Wednesday, June 08, 2011

Kick that sleeping dog! I thought they got off too easily. Let's see if this lawyer can provoke a more adequate response.

Another family sues Lower Merion School District over “webcamgate”

June 7, 2011 by Dissent

If you thought the soap opera involving Lower Merion School District’s “webcamgate” was over, guess again. Reuben Kramer reports that another lawsuit has been filed by another student whose images were captured when the webcam on his district-provided laptop was remotely activated:

Plaintiff Joshua Levin’s suit describes an ominous night when he and his family discovered the surveillance.


Levin says his parents subsequently received a letter from the district around June 2010, advising them that “4,404 webcam photographs and 3,978 screenshots” were remotely captured by the district from the laptop he was issued.

The letter then instructed Levin that if he wanted to view the fruits of the district’s surveillance, he’d have a one-hour window on a specific day in June to do so at a federal courthouse, according to the suit.

Levin says he accepted the offer, “and was shocked, humiliated and severely emotionally distressed at what he saw.”

His attorney, Norman Perlberger of Bala Cynwyd, Pa., did not immediately respond to a call requesting clarification, although the suit claims that many images captured by the laptops may have depicted minors and their parents “in compromising or embarrassing positions,” including in “various stages of dress or undress.”

Read more on Courthouse News, where they have also uploaded the complaint filed Monday in District Court for Eastern District in Pennsylvania. The lawsuit alleges violations of ECPA, SCA, CFAA, and violations of privacy under the Fourth Amendment.

Didn't his lawyers have a duty to ensure this information was protected?

The Worst Example of Executive Data Security Ever?

June 7, 2011 by admin

Daniel Nolte writes:

Fabrice Tourre of Goldman Sachs has the distinction of being the only person sued by the Securities and Exchange Commission for fraud in selling mortgage backed securities. While that may remain his primary claim to fame (thanks to a front-page article in the New York Times), there may be a secondary distinction added: the worst handling of computer security ever.

The Times article contains numerous e-mails between Tourre and his co-workers and legal counsel as they prepared for the case. How did the reporters get access to private Goldman Sachs e-mails including attorney-client discussions?

Read more about the gaffe that led to what emails being exposed in public

[From the article:

These legal replies, which are not public, were provided to The New York Times by Nancy Cohen, an artist and filmmaker in New York also known as Nancy Koan, who says she found the materials in a laptop she had been given by a friend in 2006.

The friend told her he had happened upon the laptop discarded in a garbage area in a downtown apartment building. E-mail messages for Mr. Tourre continued streaming into the device, but Ms. Cohen said she had ignored them until she heard Mr. Tourre’s name in news reports about the S.E.C. Case. She then provided the material to The Times.

What does it take to motivate politicians to pass Privacy laws?

CO: Prostitution-ring records stolen in reported break-in

June 8, 2011 by admin

Another low-tech data theft could have embarrassing consequences. Chuck Plunkett of the Denver Post reports:

Hundreds of documents kept by the former owner of a high-profile prostitution ring in Denver were reportedly stolen Monday in a home break-in.

Scottie J. Ewing, who once owned Denver Players and Denver Sugar escort services — identified by federal agents as a prostitution ring — told Denver police that thieves broke into his home Monday between 6 and 8 p.m., entered an upstairs office and took off with his computer and a large container of files.

Read more in The Denver Post.

In related coverage, Marshall Zelinger of 7News reports:

7NEWS had seen the list from the “Denver Players” in the last week. It contains the names and numbers for high end clientele. For hundreds of dollars, the service matched escorts with clients for sex.


7NEWS was allowed to record video of the documents on Friday, on the condition they would not be recognizable on camera. The documents piled in front of our camera included the black book phone list, appointment logs, schedule books and credit card slips from the escort service.

And Deborah Sherman of 9News reports:

9Wants to Know has learned that secret documents that belonged to a former prostitution business were stolen on Monday night. The documents included a list of clients’ real and fake names, phone numbers, credit card and cash receipts, according to a Denver Police report.

So clearly there is a lot of sensitive, personal and financial information involved, much of which is already in the hands of prosecutors who had initiated legal action against the operation in the past.

But no, I don’t expect we’ll see data breach notifications sent out on this one.

For my Computer Security students. Points out some failures in Security management and is quite amusing too...

Lieberman CEO goes on the warpath - accuses RSA of greed and neglect

Philip Lieberman, the President and CEO of Lieberman Software, issued a press statement on Wednesday that ripped RSA and their senior management to shreds. There is simply no other way to describe his opinions.

… Like RSA, Lieberman Software is also in the privileged identity management space. They offer an alternative to SecurID called Random Password Manager. Their CEO’s comments come in reaction to the news that data taken during the security breach against RSA’s networks, led to an attempt on Lockheed Martin. As a result, RSA announced on Monday that they would be replacing 40 million SecurID tokens.

… “By my estimates this breach is going to cost RSA a minimum of $400M to replace 40 million tokens. This is not just bad news for RSA Security – it paints the rest of the IT security industry in a bad light,” he said.

Placing the fault squarely on the senior management of EMC, the parent company of RSA, the lack of investment in SecurID is viewed as one of the root causes for the breach.

“A quick review of the SecurID products show that the SecurID product line has languished in innovation and development investment since the takeover. EMC is guilty of milking the RSA cow dry, neglecting it, getting it sick, and then selling the tainted beef.

Another way to track individual preferences?

Facebook quietly switches on facial recognition tech by default

June 7, 2011 by Dissent

Kelly Fiveash reports:

Facebook has rolled out its facial recognition technology to countries outside of the US, but has switched the feature on by default without telling its users first.

UK-based security expert Graham Cluely noted earlier today that Facebook had slotted the tech into the social network.

The Mark Zuckerberg-run company started using its facial recognition software in December last year for its Stateside users in a move to automatically provide tags for the photos uploaded by Facebook users.

The tech works by scanning newly uploaded pics and then identifies faces from previously tagged photos already stored in Zuckerberg’s internet silo.

Read more in The Register.

Shame on Facebook. Again.

(Related) Not surprising we see article like this one...

How to get around Facebook's new face recognition

FACEBOOK wants to know what you look like, and it wants you to like it.

The social networking website has been rolling out a facial recognition feature called Tag Suggestions since late last year.

Now the feature has become available for Australian users, and by default, it's turned on.

… Professor Brian Lovell of the University of Queensland said Tag Suggestions posed serious privacy risks for some users.

"The software might actually be labelling people who don’t want to have their faces known," Dr Lovell told

"You put these things up in innocent way and they can be used against you."

Dr Lovell, who heads the university's Advanced Surveillance team, said users with assumed or suppressed identities were particularly at risk.

"If your photo was taken before you enter witness protection, it's very hard to remove those photos," he said.

No comments: