Friday, December 17, 2010

What great advertising! A “Security firm” had their unencrypted hard drives stolen. A question for my MBA students: Why do you need information on former employees on a computer in Iraq?

Wackenhut stolen hard drive contained employee info

December 16, 2010 by admin

On December 9, Wackenhut Services Limited Liability Company notified the New Hampshire Attorney General’s Office that a hard drive stolen in transit between the firm’s office in Iraq and the firm’s U.S. office contained personal information on past employees, including their first and last names, dates of birth and places of birth, passport numbers, last known home addresses, and Social Security Numbers.

The theft was discovered by the security services firm on November 29 and the firm indicated that those affected would be notified by certified mail on Dec. 13.

The total number of employees affected was not indicated in their notification.

This is logical, but would have been discovered eventually by trial and error. Organizations that collect email addresses have more of them than organizations that don't.

Fallout from Recent Spear Phishing Attacks?

December 17, 2010 by admin

Brian Krebs writes:

McDonald’s and Walgreens this week revealed that data breaches at partner marketing firms had exposed customer information. There has been a great deal of media coverage treating these and other similar cases as isolated incidents, but all signs indicate they are directly tied to a spate of “spear phishing” attacks against e-mail marketing firms that have siphoned customer data from more than 100 companies in the past few months.

On Nov. 24, I published an investigative piece that said criminals were conducting complex, targeted e-mail attacks against employees at more than 100 e-mail service providers (ESPs) over the past several months in a bid to hijack computers at companies that market directly to customers of some of the world’s largest corporations.


For my Statistics students?

December 16, 2010

11.7 Million Persons Reported Identity Theft Victimization in 2008

News release

  • "An estimated 11.7 million persons, representing five percent of all persons age 16 or older in the United States, were victims of identity theft during the two years prior to being surveyed in 2008, the Bureau of Justice Statistics (BJS) announced today. The financial losses due to the identity theft totaled more than $17 billion. Identity theft was defined in the survey as the attempted or successful misuse of an existing account, such as a debit or credit account, misuse of personal information to open a new account, or misuse of personal information for other fraudulent purposes, such as obtaining government benefits. Approximately 6.2 million victims (three percent of all persons age 16 or older) experienced the unauthorized use or attempted use of an existing credit card account, the most prevalent type of identity theft. An estimated 4.4 million persons reported the misuse or attempted misuse of a banking account, such as a debit, checking or savings account. Another 1.7 million persons experienced the fraudulent misuse of their information to open a new account, and about 618,900 persons reported the misuse of their information to commit other crimes, such as fraudulently obtaining medical care or government benefits or providing false information to law enforcement during a crime or traffic stop. About 16 percent of all victims (1.8 million persons) experienced multiple types of identity theft during the two-year period."

Cyber War: Now this is interesting... Sort of a “Pelican Brief”

Stuxnet’s Finnish-Chinese Connection

I recently wrote a white paper [that I missed Bob] entitled “Dragons, Tigers, Pearls, and Yellowcake” in which I proposed four alternative scenarios for the Stuxnet worm other than the commonly held assumption that it was Israel or the U.S. targeting Iran’s Bushehr or Natanz facilities.

As far as China goes, I’ve identified 5 distinct ties to Stuxnet that are unique to China as well as provided a rationale for the attack which fits China’s unique role as Iran’s ally and customer, while opposing Iran’s fuel enrichment plans. There’s still a distinct lack of information on any other facilities that suffered damage, and no good explanations for why there was such massive collateral damage across dozens of countries if only one or two facilities in one nation state were the targets however based solely on the known facts, I consider China to be the most likely candidate for Stuxnet’s origin.

Technology for vigilantes? Perhaps we should have a “full” suite of such apps, like: a Poor Personal Hygiene that sends a note to your mommy; a Weed Wacker app for neighbors with bad lawns; and don't get me started on the potential for teacher/student apps:e.g. a Try Spell Checking app.

Big Brotheresque App Kills Your Automotive Anonymity

A new app that lets frustrated drivers vent their anger at boneheaded motorists already has branded your bumper with a “How’s My Driving” sticker, and it could raise your insurance premium. It’s like having thousands of unmarked police cars and speed cameras on every roadway, and it could spell the end of anonymity behind the wheel.

DriveMeCrazy, developed by Shazam co-founder Philip Inghelbrecht, is a voice-activated app that encourages drivers to report bad behavior by reciting the offender’s license plate into a smartphone. The poor sap gets “flagged” and receives a virtual “ticket,” which may not sound like much until you realize all the information — along with date, time and location of the “offense” — is sent to the DMV and insurance companies.

Anyone can write a ticket, even pedestrians and cyclists. No one is safe from being tattled on. Even if you don’t use the program, which went live Wednesday, you can’t opt out of being flagged if someone thinks you’re driving like a schmuck. Inghelbrecht is emphatic in saying he sees no privacy issues with the app and insists the end of road-going anonymity can only improve safety.

Your government at work!

Commercial Data Privacy and Innovation in the Internet Economy: A Dynamic Policy Framework

December 16, 2010 by Dissent

Quick pointer:

The Department of Commerce Internet Policy Task Force has released its report, Commercial Data Privacy and Innovation in the Internet Economy: A Dynamic Policy Framework.

I haven’t had time to read it yet, but you can read it at

Update 1: Hunton & Williams offer a summary of the paper.


Commerce Online Privacy Report Gets Mixed Grades

December 16, 2010 by Dissent

I still haven’t had time to read the report for myself, but the online “buzz” about the new report and recommendations from the Commerce Department is that it falls far short of where we need to be. Here are just two news stories about reactions.

Brian Prince of eWeek reports:

A new U.S. Dept. of Commerce report (PDF) on online privacy drew a mixed reaction from watchdogs Dec. 16, some of who called it a thinly veiled gift to the online advertising industry.

The sweeping report, released Dec. 16, calls for a “Dynamic Privacy Framework” that would revitalize Fair Information Practice Principles (FIPPs) and establish a commercial data-focused Privacy Policy Office that would identify areas where new industry or use-specific codes are needed. The paper focuses on the promotion of “informed consent” and transparency for consumers.

While some privacy advocates commended the report’s recognition of privacy issues, the report has also been criticized for falling short in certain ways – namely in its emphasis on self-regulation by the online advertising industry and its proposal of creating a safe harbor against enforcement actions by the Federal Trade Commission (FTC) as an incentive for businesses to adopt better privacy practices.


And Juliana Gruenwald of Tech Daily Dose reports:

Privacy advocates were skeptical of the proposals outlined in a privacy report released by the Commerce Department Wednesday.

While pleased that the agency is bringing attention to the need to do more to protect consumer privacy online, representatives from five privacy groups said in a conference call that the report’s proposed measures are too focused on industry self regulation. It’s a “Christmas gift to the data collection industry from the Obama administration,” according to John Simpson of Consumer Watchdog.


Update: Of course, no sooner do I post the above then I see: Department of Commerce Privacy Report: Dynamic and Innovative from TRUSTe.

We often pass laws we don't intend to obey.” Think of it as a “Double Secret Exemption”

Ca: N.S. health privacy law concerns journalists

By Dissent, December 17, 2010

The Canadian Press reports:

Nova Scotia legislation that aims to protect personal health records but also raises fears that it’s too restrictive on the media has passed.

Fred Vallance-Jones, a journalism professor at the University of King’s College in Halifax, has said the law could see journalists face fines of up to $10,000 or six months in jail if they seek information from hospital officials when patients haven’t given permission to release information about their status.

He said, for example, that a reporter asking a nurse in a hospital hallway whether the premier broke his leg might end up breaking the law.

The opposition Liberals and Conservatives agreed with his objections and raised them during third reading of the bill last Thursday, but still voted for it.

NDP Health Minister Maureen MacDonald says her legal counsel doesn’t believe the legislation will be used to prosecute journalists. [Only second class citizens, serfs and peons are targeted... Bob] She says the intent is simply to protect privacy rather than restrict reporting on the health care system.


When governments think they know what's best for citizens, you get nonsense like this.

The French Government Can Now Censor the Internet

"A new episode in French internet legislation — French ministers have passed a bill (original in French) allowing the government to add any website to a black list, which access providers will have to enforce. This black list will be defined by the government only, without requiring the intervention of the legal system. [and if they don't like it, we'll blacklist them too! Bob] Although originally intended against pedo-pornographic websites, this bill is already outdated, as was Hadopi in its time, and instead paves the way for a global censorship of the 'French internet.'"

(Related) This is not an isolated syndrome. The quest for “control” (translation: censorship) has come up repeatedly from several “Third World” countries. (Like France?)

UN Considering Control of the Internet

"News has surfaced in the wake of the WikiLeaks story that the United Nations is mulling total inter-government regulation of the internet. The initiative was spearheaded by Brazil and supported by other countries including India, China, Saudi Arabia and South Africa. Drew Wilson of ZeroPaid commented that while the Cablegate story may be bad, attempting to destroy WikiLeaks would only make matters worse for various governments around the world, given what happened when the music industry shut down Napster ten years ago."

At least they are being honest enough not to claim “It's for the children...”

WI: Lawmakers Approve Fingerprint Scanners to Prevent Child Care Fraud

December 16, 2010 by Dissent

Ann-Elise Henzl reports:

In an effort to prevent fraud at day care centers, the state will install fingerprint scanners to track the children who are attending.

The state says the system will allow it to monitor attendance, and make sure the state is only reimbursing day care facilities for services actually provided.


Patrick Marley of the Journal Sentinel reports:

Children or their guardians would need to scan their fingers when they arrive at and leave child care facilities, a move that is meant to give the state assurance that it is paying only for children who actually attend day care.

So let’s be clear: CHILDREN will be tracked to prevent ADULTS committing financial fraud. It would seem that there would need to be some kind of new database of fingerprints and records of time arrived/time left to support this. Who will have access to the database containing children’s information? How long will it be retained for? Do the children being third-party beneficiaries of the state’s subsidy program permit the state to impose surveillance requirements on them?

Does no one in Wisconsin see a problem with creating a database of children this way?

(Related) Dilbert illustrates over-reliance on technology

It is better to look secure than to be secure” Hernando I suppose TSA will eventually install their scanners at subway and train stations, perhaps even develop a “home model” we can use before we get into our cars...

Washington subway police to begin random bag checks

December 16, 2010 by Dissent

Officers will start random bag inspections on the sprawling Washington subway system, the Washington Metro Transit Police said on Thursday, a week after a man was arrested for making bomb threats to the rail system.

Metrorail police officers plan to randomly select bags before passengers enter subway stations and they will swab them or have an explosives-sniffing dog check the bags, according to the Metro police.

There is “no specific or credible threat to the system at this time,” Metro said in a statement. Passengers who refuse to have their bags inspected will be denied entry into the subway system.

So once again we see a reactive measure. It’s been how many years since 9/11 and they’re just getting around to doing something about subways in major urban areas?

I especially love this quote:

The program will increase visible methods of protecting our passengers and employees, while minimizing inconvenience to riders,” Metro Transit Police Chief Michael Taborn said in a statement announcing the new checks.

Security theater at its worst. If you’re going to do this kind of thing, have the dogs stationed by entrances and sniff away at everyone. These “random” checks are not likely to be “random” at all and may well miss actual threats.

Read more of this Reuters report.

Another example of “normal, everyday (technology aided) activities you can't do while a juror” Would this automatically exempt “Internet addicts?”

Judge Declares Mistrial Because of Wikipedia

"The Palm Beach Post reports that a police officer convicted of drugging and raping a family member will get a new trial because the jury forewoman brought a Wikipedia article into deliberations. Broward Circuit Judge Stanton Kaplan declared a mistrial after Fay Mason admitted in court that she had downloaded information about 'rape trauma syndrome' and sexual assault from Wikipedia and brought it to the jury room. 'I didn't read about the case in the newspaper or watch anything on TV,' says Mason. 'To me, I was just looking up a phrase.' Judge Kaplan called all six jurors into the courtroom and explained that Mason had unintentionally tainted their verdict and endangered the officer's right to a fair trial. Mason does not face any penalties for her actions."

One for the “Swiss Army Folder”

Word Lens Translates Words Inside of Images. Yes Really.

Ever been confused at a restaurant in a foreign country and wish you could just scan your menu with your iPhone and get an instant translation? Well as of today you are one step closer thanks to Word Lens from QuestVisual.

The iPhone app, which hit iTunes last night, is the culmination of 2 1/2 years of work from founders Otavio Good and John DeWeese. The paid app, which currently offers only English to Spanish and Spanish to English translation for $4.99, uses Optical Character Recognition technology to execute something which might as well be magic. This is what the future, literally, looks like.

(Ditto) Converting PDF to Doc Without Changing Layout

Similar tools: PDFtoWord, ConvertPdfToWord and PDFUndoOnline.

An introduction to scripting?

Better Than Batch – A Windows Scripting Host Tutorial

Here at MUO, we love computer automation. For example, Varun covered Sikuli, a tool to write automation scripts, and Guy showed you how to use AutoIt to automate tasks. The cool thing about MSH is that if you have any post-Win 98 PC, you can write a “batch” script in a variety of languages.

Available languages include JScript, VBA, and VBscript. It’s also possible to write scripts in Perl, Python, PHP, Ruby or even Basic if you have the right implementation with the right scripting engine.

… Some of the best sites to find pre-written scripts that you can use or customize include the following:

  • Microsoft Script Center – Straight from microsoft, and includes categories like Office, desktop, databases and active directory

  • Computer Performance – This UK site offers the best selection of VBScripts that I’ve seen online.

  • Computer Education – You’ll find a small collection of scripts here, but they’re very useful and they all work.

  • Lab Mice – An awesome collection of batch programming resources like an assortment of logon scripts.

Interesting research potential. Try “Privacy” or “Cloud Computing”

Cultural Evolution Could Be Studied in Google Books Database

Google’s massive trove of scanned books could be useful for researchers studying the evolution of culture.

In a paper published Dec. 16 in Science, researchers turned part of that vast textual corpus into a 500-billion-word database in which the frequency of words can be measured over time and space.

Their initial subjects of analysis, including cultural trajectories of popular modern thinkers and the conjugation of irregular verbs, hint at what might be done.

… The database is freely available for online queries and complete download.

The Infographic pretty much sums it up!

Graphic: Your Computer Is Going Away

No comments: