Thursday, October 28, 2010

Keeping it “small.” Now that the unknown “Henry Ford of skimmers” has commoditized (by mass producing) the card skimming tools, this fraud seems to offer a steady income with low risk.

Credit card ‘flash attack’ steals up to $500,000 a month

October 28, 2010 by admin

Dan Goodin reports:

Credit card fraudsters may have pocketed as much as $500,000 over the past month by pursuing a new type of attack that exploits a major blind spot in payment processors’ defenses, an analyst said.

The “flash attacks” recruit hundreds of money mules who go to ATMs throughout the US and almost simultaneously withdraw relatively small sums of money from a single compromised account, according to Avivah Litan, vice president at market research firm Gartner, who follows the credit card industry. They then move on to a new account. At the end of the month, the heists can fetch as much as $500,000.

“The resulting cash transactions fly under the radar of existing fraud detection systems — they are typically small amounts that don’t raise any alarms,” Litan blogged on Tuesday.

Read more in The Register.

[From the Gertner blog:

The only successful fraud mitigation strategy I’ve seen that works in practice today, is that once the first round of fraud is discovered, an acquiring processor or a payment network tries to figure out the point-of-compromise for these cards. If that is determined, then all cards that were used at that point of compromise (i.e. breached entity site) are put on a blacklist and are rejected for future use at a point-of-sale or ATM machine. This is obviously a costly measure, since new cards and accounts generally have to be reissued to the customers – plus it can jeopardize customer relationships – but the alternative is far less attractive, i.e. risk having the customer account drained.

Another organization with security managed by “Sargent Schultz.” (I know nothing!) Apparently they don't bother to log activity, which matches nicely with their lack of access security.

Hacker may have accessed database of Louisiana EMTs

October 28, 2010 by admin

Marsha Shuler reports:

Some 56,000 emergency medical technicians were advised this week that a hacker may have gained access to personal information about them contained in a state licensing database.

The state Department of Health and Hospitals sent letters to the emergency medical technicians, notifying them of the incident that occurred Sept. 17.


Department of Health and Hospitals spokeswoman Lisa Faust said Bureau of Emergency Medical Services personnel discovered the database breach. The unauthorized entry gave the hacker access to an individual’s name and personal information, including Social Security numbers.

What we don’t know is whether the hacker was able to access any information,” Faust said.

A computer screen displayed the message “You have been hacked,” Faust said. “Since we don’t know one way or the other we sent notices out to 56,000 people that there’s a potential that the information was compromised.”

Although we have no indication that information was actually released, we know that it was accessed,” Tony Keck, DHH’s deputy secretary, said Wednesday.

Both the East Baton Rouge Parish Sheriff’s Office and the Louisiana Attorney General’s Office are investigating, Keck said.

Read more in 2theAdvocate. I’m a tad confused by what seem to be their conflicting statements as to whether the database was actually accessed.

On an unusual note, the state said notification to EMTs was delayed because the agency had to find the money to cover the cost of printing the letters and stamps.

I guess it pays to be an Obama backer...

FTC to Google re Wi-Fi data capture: case closed

October 27, 2010 by Dissent

The FTC has closed its investigation into the Google Street View wi-fi mess without levying any fines or penalties. A copy of the FTC’s letter to Google can be found here. It apparently helped Google that they announced a new Privacy Director and other changes in response to other countries’ investigation into the situation.

(Related) You know you have big legal problems when...

A Google Map of Google Maps' Legal Troubles

Italian officials today launched a probe into Google, which has been accused of collecting mounds of personal information through unsecured Wi-Fi networks with its Street View cars.

This is just the latest in a long line of governments looking into the matter, from Australia to Germany to South Korea. We've found it increasingly difficult to keep track of all Google's privacy snafus. So here's a handy way to track international investigations into Google Maps: A Google Map mashup. Click on the pins for news about investigations or allegations in each location.

You have no right to be drunk, therefore you have no other rights either?

Refuse breath test? Not in Lafourche

October 28, 2010 by Dissent

Raymond Legendre reports:

Lafourche has become the second Louisiana parish to enforce a DWI “no-refusal” policy at all times.

Sheriff Craig Webre announced the action Tuesday.

The Sheriff’s Office experimented with the program three times this year in its ongoing effort to reduce drunk-driving deaths and remove drunk drivers from the parish’s roadways.

Starting yesterday, suspected drunk drivers in Lafourche no longer have the right to refuse a Breathalyzer test. Previously, drivers could refuse taking such a test but would be charged with DWI and have their licenses suspended for a year.


“Where in the Fourth Amendment does it say you can stop people and take their blood?” said Marjorie Esman, executive director of the Louisiana-branch of the American Civil Liberties Union. She raised questions about how long and where the blood would be kept.


[From the article:

Previously, drivers could refuse taking such a test but would be charged with DWI and have their licenses suspended for a year. [How did that work? Were they convicted of “looking really drunk” or “refusing to be tested?” Bob]

… Under the no-refusal program, deputies can use probable cause to receive a signed search warrant from a district judge, forcing drivers who refuse a Breathalyzer test to submit to a breath, blood or urine test. Those drivers, who submit after initially refusing test, are still subject to the same penalties as people who refused the test. [Even if they test “sober?” Bob]

Gosh, his thinking evolved? Who'd a thunk it?

Article: The Puzzle of Brandeis, Privacy, and Speech

October 28, 2010 by Dissent

Neil Richards has an article, “The Puzzle of Brandeis, Privacy, and Speech” in the Vanderbilt Law Review (2010). Here’s the abstract:

Most courts and scholarship assume that privacy and free speech are always in conflict, even though each of these traditions can be traced back to writings by Louis D. Brandeis—his 1890 Harvard Law Review article The Right to Privacy and his 1927 concurrence in Whitney v. California. How can modern notions of privacy and speech be so fundamentally opposed if Brandeis played a major role in crafting both? And how, if at all, did Brandeis recognize or address these tensions? These questions have been neglected by scholars of First Amendment law, privacy, and Brandeis. In this Article, I argue that the puzzle of Brandeis’s views on privacy and speech can be resolved in a surprising and useful way.

My basic claim is that Brandeis’s mature views on privacy and its relationships to free speech were more complex and interesting than the simplistic tort theory of privacy he expounded in The Right to Privacy. As a young lawyer, Brandeis envisioned privacy as a tort action remedying emotional injury caused by the revelation of embarrassing private facts by the press. But Brandeis’s ideas evolved over his life. He soon came to believe strongly in a contrary idea he called “the duty of publicity.” This is the notion that disclosure of most kinds of fraud and wrongdoing are in the public interest; that as he famously put it, “sunlight is the best disinfectant.” When Brandeis came to think through First Amendment issues after the First World War, tort privacy could no longer consistently fit into his influential theories of civil liberty.

But while Brandeis changed his mind about tort privacy, what he replaced it with is even more interesting. In his Olmstead dissent and free speech writings, Brandeis identified a second conception of privacy that I call “intellectual privacy.” Brandeis reminds us that the generation of new ideas requires a certain measure of privacy to succeed, and that in this way intellectual privacy and free speech are mutually supportive. I conclude by suggesting some modern implications of Brandeis’s ambivalence about tort privacy and his linkage of intellectual privacy with free speech.

You can download the full article here (pdf). Hat-tip, Concurring Opinions

Is using the RIAA model the way to save the newspaper industry? New term: “pay-wall by threat

Pay Or Else, News Site Threatens

Posted by samzenpus on Wednesday October 27, @06:47PM

"The North Country Gazette, a news blog, says users who read beyond a single page of an article must pay up or they will be tracked down. They don't have a pay wall. If you go beyond page 1, you owe them. From the article: 'A subscription is required at North Country Gazette. We allow only one free read per visitor. We are currently gathering IPs and computer info on persistent intruders who refuse to buy subscription and are engaging in a theft of services. We have engaged an attorney who will be doing a bulk subpoena demand on each ISP involved, particularly Verizon Droids, Frontier and Road Runner, and will then pursue individual legal actions.'"

Push-back was inevitable.

British Airways Chief Slams US Security Requests

Posted by samzenpus on Wednesday October 27, @09:56PM

"Reflecting a growing frustration among airport and airline owners with the steady build-up of rules covering everything from footwear to liquids, Martin Broughton, chairman of British Airways, has launched a scathing attack on the 'completely redundant' airport checks requested by the TSA and urged the UK to stop 'kowtowing' to American demands for ever more security. Speaking at the annual conference of the UK Airport Operators Association, Broughton lambasted the TSA for demanding that foreign airports increase checks on U.S.-bound planes, while not applying those regulations to their own domestic services. 'America does not do internally a lot of the things they demand that we do,' says Broughton. 'We shouldn't stand for that. We should say, "We'll only do things which we consider to be essential and that you Americans also consider essential.''' For example, Broughton noted that cutting-edge technology recently installed at airports can scan laptops inside hand luggage for explosives but despite this breakthrough the British government still demands computers be examined separately. 'It's just completely ridiculous,' says Broughton."

(Related) Might be interesting to see if they can produce any data on the “effectiveness” of all this security in detecting terrorists. (i.e. is it more effective at deterring terrorists than it is at keeping monsters at bay?)

Memphis pilot files lawsuit over airport body-scans

October 27, 2010 by Dissent

Michael Roberts, the pilot who refused to go through a full body scanner, is suing the TSA. Jamel Major reports:

A Mid-South pilot who refused a full-body scan at Memphis International Airport is suing the TSA. Michael Roberts and attorneys at the Rutherford Institute are suing the federal government over air passenger screening procedures.

“We’re basically challenging the constitutionality of the new policies under the 4th Amendment,” Roberts said Tuesday.

A pilot with ExpressJet Airlines, Roberts was in full uniform and trying to commute to his job in Houston when he refused to submit to a full body scan and pat down at Memphis International Airport.

Read more on WMCTV.

For my Ethical Hackers. Another case of children bypassing “security?” Probably not. This is speculation by the reporters, although it is based on long established techniques.

Aussie Kids Foil Finger Scanner With Gummi Bears

Posted by samzenpus on Thursday October 28, @02:10AM

"An Australian high school has installed "secure" fingerprint scanners for roll call for senior students, which savvy kids may be able to circumvent with sweets from their lunch box. The system replaces the school's traditional sign-in system with biometric readers that require senior students to have their fingerprints read to verify attendance. The school principal says the system is better than swipe cards because it stops truant kids getting their mates to sign-in for them. But using the Gummi Bear attack, students can make replicas of their own fingerprints from gelatine, the ingredient in Gummi Bears, to forge a replica finger. The attack worked against a bunch of scanners that detect electrical charges within the human body, since gelatine has virtually the same capacitance as a finger's skin."

[From the ABC article:

Deputy principal Bob Cox says the school is hoping it will simplify the attendance system, but that students will still have the choice to opt out if parents take issue with it. “We can save money by implementing two systems rather than one!” Bob]

"The machine, which is unique to the school, [Bad reporting or a case of being the first to try a new system? Bob] plots three lines from those points and works out the angles and the length of the lines and assigns that particular logarithm to one student," he said.

“We're not sure what Cloud Computing means, but we are going to manage it.”

Intel, Technology Buyers Talk of Freedom in the Cloud

It’s hard to find a technology vendor who isn’t vociferously supporting the craze known as cloud computing. But some customers seem to be worried about the pace of progress, judging by comments from Intel and a large group of technology buyers.

The Open Data Center Alliance, whose formation was announced at a news conference Wednesday in San Francisco, seems partly inspired by the fear known as vendor lock-in.

… Skaugen estimated that $100 billion of potential IT spending is stalled because of customer concerns about vendor lock-in and other issues.

The Open Data Center Alliance says it plans to define technical requirements and recommendations to head off a logjam. Besides Terremark, members include Lockheed Martin, BMW, China Life, Deutsche Bank, JPMorgan Chase, Marriott International, Inc., National Australia Bank and Shell.

Implications for business in the Cloud?

Google Now Second-Largest ISP

Posted by samzenpus on Wednesday October 27, @07:35PM

"Google is now the second-largest carrier of Internet traffic, accounting for 6.4% of all web traffic, according to data released this week by Arbor Networks. But should IT execs care? Yes, says Craig Labovitz, Arbor's chief scientist, who argues that IT managers need to understand how macro Internet traffic trends will affect the design and management of their own network backbones. 'This will affect how enterprises plan their services... whether they host their own services or whether they use cloud vendors,' Labovitz says. ' The enterprise needs to shift its thinking in terms of [service level agreements] and the way it measures, monitors and secures its networks. That all used to be focused on connectivity, but now it needs to be focused on content.'"

[From the article:

Increasingly, whether you’re a consumer or an enterprise, you care not about reaching thousands of different Web sites. You care about the 20 social networking, cloud vendor and partner sites that you do business with.”

The Arbor Networks’ data points to a future where Internet traffic consolidates on the networks of a handful of carriers and content providers – what Arbor calls “hyper giants.”

… The Arbor data shows that overall Internet volumes are increasing at a rate of 40% to 45% per year, and that Google is growing faster than that. Most of Google’s data is video from its popular YouTube site.

(Related) How content drives traffic? I wonder if she has made Google more money than her record label? Perhaps the RIAA should sue?

How Lady Gaga's One Billion YouTube Views Changes the Music Industry

metric more fully captures Lady Gaga's global superstardom: the 15 million albums she's sold to date, or the one billion views she reached this week on YouTube?

Though CDs are rapidly becoming a thing of the past, replaced by digital music, physical album sales still remain the gold standard for the industry. Isn't it time that metric is updated to include the wealth of ubiquitous digital platforms? "The notion of tracking sales and correlating that to success is a bit antiquated," says Vevo CEO Rio Caraeff. "There's no single indicator you can look at now--you must look at everything."

Perhaps we should ban them from political office until we find a cure? Or is that why they've been funding DNA databases?

Researchers Find a 'Liberal Gene'

Posted by samzenpus on Thursday October 28, @07:57AM

"Liberals may owe their political outlook partly to their genetic make-up, according to new research from the University of California, San Diego, and Harvard University. Ideology is affected not just by social factors, but also by a dopamine receptor gene called DRD4. The study's authors say this is the first research to identify a specific gene that predisposes people to certain political views."

No comments: