SCNB hit by breach – over 8,000 clear text credentials stolen
by Steve Ragan - Jan 15 2010, 18:04
'Twas the night before Christmas, when Suffolk Bancorp said an internal audit by Suffolk County National Bank (SCNB) discovered that over 8,000 customer online banking credentials were snatched from a server where they resided in plain text.
… After the attack was discovered, the servers used by SCNB were rebuilt and various other security measures were put in place. [Why is it that you never have time to do it right but you always find time to do it over? Bob]
… Neither SCNB, nor their parent Suffolk Bancorp, would discuss the technical aspects of the breach, which occurred over a six-day period from November 18-23. [We didn't look for it at the time, but in retrospect it's obvious. Bob] They said in a statement that they have detected no unauthorized use of the stolen credentials since the attack. [Not that we've been looking for any... Bob]
For the hack collection. Note that any inadvertent error can be converted to a non- inadvertent error (dis-inadvertent?) When you link to a site like Facebook, details of your connection are stored in a table (so Facebook can talk back to you). So all you need to do is cause their server to scroll up or down the table!
Network Flaw Causes Scary Web Error
Jordan Robertson reports:
A Georgia mother and her two daughters logged onto Facebook from mobile phones last weekend and wound up in a startling place: strangers’ accounts with full access to troves of private information.
The glitch – the result of a routing problem at the family’s wireless carrier, AT&T – revealed a little known security flaw with far reaching implications for everyone on the Internet, not just Facebook users.
In each case, the Internet lost track of who was who, putting the women into the wrong accounts. It doesn’t appear the users could have done anything to stop it. The problem adds a dimension to researchers’ warnings that there are many ways online information – from mundane data to dark secrets – can go awry.
Read more from The Associated Press.
In the old Soviet Union, they put you in the psych ward on heavy drugs.
FL: Appeals court hears case of pregnant woman ordered to stay at TMH
By Dissent, January 16, 2010 8:54 am
Does a woman lose her right to make medical decisions for herself when she is pregnant? Can the state effectively treat her as little more than an “incubator,” subject to the total control of her doctor?
Those are the key questions raised by attorneys on behalf of a Wakulla County woman whose case was heard last week by the 1st District Court of Appeal.
Samantha Burton was 25 weeks pregnant last March when she went for a prenatal doctor’s visit and was admitted into Tallahassee Memorial Hospital because of complications.
“I was desperately hoping to receive the care I needed to save my baby,” she said.
After examining Burton, Dr. Jana Bures-Forsthoefel found the 29-year-old mother of two had a ruptured membrane, had started contractions and was at risk of infection or premature birth, jeopardizing her health and the life of her unborn child.
Burton was ordered to immediately quit smoking and stay in the hospital on bed rest for the remainder of her pregnancy, but Burton didn’t like that idea. She wasn’t happy with care she was getting and wanted to go to another hospital and get a second opinion. She wanted to be able to go home.
Only, Burton wasn’t allowed to leave. [In less progressive states, that's called kidnapping. Bob]
Read more on Tallahassee.com
What would happen if they looked at my laptop and were able to determine that I had electronically transferred all my files to the law firm of Moe, Larry & Curly?
Laptop Search Documents Revealed
Thomas Claburn reports:
Documents detailing nine months of searches and seizures of electronic devices by U.S. Customs and Border Protection (CBP) agents were released on Thursday by the American Civil Liberties Union, offering previously unavailable insight into border searches. Last summer, the Department of Homeland Security released new rules governing searches of laptops and other electronic devices at airports and other border crossings. The rules, regarded as an improvement in terms of clarity, nonetheless continued Bush administration policies giving government agents the right to search electronic devices as if they were suitcases or backpacks, without cause.
In February, 2009, the U.S. Supreme Court let stand an appeals court ruling that laptops are like suitcases and can be searched at borders without reasonable suspicion.
Read more on InformationWeek.
[From the ACLU:
Between July 2008 and June 2009, CBP transferred electronic files found on travelers' devices to third-party agencies almost 300 times. Over half the time, these unknown agencies asserted independent bases for retaining or seizing the transferred files. More than 80 percent of the transfers involved the CBP making copies of travelers' files.
… Those interested in analyzing the data themselves may find these spreadsheets useful. [Something for my Spreadsheet and Computer Forensics classes. Bob]
Cyber-War: See? I thought this smelled bigger than the early stories were indicating. What is the electronic equivalent of a declaration of war? What level must a “sneak attack” reach before it is considered an act of war? Are any industries/institutions protected by an electronic Geneva Conventions? If not, expect hospitals, banks, social security, etc. to be targeted. Why not? How would we respond in kind?
U.S. to lodge formal protest with China over alleged cyberattacks
State Department will present concerns in Beijing next week
By Jaikumar Vijayan January 15, 2010 01:29 PM ET
Computerworld - The U.S. will lodge a formal protest with China over the nation's alleged involvement in cyberattacks against Google.
… Many security analysts say these kinds of cyber attacks are unlikely to be deterred by policy statements or expressions of protest given the enormous economic stakes involved. At that same time they also concede there is nothing the government can do by way of launching retaliatory attacks or initiating other non-diplomatic forms of response against cyber-adversaries operating out of China.
(Related) Perhaps I should design a “Citizen Retaliation” class? (Hacking for Vigilantes?) At least I could start collecting the tools.
Code Used To Attack Google Now Public
Posted by timothy on Friday January 15, @10:46PM from the clever-scoundrels-still-scoundrels dept.
"The IE attack code used in last month's attack on Google and 33 other companies was submitted for analysis Thursday on the Wepawet malware analysis Web site. One day after being made publicly available, it had been included in at least one hacking tool and could be seen in online attacks, according to Dave Marcus, director of security research and communications at McAfee. Marcus noted that the attack is very reliable on IE 6 running on Windows XP, and could possibly be modified to work on newer versions of IE."
Oh look boys & girls, another new tax. And since it's a property tax, you don't even need to be profitable to pay it!
January 15, 2010
Treasury Fact Sheet: Financial Crisis Responsibility Fee
News release: "Today, the President announced his intention to propose a Financial Crisis Responsibility Fee that would require the largest and most highly levered Wall Street firms to pay back taxpayers for the extraordinary assistance provided so that the TARP program does not add to the deficit.
The fee the President is proposing would: Require the Financial Sector to Pay Back For the Extraordinary Benefits Received; Responsibility Fee Would Remain in Place for 10 Years or Longer if Necessary to Fully Pay Back TARP; Raise Up to $117 Billion to Repay Projected Cost of TARP; Apply to the Largest and Most Highly Levered Firms..."
[From the Press Release:
Fee Assessed at Approximately 15 Basis Points (0.15 Percent) of Covered Liabilities Per Year
… Covered Liabilities = Assets - Tier 1 capital - FDIC-assessed deposits (and/or insurance policy reserves, as appropriate)
What are they hiding?
Adding Up the Explanations For ACTA's "Shameful Secret"
Posted by ScuttleMonkey on Friday January 15, @05:25PM from the trying-to-pull-a-fast-one dept.
Several sources are reporting on a Google event this week that attempted to bring some transparency to the Anti-Counterfeiting Trade Agreement (ACTA) that has so far been treated like a "shameful secret." Unfortunately, not many concrete details were uncovered, so Ars tried to lay out why there has been so much secrecy, especially from an administration that has been preaching transparency.
"The reason for that was obvious: there's little of substance that's known about the treaty, and those lawyers in the room and on the panel who had seen one small part of it were under a nondisclosure agreement. In most contexts, the lack of any hard information might lead to a discussion of mind-numbing generality and irrelevance, but this transparency talk was quite fascinating—in large part because one of the most influential copyright lobbyists in Washington was on the panel attempting to make his case. [...] [MPAA/RIAA Champion Steven] Metalitz took on three other panelists and a moderator, all of whom were less than sympathetic to his positions, and he made the lengthiest case for both ACTA and its secrecy that we have ever heard. It was also surprisingly unconvincing."
Why do I keep harping on the fact that providers aren't investing in infrastructure? Because it's pretty obvious they aren't. Come on guys! It's for the children!
Akamai: World's Net connection speeds rising
by Lance Whitney January 14, 2010 11:23 AM PST
More cities and countries are enjoying faster Internet speeds, according to the latest State of the Internet report released Wednesday by Akamai.
Looking at the third quarter of 2009, the report found that most countries in the top-10 list for Internet performance saw an average 18 percent increase in speed from the second quarter. South Korea topped the list, with a 29 percent jump in speed to 14.6 megabits per second, while Ireland came in second for most improved, with a 26 percent rise to 5.3Mbps.
The United States failed to make the top-10 list again, coming in 18th, with a 1.8 percent increase to reach an average connection speed of 3.9Mbps.
The music industry saw this website as a place to contact safe-crackers, get-away drivers and a fence. The court saw it as a listing for garage sales.
In UK, Oink Admin Cleared of Fraud
Posted by kdawson on Friday January 15, @02:35PM from the bpi-not-best-pleased dept.
"The BBC is reporting that Alan Ellis, who ran music file sharing site Oink from his flat in the UK, has been found not guilty of conspiracy to defraud. Between 2004 and 2007, the site 'facilitated the download of 21 million music files' by allowing its some 200,000 'members to find other people on the web who were prepared to share files.' Ellis was making £18,000 a month ($34,600) from donations from users, and claimed that he had no intention of defrauding copyright holders, and said 'All I do is really like Google, to really provide a connection between people. None of the music is on my website.'"
Reader Andorin recommends Torrentfreak's coverage, which includes summaries of the closing arguments.
Humor? Certainly one of the dumber ideas... But perhaps I could get a copyright on “electronically looking askance?”
Oh goody!!!!!! A punctuation mark for sarcasm
by Chris Matyszczyk January 15, 2010 3:36 PM PST
Tools & Techniques Could be useful for the e-Discovery crowd or researchers looking to archive search results – even simple handouts.
PDFmyURL turns any site into a PDF
by Josh Lowensohn January 15, 2010 3:29 PM PST
PDF enthusiasts have a new Web converter tool at their disposal with PDFmyURL, a simple, one-function site that converts any live Web site into a static PDF file--something handy for offline reading, long-term archiving, and sticking on PDF-friendly e-book readers like Amazon's Kindle. It can also be a lifesaver, if you're on a computer without PDF-making software that would otherwise enable you to "print" a PDF copy of your own.
I'm gonna make this article into a poster for my “geek” classes.
Darpa: U.S. Geek Shortage Is National Security Risk
For my students, when I assign those pesky group projects.
Share Your Desktop Remotely With Multiple Viewers Easily With LogMeIn Express
By Tim Lenahan on Jan. 15th, 2010
… LogMeIn has come up with yet ANOTHER free product for us to try called LogMeIn Express. So far I love LogMeIn Express because it overcomes one tedious obstacle that LogMeIn Free has, and that’s the installation on the PC to be controlled.
Say your grandma who lives in Florida calls and needs you to show her how to find a lost Word document or how to update her status on her new Facebook account. And say YOU live in Maine. Well, you’re not there with her to install the LogMeIn program for her and she doesn’t have the “know how.” Read this article to see how easy it really is for her to share her desktop remotely with you using LogMeIn Express.
If you want to share your desktop with someone, head on over to the LogMeIn Express website, click the “share” button, download the very small file (under a meg), and run it.
This one may be a bit ahead of its time. (Would work for 95% of my students, but only 10% of us professors.)
MightyMeeting Lets You Conduct PowerPoint Presentations From Your Smartphone
by Jason Kincaid on January 15, 2010
... MightyMeeting allows you to use your smartphone to host a PowerPoint presentation while you’re on the go, and also lets you manage your library of Office and PDF files from your phone.
This could be fun. Incorporate the college logo into a cursor...
RealWorld Cursor Editor – Make Yourself A Custom Mouse Cursor
By Saikat Basu on Jan. 15th, 2010
… The freeware cursor application helps us create beautiful cursors –static or animated from image files. More importantly, one doesn’t have to have a degree in Fine Arts to design the cursors. A friendly wizard takes us through the steps. The drag and drop interface like any good graphic editor also gives it another point on the scale of user friendliness.
… The RealWorld Cursor Editor comes as a 6.6MB download bundle and also has the option of a 7.2MB portable version.