Tuesday, April 05, 2011

Another third party breach...

http://www.databreaches.net/?p=17406

Breach of S&D Coffee web site results in notifications to customers

April 4, 2011 by admin

S&D Coffee recently notified the New Hampshire Attorney General’s Office that a security breach involving its online e-commerce site resulted in the compromise of customers’ names, addresses, email addresses, and credit card numbers.

The site is hosted by E-Dreamz, who discovered the breach on February 7 and notified S&D Coffee.

The coffee retailed indicated that it would be sending notifications to affected customers by March 25.



“Breach disclosure” laws do not ensure you will know how often (or even IF) your information was compromised.

http://news.cnet.com/8301-31021_3-20050555-260.html

Were you affected by Epsilon data breach?

The company said Monday that 2 percent of the companies it counts as clients are affected by the security breach. There is no official list of affected companies that's available, and a company spokesperson said Epsilon cannot release the names of its clients. Epsilon is in the midst of conducting an investigation of what led to the security breach.

The list of Epsilon clients whose customer e-mail addresses were stolen is not complete, and is likely to grow. But so far Target, Kroger, TiVo, US Bank, JPMorgan Chase, Capital One, Citi, Home Shopping Network, Ameriprise Financial, LL Bean Visa Card, McKinsey & Company, Ritz-Carlton Rewards, Marriott Rewards, New York & Company, Brookstone, Walgreens, The College Board, Disney Destinations, and Best Buy have notified their own customers about the breach. Hilton Hotels and Ethan Allen are also said to be affected.

… You can forward suspected phishing e-mails to reportphishing@antiphishing.org and spam@uce.gov.



Spear Phishing for whales. Another way outsourcing (third parties) make you vulnerable. Strange they didn't have a procedure in place to confirm changes to vendor payment addresses.

http://www.wired.com/threatlevel/2011/04/condenast-hooked-by-spear-phisher/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Index+3+%28Top+Stories+2%29%29

Condé Nast Got Hooked in $8 Million Spear-Phishing Scam

A spear phisher managed to reel in a prize catch last year with a single hook when media giant Condé Nast took the bait and wired $8 million to his bank account after he posed as a legitimate business, according to a news account.

The alleged swindler failed to withdraw any funds before federal authorities intervened and froze the money, but the case highlights how little effort a scammer needs to invest in order to get a big payday.

… Information about the scam appeared in a forfeiture lawsuit filed March 30 in Manhattan by the U.S. Attorney’s office for the Southern District of New York in an attempt to retrieve the money for Condé Nast. It was first reported by Forbes.

The filing seeks the funds for forfeiture on grounds that they are allegedly proceeds from wire fraud and money laundering crimes.

According to the court document, last November Condé Nast’s accounts payable department received an e-mail (.pdf) that purported to come from Quad/Graphics, the company that prints Condé Nast magazines.

The e-mail instructed Condé Nast to send payments for its Quad/Graphics account to a bank account number provided in the e-mail, and included an electronic payments authorization form. The e-mail indicated the account was for Quad Graph, a name similar to the real printer’s name.

Someone at Condé Nast apparently signed the form and sent it back to a fax number listed in the e-mail, then began making electronic transfer payments to the bank account specified by the scammer.

Between Nov. 17 and Dec. 30, the company wired $8 million to the Quad Graph account before a query around Dec. 30 from the real printer, Quad/Graphics, asking about outstanding bills, prompted Condé Nast to investigate the matter. The company was apparently able to reverse at least one transfer of about $36,000 back to its JPMorgan Chase account, though the court document doesn’t indicate when that occurred.



For my Computer Security students. I hope this is just bad reporting, but taking the story at face value, Army computer security sucks! I can't install software on my classroom computers without involving someone from tech support. I guess the Army doesn't bother with security on their computers...

http://www.wired.com/threatlevel/2011/04/manning-data-mining/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Index+3+%28Top+Stories+2%29%29

Army: Manning Snuck ‘Data-Mining’ Software Onto Secret Network

Accused WikiLeaks source Pfc. Bradley Manning installed and used unauthorized “data-mining software” on his SIPRnet workstation during the time he allegedly siphoned hundreds of thousands of documents off that classified network, the Army said Friday in response to inquiries from Threat Level.

Manning’s use of unauthorized software was the basis of two allegations filed against him this year in his pending court martial, but the charge sheet listing those allegations was silent on the nature of that software.

On Friday, an Army spokeswoman clarified the charges. “The allegations … refer to data-mining software,” spokeswoman Shaunteh Kelly wrote in an e-mail. “Identifying at this point the specific software program used may potentially compromise the ongoing criminal investigation.” [I just renamed my “Steal_Stuff” program to “Mandatory_Security” That should fool them. Bob]

… Manning allegedly installed the software twice

… the first time between Feb. 11, 2010 and April 3, 2010. [Either the Army's computer logs don't have dates or they don't bother to log program installations and they are just guessing. Bob] The second time was around May 4, the day he was demoted from Specialist to Private First Class and given a new job assignment following an altercation with another soldier.

… Christie said that prosecutors wouldn’t have to show definitive evidence that the software was used to obtain or sort the purloined documents; just the fact that it was installed on Manning’s computer during the time the documents were taken would allow prosecutors to draw reasonable inferences that it was used to commit the crime. [Would they also have to prove that Manning installed it? Bob]



A step toward globalization?

http://www.pogowasright.org/?p=22219

European Privacy Law Comes to America Via FTC’s Google Order

April 4, 2011 by Dissent

Nathan Newman writes:

This probably will give the Tea Party types a heart attack but European privacy law has come to America via the FTC order last week.

One key part of the order imposed on Google was the FTC’s press statement that:

this is the first time the FTC has alleged violations of the substantive privacy requirements of the U.S.-EU Safe Harbor Framework, which provides a method for U.S. companies to transfer personal data lawfully from the European Union to the United States.

What makes this significant is that for Internet companies operating globally, including in Europe — and that means almost all the major companies — the FTC has established the precedent of applying European Union principles on privacy via the U.S.-EU Safe Harbor Framework.

Read more on Huffington Post.



I suspect they believe hackers will not stop at the public information on a Facebook page, but will eventually hack into the private stuff and reveal some embarrassing information about the candidates or the party. Or maybe they are just looking for nude pictures of the candidates...

http://www.pogowasright.org/?p=22232

Log-in demand crosses line

April 5, 2011 by Dissent

David Canton writes:

It [sic] not unusual for employers to conduct Google searches on prospective employees or check their public social media feeds. But prospective employer’s requests for job applicants’ social media log-in IDs and passwords crosses the line.

Unfortunately, some people have felt no choice but to comply given the unequal bargaining power between the parties and their need to obtain or keep a job.

The British Columbia New Democratic Party has required candidates to reveal their social media IDs and passwords so the party can search for potentially embarrassing material. So far, all the candidates have apparently complied, except for one.

Read more on Canoe.



What you can say vs. what you can text?

http://www.bespacific.com/mt/archives/026913.html

April 04, 2011

"Regardless of Frontiers:" The International Right to Freedom of Expression in the Digital Age

Via CDT, "Regardless of Frontiers:" The International Right to Freedom of Expression in the Digital Age: "The purpose of this report is to explore how the internationally recognized right to freedom of expression should apply to the Internet. This report is intended to spark further research, discussion, and action. The Internet offers individuals around the world the potential to seek, receive, and impart information and ideas in unprecedented ways. Like no medium before it, the Internet can empower citizens to communicate instantaneously with others in their own communities and worldwide, at low cost relative to traditional forms of media. The Internetʼs unique attributes create new opportunities to collaborate, exchange ideas, and promote scientific, cultural, and economic progress. Producers of traditional forms of media also can use the Internet to greatly expand their audiences at nominal cost. Like no other technology, the Internet can transcend national borders and eliminate barriers to the free flow of information. These unique features of the Internet, if properly supported, can foster innovation, economic growth, democratic participation, and human development."



Technology redefining the law?

http://www.bespacific.com/mt/archives/026919.html

April 04, 2011

Article: Disclosure’s Effects: Wikileaks and Transparency

Disclosure’s Effects: Wikileaks and Transparency, Mark Fenster University of Florida - Fredric G. Levin College of Law

  • "Constitutional, criminal, and administrative laws regulating government transparency, and the theories that support them, rest on the assumption that the disclosure of information has transformative effects: disclosure can inform, enlighten, and energize the public, or it can create great harm or stymie government operations. To resolve disputes over difficult cases, transparency laws and theories typically balance disclosure’s beneficial effects against its harmful ones. WikiLeaks and its vigilante approach to massive document leaks challenge the underlying assumption about disclosure’s effects in two ways. First, WikiLeaks’s ability to receive and distribute leaked information cheaply, quickly, and seemingly unstoppably enables it to bypass the legal framework that would otherwise allow courts and officials to consider and balance disclosures’ effects. For this reason, WikiLeaks threatens to make transparency’s balance irrelevant. Second, its recent massive disclosures of U.S. military and diplomatic documents allow us to reconsider and test the assumption that disclosure produces effects that can serve as the basis for judicial and administrative prediction, calculation, and balancing. For this reason, WikiLeaks threatens transparency’s balance by disproving its assumption that disclosure necessarily has predictable, identifiable consequences that can be estimated ex ante or even ex post. This article studies WikiLeaks in order to question and evaluate prevailing laws and theories of transparency that build on the assumption that disclosure’s effects are predictable, calculable, and capable of serving as the basis for adjudicating difficult cases. Tracing WikiLeaks’s development, operations, theories, and effects, it demonstrates the incoherence and conceptual poverty of an effects model for evaluating and understanding transparency."


(Related) Technology redefining Economics?

http://www.bespacific.com/mt/archives/026914.html

April 04, 2011

Transcript: “Buying & Selling EContent'

Interview with Jim Jansen, Senior Fellow, Pew Internet & American Life Project, Recorded at “Buying & Selling EContent” Conference, For podcast release Tuesday, April 5, 2011

  • "..the ability to buy digital content online is critically important to a lot of people, a lot of businesses, a lot of artists, photographers, a whole gamut of people. So we were very interested in that aspect of this technology and whether consumers were willing to put out their money to buy this stuff... Certainly, the most common products purchased are music and software. However, games and information from articles and stuff are also purchased quite frequently. The average spend was about $47 in a given month, although the typical user spent $10 to $15."



Perhaps they should arrest FBI agents who break the law?

http://www.pogowasright.org/?p=22213

Watchdogs say Oakland, SF police should shun FBI

April 4, 2011 by Dissent

Civil rights watchdog groups say police in Oakland, San Francisco and other cities should stop working with the FBI on terrorism investigations so long as doing so means they can violate local privacy policies.

“Under the state constitution and local policies, Californians are protected against government intelligence gathering unless there is a factual basis to suspect them of wrongdoing,” Alan Schlosser, the American Civil Liberties Union of Northern California’s legal director, said in a news release today. “It is now clear that the FBI has been authorized to conduct thousands of investigations that are just fishing expeditions and run contrary to California law. It is an outrage that San Francisco and Oakland police officials are not being forthcoming about whether their JTTF (Joint Terrorism Task Force) officers are complying with state and local law.”

Read more on InsideBayArea.com



Should be amusing to see how this works...

http://search.slashdot.org/story/11/04/05/0349235/Yahoo-Liable-In-Italy-For-Searchable-Content?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Yahoo! Liable In Italy For Searchable Content

"A recent decision of an Italian court could spark considerable discussion over the liability of a search engines. The court actually ordered Yahoo! to remove any link to any site containing unlawful copies of a movie. Under EU Directives 2003/31, liability of search engines is not regulated (save for caching activities). In the case brought to court regarding the film About Elly, it was not the caching activities of Yahoo! that were questioned (or any content hosted on Yahoo!'s servers), but the mere fact that searching for the film made it possible to reach websites allowing the streaming or downloading of the movie (actually, illegal sites got a better ranking then the official one)."



Law vs. Economics

http://yro.slashdot.org/story/11/04/04/1851235/Piracy-Is-a-Market-Failure-mdash-Not-a-Legal-One?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Piracy Is a Market Failure — Not a Legal One

"Michael Geist, Canada's copyright law guru and law prof at the University of Ottawa, posted an interesting observation about the copyright issue of piracy. Canada's International Development Research Centre came to a conclusion that 'piracy is chiefly a product of a market failure, not a legal one' after a multi-year study of six relevant economies. 'Even in those jurisdictions where there are legal distribution channels, pricing renders many products unaffordable for the vast majority of the population. Foreign rights holders are often more concerned with preserving high prices in developed countries, rather than actively trying to engage the local population with reasonably-priced access. These strategies may maximize profits globally, but they also serve to facilitate pirate markets in many developed countries.'"



For my technology geeks, a most interesting video.

http://www.wired.com/gadgetlab/2011/04/predator-smart-camera-locks-on-tracks-anything-mercilessly/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Index+3+%28Top+Stories+2%29%29

Predator’ Smart Camera Locks Onto, Tracks Anything … Mercilessly

Zdenek Kalal’s Predator object-tracking software is almost uncanny. Show anything to its all-seeing camera eye, and it will quickly learn to recognize it and then track it, whether it fades into the distance, hides amongst other similar objects or — in the case of faces turns sideways.

It really lives up to its name, reminding us of the Predator’s HUD-enhanced vision in the movie of the same name.

Kalal is a Ph.D. student at the University of Surrey in England, researching projects that make computers see. His Predator algorithm is both fast and powerful.



Interesting business model, wouldn't you say? Ad supported Electronic Health Records and Doctors keep the $44,000 stimulus payment

http://techcrunch.com/2011/04/05/free-electronic-medical-records-service-practice-fusion-raises-23-million/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29

Free Electronic Medical Records Service Practice Fusion Raises $23 Million

Launched in 2007, Practice Fusion allows doctors across the country to chart patient visits, review records, schedule appointments, prescribe medications electronically, order and receive lab tests, and connect patients to their health data — all in realtime. Unlike legacy electronic medical records systems that charged doctors exorbitant fees, Practice Fusion’s web-based system is free to health care providers and lives in the cloud.

Offering a free digital system is fairly unprecedented and, at first blush, would seem financially unsound, but Practice Fusion was initially able to stay in the black through rapid product development, word-of-mouth buzz among doctors, and the $44,000 economic stimulus incentive program rolled out by the Obama Administration in 2009. Since then, it has been able to rely on venture capital and has brought more than 70,000 health care providers into its community, allowing for triple-digit annual growth among its users, according to communications director Helen Phung.

As many are aware, the state of American healthcare systems remains atrocious, and the medical industry has struggled to incorporate technology into the management of the healthcare process. Sure, we may have cutting-edge devices in our ERs, but when it comes to IT and medical records, the U.S. healthcare industry might as well be in the Stone Age.

… For more on Practice Fusion, check out the video http://www.youtube.com/watch?v=pVYdPcqlSf8&feature=player_embedded#at=86



I like lists. (Someone else digging out the details so I don't have to) But this one isn't easy to use, sorry. Maybe there will be more detail after the judging...

http://eu.techcrunch.com/2011/04/05/techcrunch-europe-and-the-telegraph-release-the-startup100/

TechCrunch Europe and The Telegraph release the Startup100

Last December we agreed to link up with the London Telegraph newspaper, which planned to put some time and resources into a ranking of promising technology companies in Europe. The Telegraph Tech Start-Up 100 lists 100 top European tech companies.



As I get older, my friends send me this kind of stuff more and more (too) often...

"SENIORS TEXTING CODE"

ATD = ..At The Doctors.

BFF = ..Best Friend Fell.

BTW = ..Bring the Wheelchair.

BYOT = ..Bring Your Own Teeth.

FWIW = ..Forgot Where I Was.

GGPBL = ..Gotta Go, Pacemaker Battery Low.

GHA = ..Got Heartburn Again.

IMHO = ..Is My Hearing-Aid On.

LMDO = ..Laughing My Dentures Out.

OMMR = ..On My Massage Recliner.

OMSG = ..Oh My! Sorry, Gas.

ROFLACGU = ....Rolling On Floor Laughing And Can't Get Up.

TTYL = ..Talk To You Louder."


No comments: