Sunday, August 21, 2011

How big? Limited to Korea?

http://www.databreaches.net/?p=20217

Epson Korea says 35 million 350,000 customers’ data hacked (updated)

Update: Yonhap News issued another story that puts the number at 350,000, but didn’t correct their original url, cited below.

Good grief – yet another hack in South Korea affecting 35 million?! Yonhap News Agency reports:

Epson Korea Co., the South Korean unit of Japan’s Seiko Epson Corp., said Saturday that its Web site has been hacked, causing the private information of 35 million users to be leaked.

We have discovered through an internal investigation that the customers’ data were leaked. We apologize for causing the trouble,” said Epson Korea in a pop-up notice on its Web site.

The company said that it had detected the security breach a week ago but reported the cyber attack to the Korea Communications Commission (KCC) belatedly on Thursday. The company said that it has put more priority on informing its customers of the hacking.

Personal information leaked included names, user IDs, passwords and resident registration numbers, according to the company. Epson Korea said it is trying to track the hackers but has found no trace of them.

Epson Korea said that it has asked its customers to change their passwords on its Web sites and other portal sites.

Two popular Web sites operated by SK Communications Co. were hacked in late July, causing the private information of 35 million users to be leaked. A local court earlier this week ordered the operator of South Korea’s third most-visited Internet portal to pay a victim 1 million won (US$925) in compensation.

In contrast to Yonhap’s coverage, Reuters is reporting that the company indicated that 350,000 were affected.

There’s a statement on Epson Korea’s site, but I can’t translate it. If any site visitor would be kind enough to translate, I’d appreciate it.



How big? Another great job of masking the facts?

http://www.databreaches.net/?p=20225

Thirty-one Gifts, two breaches, and a bunch of notification letters

It must be headache-inducing enough to investigate one security breach. To discover a second breach while investigating the first, well, pass the Prozac.

On August 8 , lawyers for Ohio-headquartered Thirty-One Gifts, LLC notified the New Hampshire Attorney General’s Office that while investigating how administrative credentials had been misappropriated and used to transfer some consultants’ commissions to an unknown individual’s own bank account, they discovered that a laptop containing consultants’ information was missing. The firm does not believe that the two incidents were related.

In the first matter, the unidentified suspect may have accessed 28 consultants’ names, addresses, Social Security Numbers, and bank account information. The firm reports that fraudulent transfers occurred over two commission cycles [So the transfers were not detected or stopped after the first occurrence? Bob] late last year and were quickly detected internally. During that investigation, however, the firm discovered that a laptop was missing. [No one noticed? Bob] At the request of law enforcement, they did not send out notifications about that matter until they were advised that they could – on August 10. The missing laptop contained an unspecified total number of consultants’ names, addresses, and bank account information; 27 residents of New Hampshire were notified about the missing laptop.

Thirty-One Gifts took a number of concrete steps to investigate both matters and to harden their security going forward, as outlined in their notification to the state and affected individuals, who were offered some free services.



Beware of Geeks bearing gifts..

http://www.pcworld.com/article/238499/charging_stations_may_be_juicejacking_data_from_your_cellphone.html

Charging Stations May be 'Juice-Jacking' Data from Your Cellphone

In a world where laptop batteries, text messages and even old-school newspapers can hack into your life, the question seems not to be what's stealing your personal data, but rather what isn't. So it may not come as a shock to learn that those innocuous and oh-so convenient charging stations may be infiltrating your smartphone by "juice-jacking."

… Many smartphones are configured to transfer data or sync whenever they're plugged directly into USB ports, which is what cellphone power stations are equipped with. So a crafty hacker could make a simple tweak to the charging station and program it to automatically download all of your cellphone's data or upload malware.



How would you avoid a “Subway Spring?”

http://news.cnet.com/8301-1009_3-20095039-83/sf-subway-sets-public-debate-on-cell-shutdown/

SF subway sets public debate on cell shutdown

BART, the San Francisco-area transit system targeted by hackers after it cut wireless service in its subway prior to a protest, posted a letter to customers today explaining its position and announcing plans for a public meeting on the issue.

"BART's temporary interruption of cell phone service was not intended to and did not affect any First Amendment rights of any person to protest in a lawful manner in areas at BART stations that are open for expressive activity," reads the letter, posted on the BART Web site and signed by Bob Franklin, president of BART's board of directors, and Sherwood Wakeman, the system's interim general manager. "The interruption did prevent the planned coordination of illegal activity on the BART platforms, and the resulting threat to public safety." [Because only 'illegal actors' were using the subway that day? Bob]



Yesterday Microsoft backed off “persistent cookies.” Today Apple points out a tracking feature and suggests developers should maybe, sorta consider not using it?

http://online.wsj.com/article/SB10001424053111903639404576519101872716410.html?mod=googlenews_wsj

Apple Shifts Stance on Mobile Software Identifier

Apple Inc. is advising software developers to stop using a feature in software for its iPhones and iPads that has been linked to privacy concerns, a move that would also take away a widely used tool for tracking users and their behavior.

Developers who write programs for Apple's iOS operating system have been using a unique identifier specific to each device to gather personal data about users, in some cases creating detailed dossiers on how they use multiple apps. But Apple advised developers not to use that ID number, known as UDID or Unique Device Identifier, with a new version of the operating system that is expected to become available in coming weeks.

The company set no specific deadline for the change. But it stated on a website for developers that the feature "has been superseded and may become unsupported in the future." It said they could still create an identifier unique to each individual application, however.

… Developers say the companies have been mulling the change quietly for weeks, discussing alternative solutions but have not spoken publicly because they had all signed non-disclosure agreements with Apple.

They say one potential way to continue to track users across apps would be to track another unique identifier, known as a Media Access Control address, which let networks interface with devices. Some of them are also looking at ways to build "fingerprints" using other data that is accessible to developers.



An interesting consequence of Cloud Computing – and old license language in new areas. If you need a license for each “computer” what happens when you can “Create a computer” at will?

25,000 Danish Hospital Staff Moving To LibreOffice

An anonymous reader writes with news that 25,000 staff across 13 hospitals in Denmark will be switching to LibreOffice over the course of the next year.

"The group of hospitals is phasing out a proprietary alternative, 'for long term strategic reasons,' which at the same time saves the group some 40 million Kroner [about $7.7 million] worth of proprietary licenses. The ditching of the proprietary alternative is a consequence of the group's move to virtual desktops, allowing staff members to log in on any PC or thin client. The group found that deploying this new desktop infrastructure would 'trigger unacceptably high costs' for proprietary office licenses... The move is Europe's second largest migration project involving public administrations using an open source office suite."



For my Geeks looking to start a small business...

http://www.pogowasright.org/?p=24083

Mobile Phone Monitoring Service Found

Lion Gu writes:

We’ve been reporting about several NICKISPY variants — Android malware that can monitor a phone’s activities, like SMS, phone calls, and location — here on the Malware Blog, and we’ve been curious of how use such kind of private information, and how they earn money from it.

Now, we have a clear example. We’ve found a Chinese website which offers a mobile phone monitoring service. Once a customer decides to employ the service, he or she will get an account to log into a backend server of the service, where information gathered from a target device can be viewed.

Read more on TrendMicro’s Malware Blog.



Luddites live! “I don't understand it, therefore it must be evil so I want to ban it.” As we integrate new technologies into the education arena, someone will undoubtedly find bad things to do with them. Do we toss the baby out with the bathwater?

http://www.pogowasright.org/?p=24086

Missouri teachers sue to block social media law

Kevin Murphy of Reuters reports:

In the face of a lawsuit, a Missouri state senator defended on Saturday a new state law that will prohibit teachers from communicating privately with students over the Internet.

A teachers group filed a lawsuit Friday afternoon contending the new lawsuit violates free speech and other rights, but the senator who sponsored it says it does nothing of the kind.

It doesn’t stop any avenue of communication whatsoever, it only prohibits hidden communication between educators and minors who have not graduated,” said state Senator Jane Cunningham, a St. Louis Republican and key sponsor of the law.

Read more on WSAU

[From the article:

The law permits teacher-student contact if the Internet site can be viewed by parents, administrators or the public. [Isn't that a FERPA violation? Bob] Teachers and students can still e-mail and text each other as long as someone is copied, Cunningham said.


(Related) I thought for a minute that Argentina might be expecting their own “Arab Spring” but this is simply a case of the “experts” who provide Internet services not understanding how those services work...

Argentina Censors Over a Million Blogs

"A judge in Argentina ordered ISPs to block two websites — leakymails.com and leakymails.blogspot.com. According to Google,many ISPs have simply blocked the IP 216.239.32.2 instead of using a targeted DNS filter. Over a million blogs are hosted by Blogger at this IP. Freedom of speech advocate Jillian York wrote, 'IP blocking is a blunt method of filtering content that can erase from view large swaths of innocuous sites by virtue of the fact that they are hosted on the same IP address as the site that was intended to be censored. One such example of overblocking by IP address can be found in India, where the IP blocking of a Hindu Unity website (blocked by an order from Mumbai police) resulted in the blocking of several other, unrelated sites."



Looks a bit clumsy, but that will improve.

http://www.bespacific.com/mt/archives/028077.html

August 21, 2011

Pronunciation Book channel on YouTube

Pronunciation Book - spoken pronunciation of words, via YouTube (worth visiting)


Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)