Saturday, December 11, 2010

Do these email addresses come from information provided by customers filling prescriptions? Why is this data less secure that any other? (IS it less secure?)

Hackers steal Walgreens e-mail list, attack consumers

December 10, 2010 by admin

Bob Sullivan reports:

Pharmacy giant Walgreens had to swallow some bitter medicine on Friday when it told customers that a computer criminal had stolen its e-mail marketing list. The criminal used the list to send out realistic-looking spam that asked recipients to enter their personal information into a Web page controlled by hackers.

“We are sorry this has taken place and for any inconvenience to you,” the e-mail said.

No prescription information or other health information was stolen, the company said — the criminal only managed to pilfer customer e-mail addresses.

Read more on Technolog.

Student Privacy Takes Hit in Cell Phone Search Case

December 10, 2010 by Dissent

Matthew Heller discusses the DeSoto cellphone case discussed previously on this blog and seems to be as derisive of the court’s opinion as I was. His commentary begins:

A Mississippi judge has chilled the privacy rights of students by ruling that school officials were justified in viewing photos on a student’s cell phone after he was caught using it on campus in violation of school rules.

In one of the first decisions of its kind, Chief U.S. District Judge Michael P. Mills summarily dismissed the Fourth Amendment claims of a Southaven, Miss., middle-school student identified only as R.W., giving school administrators broad authority to “search” cell phones “to determine to what end the student was improperly using that phone.” [e.g. Reporting criminal activity by a teacher? Bob]

Read more on OnPoint.

[From the article:

“In the court’s view, a student’s decision to violate school rules by bringing contraband on campus and using that contraband within view of teachers appropriately results in a diminished privacy expectation in that contraband,” Mills wrote in his opinion.

Under U.S. Supreme Court precedent, a search of a student by a school official must be “justified at its inception” and is “permissible in its scope when the measures adopted are reasonably related to the objectives of the search and not excessively intrusive in light of the age and sex of the student and the nature of the infraction.” New Jersey v. T.L.O., 469 U.S. 325 (1985).

Mills said R.W. may well have been “engag[ing] in some form of cheating, such as by viewing information improperly stored in the cell phone.” But he did not address whether officials at Southaven Middle School went too far by looking at the photos in the phone rather than simply confiscating it.

What cheating R.W. could possibly have been doing is unclear — according to his complaint, “he was caught using his cell phone to review a text message sent to him by his father during football period.”

An Ethical Hacker research project: Is there a simple method for determining what records are public and what information they are likely to contain?

Why we’re publishing the names

December 10, 2010 by Dissent

Mike Reilly of the Omaha World-Herald explains the paper’s decision to publish the names of over 28,000 people who signed a petition to recall Mayor Jim Suttle:

… These names are not secret. The petitions are public record under Nebraska law. They are available to anyone who visits the Douglas County Election Commission. Basically, our database gives you convenient access to something you are legally entitled to examine.

Unlike voting, the act of signing a recall petition is an extremely public act.


In our database of names, the newspaper is holding back some information as a precaution against the possibility of identity theft. You will not see individual signatures or individual addresses even though those, too, are part of the public record.

But we have included each individual’s age, political affiliation and middle initial, as well as the home ZIP code.

Read more in the Omaha World-Herald.

A lot of people sign petitions and don’t seem to realize that petitions may be public records, as a recent Supreme Court case reveals.

For my Ethical Hackers and Computer Forensics students.

Canon camera encryption cracked

There's a new reason to take note of a Russian programmer who rose to modest fame with his detainment in the United States in 2001: his work to help crack encryption used in Canon cameras.

The programmer and encryption expert is Dmitry Sklyarov, and his company, Elcomsoft, has found a vulnerability in Canon's OSK-E3 system for ensuring that photos such as those used in police evidence-gathering haven't been tampered with.

The result is that the company can create doctored photos that the technology thinks are authentic. To illustrate its point, it released a few doctored photos that it says passes the Canon integrity checks. [Examples accompany the article. Bob]

Sklyarov presented the findings at the Confidence 2.0 conference last week.

Canon didn't immediately respond to a request for comment.

Sklyarov discussed his methods in a conference presentation (PDF). In it, he offered some advice on how Canon could fix the issue in future cameras. Along with the technical advice was this: "Hire people who really understand security."

(Related) I'm not certain, but I suspect this is how Governor Schwarzenegger (that wimp) got his face on my body...

ThatsMyFace: Create Action Figures of Yourself

Imagine yourself as an action figure being played with and collected by many. Or how about getting a mask of your face? If you are interested in these kinds of personal gifts, then you should check out ThatsMyFace.

This web service creates a 3D human face from your own pictures which are then attached to action figures, 3D portraits and other products, making it a great personalized gift item for your friends.

Similar Tools: PhotoFace, Digimi, and Gizmoz.

For my Ethical Hackers...

How To Build A Basic Web Crawler To Pull Information From A Website (Part 1)

Web Crawlers, sometimes called scrapers, automatically scan the Internet attempting to glean context and meaning of the content they find. The web wouldn’t function without them. Crawlers are the backbone of search engines which, combined with clever algorithms, work out the relevance of your page to a given keyword set.

Today, I’d like to teach you how to make your own basic crawler – not one that scans the whole Internet, though, but one that is able to extract all the links from a given webpage. [We can modify it later. Bob]

For my website and programming students. Handles: HTML, PHP, Ruby, CSS, Python, Perl, and JavaScript

ShiftEdit: Web Based IDE For Programming In The Cloud

If you are looking for a quick integrated development environment to work on the go, then you should check out ShiftEdit. Like any IDEs, ShiftEdit offers basic syntax highlighting and the web app interface allows you to edit your work and save it in the cloud.

Similar Tools: Ideone, PHPAnywhere and CodeRun.

Hate PowerPoint but still need to give presentations?

The 4 Best Free Alternatives To Microsoft PowerPoint

For those of us with vast stock portfolios (or even half-vast portfolios) and my Finance students. - Screening Covered Calls For You

In case you are not familiar with the concept, covered calls are one of the best investment strategies available. They are easy to get acquainted with and not very risky - industry professionals recognize them as the one conservative investment strategy that uses options. Covered calls imply a buy-write strategy that has the same payoffs as writing a put option (provided an equilibrium between the actual call option and the underlying instrument which is transacted is reached, that is).

Well, Born To Sell is a new website that makes covered calls something understandable and usable by just anybody. The site acts as a screener that any person who already owns stocks can use to identify opportunities and write options, as well as a search engine for already-existing covered calls. As it stands right now, the site will let you search over 150,000 covered calls at once.

And knowing these concepts might be a bit hard to grasp at first, the ones behind this site have come up with a comprehensive tutorial explaining just how to use such calls in order to generate a tangible income much faster.

What's new? Note: This website is getting accessed heavily enough to make the host think it's being attacked. Keep trying. Gives Early Adopters A Heads Up creator Marc Köhlbrugge has started curating an online list of not yet public startups that are currently or will soon give out invites to their private betas.

This really looks slick, and very comprehensive. BUT, in addition to requiring my email address to “sign up” prior to downloading the software, they want me to send “invitations” to two of my friends. I don't think they are planning to “do evil.” but clearly they aren't “privacy friendly” either.

Watch Your Favorite TV Shows Online With the iTVMediaPlayer

There are plenty of sites where you can watch live television, and we’ve covered a whole lot of them here at MakeUseOf. A while back, Aibek posted a list of 7 sites where you could find TV shows and Mark covered the popular desktop app Livestation, where you can find just about any news channel you’d want. More recently, I reviewed a few more tools you can use to watch TV on your computer, and then of course there’s the popular Boxee option that Justin recently wrote about.

Now with all of those options to choose from, you would think that letting go of cable would be easy. The problem is that it’s hard to find a place to offers live programming from the most popular channels like MTV, HBO, Disney or SyFy. With all of that said, I think that our cable connection has finally come to an end, because I’ve finally discovered iTVMediaPlayer.

Humor: Dilbert's commentary on the state of technology?

...and Google summarizes 2010 in 3 minutes.

As The World Searched: Google Zeitgeist 2010 [Video]

No comments: