Sunday, April 10, 2011

A relatively small breach, but with some typical statements that illustrate points of security failure for my students.

http://www.databreaches.net/?p=17642

Ie: Firm possibly lost 50,000 clients’ data

April 9, 2011 by admin

Una McCaffrey reports:

Phoenix Ireland, a life and pensions company, has admitted it may have lost the personal details of about 50,000 current and former customers. [Keeping old records mixed in with current records Bob] The possible data loss also affects a small number of people who contacted the company, formerly Scottish Provident Ireland, but did not take out a policy. [Includes data on people who talked to their agents but never purchased their insurance? Will they even consider themselves at risk if they read about this but don't receive a letter? Bob]

In letters sent this week, Phoenix told the affected individuals that a “tape” containing their personal data held on its systems had been misplaced.

It is understood that in most cases, this data, which was not encrypted, included customers’ names, addresses and bank account details.

Read more on Irish Times.

[From the article:

A spokesman for Phoenix said yesterday that it viewed this risk as “low-level”, in part because hacking experts had concluded it would be extremely difficult to distil information from the tape, which was not labelled “Phoenix”. [That provides no security Bob]

In its advice to those contacted, the company said: “We believe it would require an experienced IT specialist to be able to understand the data.”

The spokesman also said the company is not convinced the tape was ever actually created; [Failure to keep records (logs) of computer activity, so they have no idea what is happening in their systems? Bob] it simply knows it did not arrive when it should have been sent from one office to another.



Some governments are pushing toward Privacy, others (China) are pushing in the other direction. Where does the pendulum stop?

http://www.pogowasright.org/?p=22315

AU: Government must justify web snooping: senate report

April 9, 2011 by Dissent

Nicky Phillips reports:

The federal government should justify why mandatory collection and retention of personal data is necessary for law enforcement, a senate report into online privacy has found.

An analysis of the costs, benefits and risks should be conducted before the government pursues its proposed data retention scheme, the report stated.

”We have sent a rocket back to the Attorney-General’s office saying don’t proceed any further until you’ve done your basic homework,” said the Greens Senator Scott Ludlum, a member of the senate committee.

Read more in The Age. It sounds like these legislators are looking at – and asking – some of the same questions that American privacy advocates are raising.



YouTube is facing government regulation and lawsuits for failure to “censor” uploaded videos in a timely manner (i.e. instantly). This would seem to really increase the difficulty of finding and blocking “unapproved” videos.

http://www.hollywoodreporter.com/news/youtube-launches-live-streaming-page-176535

YouTube Launches Live Streaming Page

YouTube, the video site owned by Google, on Friday unveiled a page highlighting live programming and said users have asked for more live streams.

"With over 2 billion views a day, it's easy to think about YouTube as a place to watch videos recorded in the past," it said in a blog post. "But you’ve told us you want more - and that includes events taking place right now. In response, we’ve live streamed a number of popular concerts, sporting events, and interviews, but primarily on a one-off basis."

The initial rollout of YouTube Live will "integrate live streaming capabilities and discovery tools directly into the YouTube platform for the first time," the video site said.

… Users can subscribe to their favorite YouTube live-streaming partners to be notified of upcoming live streams.



SCO is dead when Pamela Jones says it is dead.

http://slashdot.org/story/11/04/09/2315208/Groklaw-Declares-Victory-No-More-Articles?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Groklaw Declares Victory, No More Articles

"Pamela Jones announced that as of May 16th, she will no longer be updating groklaw

"I have decided that Groklaw will stop publishing new articles on our anniversary, May 16: "I know a lot of you will be unhappy to hear it, so let me briefly explain, because my decision is made and it's firm. In a simple sentence, the reason is this: the crisis SCO initiated over Linux is over, and Linux won. SCO as we knew it is no more. "



For my Computer Security students

http://linux.slashdot.org/story/11/04/09/2018231/Five-of-the-Best-Free-Linux-Disk-Encryption-Tools?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Five of the Best Free Linux Disk Encryption Tools

"Disk encryption uses software to encrypt the entire hard disk. The onus is therefore not on the user to determine what data should be encrypted, or to remember to manually encrypt files. By encrypting the entire disk, temporary files, which may reveal important confidential data, are also protected. Security is enhanced further when disk encryption is combined with filesystem-level encryption. To provide an insight into the open source software that is available, we have compiled a list of five notable disk encryption tools. Hopefully, there will be something of interest here for anyone who wants easy-to-use data encryption and security."


For my Ethical Hackers and Computer Security students. Great illustration of the data that accompanies a 140 character Tweet.

http://www.pogowasright.org/?p=22324

This is What a Tweet Looks Like

April 9, 2011 by Dissent

Sarah Perez writes:

Think a tweet is just 140 characters of text? Think again. To developers building tools on top of the Twitter platform, they know tweets contain far more information than just whatever brief, passing thought you felt the urge to share with your friends via the microblogging network. A tweet is filled with metadata – information about when it was sent, by who, using what Twitter application and so on.

Now, thanks to Raffi Krikorian, a developer on Twitter’s API/Platform team, you can see what a tweet looks like, in all its data-rich detail.

Read more on ReadWriteWeb.

[From the Article:

This image is all the more interesting when you consider how much richer a tweet's data map will soon become. At last week's first-ever official Twitter developers' conference, Chirp, Twitter announced that it will implement a new feature called "annotations" next quarter. This was possibly one of the most significant announcements made, second-only (if even) to the launch of Twitter's advertising initiatives, the long-anticipated answer as to how Twitter plans to make money.

With annotations, third-party Twitter developers can add any additional metadata to a Twitter post. That's right, any data. And a tweet can have more than one annotation attached to it. This extra data will initially start off small - Twitter developer Marcel Molina said it will "probably" be around 512 bytes. But over time, it will gradually grow larger as Twitter rolls out the feature and scales up in order to support it. The company hopes to have it end up "around 2K," says Molina. How developers use that extra space is entirely up to them - there can be one giant piece of extra data attached to a tweet or a thousand tiny ones.


No comments: