enterprises.

According to reports, attackers used malware to steal online banking credentials for accounts belonging to the University of Virginia’s College at Wise and transferred $996,000 overseas. In addition, there were reports last month that student data from six colleges in Florida was inadvertently exposed after a software upgrade.

According to a new report from Application Security, these incidents underscore problems that are all too familiar for higher education institutions. Between 2008 and Aug. 1, 2010, there were some 160 higher educational data breaches. Many of these, the firm said, were caused by problems such as improper access controls, inadequate data security measures and a lack of common sense and best practices for database security.

Read more on eWeek.

Just speculate for a moment. What would make them want to do this?

September 03, 2010

Google says it is simplifying and updating privacy policies

Official Google Blog: "Long, complicated and lawyerly [That's repetitious and redundant. Bob] — that's what most people think about privacy policies, and for good reason. Even taking into account that they’re legal documents, most privacy policies are still too hard to understand. So we’re simplifying and updating Google’s privacy policies. To be clear, we aren’t changing any of our privacy practices; we want to make our policies more transparent and understandable. [I wonder if any law school ever tasked its students with a similar exercise? “Write it like you're explaining it to a jury?” Bob] As a first step, we’re making two types of improvements:

  1. Most of our products and services are covered by our main Google Privacy Policy. Some, however, also have their own supplementary individual policies. Since there is a lot of repetition, we are deleting 12 of these product-specific policies. These changes are also in line with the way information is used between certain products—for example, since contacts are shared between services like Gmail, Talk, Calendar and Docs, it makes sense for those services to be governed by one privacy policy as well.

  2. We’re also simplifying our main Google Privacy Policy to make it more user-friendly by cutting down the parts that are redundant and rewriting the more legalistic bits so people can understand them more easily. For example, we’re deleting a sentence that reads, “The affiliated sites through which our services are offered may have different privacy practices and we encourage you to read their privacy policies,” since it seems obvious that sites not owned by Google might have their own privacy policies..."


Google settles Buzz privacy lawsuit (update 1)

September 3, 2010 by Dissent

Google Inc has settled a lawsuit alleging privacy violations in connection with its Buzz social networking service, according to a court document filed on Friday.


To settle the proposed class action brought by a Gmail user, Google will set aside $8.5 million for attorneys fees and donations to organizations focused on Internet privacy, [They do want a law school to help re-writing their policy. Bob] the court filing said. In addition, “the settlement requires that Google undertake wider public education about the privacy aspects of Buzz,” the document said.

Read more on Reuters.

Update 1: AFP provides some of the financial details on the settlement, here. Google reportedly paid $8.5 million.

Lawyers that filed the class-action suit staked out 30 percent of the settlement money and the seven named plaintiffs were to get no more than 2,500 dollars each, according to court documents.

The rest of the money, which Google is to deposit in a fund, was earmarked for organizations devoted to Internet privacy policy or education.

Cherchez la cash?

Major Battle Brewing Between French Gov't and ISPs

Posted by Soulskill on Friday September 03, @10:36AM

"Drew Wilson has been following HADOPI (France's three strikes law) a lot lately, and the latest developments are that the French ISPs and the French government are edging closer to a full-on war over compensation. The French government apparently requested that ISPs send an invoice of the bills after a certain period of time, but the French ISPs don't feel this is good enough — probably because of worries that the compensation the government will ultimately provide won't be enough. The ISPs are demanding adequate compensation, and if the government doesn't give it to them, they simply will not hand over evidence required to enforce HADOPI law. While HADOPI demands that ISPs cooperate, speculation suggests that if the government takes ISPs to court, the ISPs will simply rely on constitutional jurisprudence to shield them from liability (translation)."


Is Digital Eavesdropping Evil? Depends Which Country Is Doing It (TCTV)

In this week’s episode of Why Is This News, we talk to Harvard Law professor Jon Zittrain, who explains the differences between governments who obey the rule of law, and those who don’t – and why Sarah’s right to criticize the government by email is totally protected, unless she should happen to email it to Paul.

Building law based on the way the market actually functions?

Brazil Considering Legalizing File Sharing

Posted by timothy on Friday September 03, @06:56PM

"It looks like Brazil may be the country to watch if you're interested in much more consumer-friendly copyright laws (assuming US diplomatic pressure doesn't interfere). As that country goes through a copyright reform process, among the proposals is one that would create fines not just for infringing, but also for hindering fair use and the public domain. Also, there is a big push underway, with widespread support — even from some artists groups — to legalize file sharing in exchange for a small levy (~$1.74/month) on your broadband connection. Of course, one reason why Brazil may be doing it this way is because of the massive success the Brazilian musical genre technobrega has had by embracing file sharing as a way to promote new works, and making money (often lots of it) through other avenues, like live shows." [Hear that RIAA? Bob]

What's in a name? That which we call a rose by any other name would smell as sweet. Juliet

Now we have to look under the “Pimps & Ho's Section”

Craigslist Removes Its Controversial Adult Section

Posted by timothy on Saturday September 04, @02:37AM

"The online classified website Craigslist has removed its controversial Adult Services portion of its website. Technology blog TechCrunch was the first to report the section had been blacked out with the word 'Censored.'"

(Related) It's not the porn that concerns them, its the inability to identify the porn consumer?

VISA Pulls Plug On ePassporte, Porn Webmasters

Posted by Soulskill on Friday September 03, @04:40PM

"Credit card giant VISA International has suspended its business with ePassporte, an Internet payment system widely used to pay adult Webmasters and a raft of other affiliate programs. A number of adult Webmaster forums are up in arms over the move because many of their funds are now stranded. Visa has been silent on the issue so far, but points to an e-mail from ePassporte founder Christopher Mallick saying the unexpected move by Visa wouldn't strand customers indefinitely. Mallick co-directed Middle Men, a Paramount film released in August that tells the story of his experience building one of the world's first porn site payment processing firms, as well as the Russian mobsters, porn stars and FBI agents he ran into along the way. Interestingly, the speculation so far is that Visa cut ties with ePassporte due to new anti-money laundering restrictions in the Credit Card Act of 2009, which affects prepaid cards and other payment card instruments that can be reloaded with funds at places other than financial institutions."

Apparently an amicable agreement that will allow the Aussies to keep selling wine in Europe, but what are the new names? We need a wine label to English translator!

Australia Adopts EU's Geographical Indicator System For Wine

Posted by timothy on Saturday September 04, @05:30AM

onreserve writes with an excerpt from a site dedicated to laws affecting wine:

"[L]ast week, Australia signed an agreement with the European Union to comply with the geographical indicator (GI) system of the EU. The new agreement replaces an agreement signed in 1994 between the two wine powers and protects eleven of the EU drink labels and 112 of the Australian GI's. Specifically, this means that many of the wine products produced in Australia that were previously labeled according to European names, such as sherry and tokay, will no longer be labeled under these names. Wine producers in Australia will have three years to 'phase out' the use of such names on labels. Australian labels that will be discontinued include amontillado, Auslese, burgundy, chablis, champagne, claret, marsala, moselle, port, and sherry."

I have always wondered why governments seem to fall back to the oldest technology available. Trains date back to the 1830s and these will look almost (functionally) exactly like them, and bring all the same problems.

Fast Trains to Connect US Cities, Alleviate Highway Congestion

The Obama administration back in January promised $8 billion in funding for cities and states to build high-speed, intercity rail projects.

This week, the Department of Transporation issued its specifications for the manufacture of new fast trains, namely double-decker coach, dining, baggage, and business class passenger rail cars that can travel between 79 MPH and up to 220 MPH.

This is interesting. You can even train it to automatically download embeded podcasts!

How RSS Bandit Can Feed You Everything You Need Online

While most RSS readers are awesome tools for organizing all of the sites that you like to visit online, there are very few that can also incorporate new information or posts from your favorite social networking sites like Twitter or Facebook. RSS Bandit has now added the ability to directly poll your Facebook account for new updates – turning it from a simple RSS Reader into an online life aggregator. So delete all of those other applications you’ve got running in the background, open up RSS Bandit, and let’s roll.

No comments: