Friday, November 12, 2010

Not as bad as it sounds. The records were available to unauthorized NHS staff, not the entire world.

UK: Security alert over NHS data breach

By Dissent, November 11, 2010

Alison Dayani reports:

A severe security alert has been issued over confidential NHS medical records of every Birmingham patient being left open to breach, the Birmingham Post can reveal.

The National Information Commissioner has ordered an investigation into access of IT files held by Birmingham Primary Care Shared Services Agency, which holds all staff and patient files for the city’s three primary care trusts (PCTs) plus all GP surgeries.

The highest level of Serious Untoward Incident – level five – has been issued over the computer network allegedly being left repeatedly compromised and insecure, an insider said.

Read more on Birmingham Post.

[From the article:

All patient data along with staff pay and personal details up to chief executive level are believed to have been left accessible to more than 6,000 NHS workers who normally would not be allowed access to such private material.

Security Breach: The rift that keeps on giving!

(ALDI update) Five Star Bank hit by debit-card fraud

November 11, 2010 by admin

Jonathan D. Epstein reports:

A debit-card security breach at a discount grocery chain that operates in 11 states is costing Five Star Bank as much as $850,000 in fraud losses.

Financial Institutions, the Warsaw-based parent of the bank, expects to suffer a pretax loss of about $750,000 to $850,000 in the fourth quarter in connection with fraudulent debit transactions, the company disclosed in a regulatory filing with the Securities and Exchange Commission.

Spokesman Matthew Murtha said the fraud stems from “ongoing” theft of customers’ confidential card information from national retailers, including clothing, gas and food stores. Some of the thefts occurred through hacking of computer systems, but others were on-site.


Five Star was not unique in suffering losses, although its estimate appears much higher than those of two other financial institutions known to be affected: ESL Federal Credit Union in Rochester and Bank of Castile, a subsidiary of Ithacabased Tompkins Financial Corp.


A research tool for my Computer Security students. (and a guidebook for my Ethical Hackers?)

Get hacked and spill the beans, anonymously

November 11, 2010 by admin

Elinor Mills reports:

A new Web site could help turn security breach guesswork into science.

Database breaches, social engineering attacks, and hacking incidents happen at companies every day, but very few end up being reported publicly. That’s because organizations fear–and rightly so–damage to their reputation, public humiliation, and loss of customer confidence.

But this silent victim syndrome means that others can’t learn from the missteps of victims and that the industry as a whole doesn’t have a good grasp on the scope of the problem.

In a first-of-its-kind effort, Verizon Business is launching a public Web site for reporting security incidents that could crack open the self-defeating secrecy of data breaches.

Read more on cnet

[From the article:

Verizon is officially launching today its Veris information-sharing site where network or security professionals can provide detailed information about an incident and get back a report that illustrates via charts, graphs, and other information how the reported incident compares with others.

[From Veris:

you can subscribe to the RSS Feeds for recently changed pages or comments to monitor and engage in the wiki interaction.

Here's what I get reading between the lines: MessageLabs is in the spam fighting business. They are pretty good detecting spam inbound (sent TO their customers) but completely missed one of their customers sending spam after someone took control of the customer's email system. Apparently they didn't notice the increased volume until another spam-blocking firm started to block all email traffic from MessageLabs' clients. Just proves that even companies owned by big name anti-virus companies don't always get security right.

Hackers Blamed For MessageLabs Spam Blunder

Posted by timothy on Friday November 12, @05:58AM

"MessageLabs claims to have discovered that the systems of one of its customers were hacked by spammers after an entire block of MessageLabs IP addresses was blocked by antispam service SORBS. Customers of the managed email service had problems with outbound mail last week after MessageLabs' IP addresses were included in SORBS' block list. The Symantec-owned service provider has assured customers it has systems in place to prevent such incidents from happening again."

Properly secured, this could be a valuable tool (until we can embed RFID chips in people like we now do for dogs, cats and other livestock...) - For The Identification Of People

Although it is available only in Central Texas, Wander ID offers such a practical service that I feel it is only fair to include it on KillerStartups today. You see, Wander ID is an automatic system that can be used to identify people who can not identify themselves. This includes people with Alzheimer, autism and dementia, as well as minors.

Whenever any situation arises, such people become vulnerable because they can not really express who they are. Wander ID addresses that by creating an online database in which four photos of each person are entered into. These photos are accompanied by the relevant contact information.

From that point onwards, if there is indeed an emergency and your loved one is involved then any police officer or concerned person will be able to identify him/her by taking a digital photograph and sending it to Wander ID.

The photo will be matched with the ones in the database using advanced facial recognition technology. The person will be identified, and you will be notified about his/her whereabouts immediately.

A nose for surveillance? I suspect this will only work if they more or less constantly check the air. After all, there is a big difference before and during Stock Show here in Denver, not to mention the astounding rise in methane levels during Centennial's Bean Burrito Bash

Darpa Wants to Sniff Your City’s Distinct Chemical Scent

In theory, chemical attacks can be detected before they happen. Even trace amounts of chemicals give off specific signatures that tools like sorbent tube samplers can register. But in order to figure out if dangerous chemicals are stockpiled somewhere or are floating through the air, the government’s going to have to know the baseline level for those chemicals wafting near your trash receptacle. [Clearly not true. If you detect Sarin or Ricin, you don't need to know that none had ever been detected before. However, you will need constant monitoring to notice when Non-Zero levels are detected. Bob]

Interesting that laws are already changing to reflect the “Double Secret” ACTA

Aussie Gov't Says Wiretap Laws Fine, Telcos 'Wrong'

Posted by timothy on Friday November 12, @12:06AM

"A top bureaucrat from the Australian Attorney-General's department has said telcos are wrong to complain about changes to the country's wiretapping laws, which will force them to report every product and network system change to law enforcement for approval, [Is there any other area where the government must approve innovation? Bob] lest they affect the ability to intercept communications. The telcos argue there are simply too many products and network architecture changes to report and that it would become overbearing. It's the latest in a string of changes to communications law in the country, and comes as the government mulls data retention and the Anti-Counterfeiting Trade Agreement."

Internet economics (according to Google?)

November 11, 2010

Report: The Connected Kingdom - How the Internet is Transforming the UK Economy

"Google commissioned The Boston Consulting Group to produce an independent analysis of the value of the UK’s Internet economy, the factors that are driving this, how we compare to other countries, and how this will change in the future. Google wants to help UK businesses get online and use the Internet to grow and have run programmes like ‘Getting British Business Online’ to help businesses create their first website, we’re also interested in helping existing online businesses to grow further... The Internet is a fundamental part of everyday life in the UK - 73% of households have broadband. Our research has revealed that the UK Internet economy is worth £100 billion a year, is growing at 10% a year and directly employs 250,000 people. To have your say in future policy to continue this growth, explore the site, post a question and add to the debate."

(Related) The physical infrastructure of virtual businesses. Clearly the state is not counting on vastly increased Income Tax revenue from these data centers. One wonders if a naturally low rate of Property Tax or a tax amnesty was a significant part of the attraction?

Facebook To Build Its Second Data Center To The Tune Of $450 Million

Earlier this year, Facebook reaffirmed its status as a bonafide Internet giant when it broke ground on its first data center, which will be located in Oregon with plans to begin operations in 2011. [Pop quiz: If their FIRST data center won't start operating until next year, whose laptop has the company been running on thus far? Bob] Today, the company has announced that it’s building its second data center, this time in Rutherford, North Carolina. And it’s not coming cheap: Facebook is investing $450 million to build the new facility.

… and will have around 35-45 full-time and contract workers once it’s done.

… Facebook isn’t the first tech company to turn to North Carolina to build a massive East Coast data center — Apple is building a $1 billion facility that’s expected to be finished this year. Google and IBM also have data centers in the state.

Attention my fellow Nerds! Can you believe someone would actually part with such a precious tech toy? Let's hope he died and the widow needs the money...

Rare 'Apple 1' computer expected to fetch $240,000 at Christie's

The Apple 1 was released back in 1976 and sold for a wallet-busting $666.66 USD

… all 200 units of the computer were completely manufactured by hand.

With only 30 to 50 units of the Apple 1 left in existence,

Come November 23, the computer’s lucky new owner will secure a “superb example” of the Apple 1, along with its original shipping box, the positively space-age Apple 1 cassette interface, the Apple 1 operations manual, a dated invoice, and even a signed letter from Apple co-founder Steve Jobs.

What is the Information Age equivalent of “A sign of the times?” Pop-up of the Times? Also note that a wildly popular free book will never be on the “Best SELLer List” – is this a business opportunity? (A Best Freebie List, perhaps?)

Times Will Rank E-Book Best Sellers

In an acknowledgment of the growing sales and influence of digital publishing, The New York Times said on Wednesday that it would publish e-book best-seller lists in fiction and nonfiction beginning early next year.

Speaking of Free

November 11, 2010

Watch FedFlix - *No late charges* in the public domain!

"FedFlix is a joint venture with the National Technical Information Service (NTIS) in cooperation with other government agencies including the National Archives. They send us government videotapes, we upload them to the Internet Archive, YouTube, and our own public domain stock footage video library — then we send the government back their videotapes and a disk drive with their digitized video. To The Movies!"

[See also:

From Gary Alexander, for my Computer Security students

Protecting Your Customers' Data: An Update on Changes to PCI Standards Development

FREE LIVE Webinar: Monday, November 15, 2010 11 AM PST / 2 PM EST

For those times when I want to yell at my students rather than just TYPE IN CAPS (This works well, even with my (very) cheap microphone.)

Thursday, November 11, 2010

Vocaroo - A Simple Way to Make Voice Recordings

Vocaroo is a free service that allows users to create audio recordings without the need to install any software. You don't even have to create an account to use Vocaroo. All you need to provide is a microphone. I used the microphone built into my MacBook to make the recording below. To create a recording just go to, click record, grant Vocaroo access to your mic, and start talking. After completing your recording, Vocaroo gives you the choice to publish it or to scrap it and try again.

What I like about Vocaroo besides the ability to record without installing software is the option to embed the recording anywhere, Vocaroo provides the embed code for you. You can also download your recording, just look for the download link at the bottom of the page (it's small and easily overlooked).

My website students can use this...

DownloadTube: Convert & Download Online Videos Direct to PC

Most of the tools that let you download videos from the internet are cluttered with banners and pop-ups. DownloadTube is a bit different since it has a clean interface in addition to a simple functionality. Just enter the URL of an FLV file and select the format you want to download video for.

Options include Windows, Mac, Flash, Mobile, audio only and MP4. Click convert and download to fetch the video. The information on what format is required for a specific device also helps a lot in choosing the right output format.

Update: Without registration you can process only one video per 90 min period. Registering lifts all the limitations.

Similar tools: Meep, KeepTube and BYTubeD. [and Zamzar

No comments: