Tuesday, October 25, 2011


Apparently (we need a better translation) this includes airline tickets and the passport numbers that “prove” you aren't a terrorist.
CheapTickets.nl database with 715,000 customers’ personal information and 80,000 passport numbers leaky due to “stale” security
October 24, 2011 by admin
The following is via Google’s translation of what Brenno de Winter reported:
… leaked CheapTickets.nl a database of 715,000 customers. Attackers did not just names but also tickets and passport numbers.
It found a source that reported on condition of anonymity. He discovered that the Windows Server 2003 environment, not all patches were rotated. Because the area was vulnerable to a weakness published in 2009, he was able to access the system containing the database with customer data.
Lot of personal information
In the database, the personal information of 715,000 customers, including full name, address, telephone number and meal preferences. Together, these customers took more than 1.2 million tickets away. For flights to destinations including the United States give their passengers through passport. 80,000 of them are certainly in the database.
[...]
CheapTickets.nl will not respond to questions from Macworld. But Raymond Vrijenhoek, CEO CheapTickets.nl will come later today in a statement
Read more on Webwereld. In reading translations of other news stories on the breach, I chuckled over one translation of outdated/unpatched as “stale.” That seems about right.


Another Privacy Damages article. Would this apply to individuals? Replacing credit/debit cards is a cost to the banks. Credit monitoring or insurance is often paid for by the breachee, not the individual victims. If you do purchase insurance after notification of a breach where the organization breached claims there is no risk of identity theft, would the court see that as a breach-related expense, or an individual whim?
Federal Appeals Court Holds Identity Theft Insurance/Credit Monitoring Costs Constitute “Damages” in Hannaford Breach Case
October 24, 2011 by admin
I posted something on this decision earlier today, but David Navetta has such a helpful analysis of the ruling that I wanted to mention it here. His commentary begins:
In a significant development that could materially increase the liability risk associated with payment card security breaches (and personal data security breaches, in general), the U.S. Court of Appeals 1st Circuit (the “Court of Appeals”) held that payment card replacement fees and identity theft insurance/credit monitoring costs are adequately alleged as mitigation damages for purposes of negligence and an implied breach of contract claim. For some time, the InfoLawGroup has been carefully tracking data breach lawsuits that, for the most part, have been dismissed due to the plaintiffs’ inability to allege a cognizable harm/damages. In fact, we have been tracking the legal twists and turns of the Hannaford case with great interest (see e.g. here, here, here, here, here and here). The decision in Hannaford could be a game changer in terms of the legal risk environment related to personal data breaches, and especially payment card breaches where fraud has been perpetrated. In this post, we summarize the key issues and holdings of the Court of Appeals.
Read more on InformationLawGroup.

(Related) The 'earlier post'
Appeals court decision in Hannaford data breach case could signal new approach
October 24, 2011 by admin
Judy Greenwald reports that at least one lawsuit against Hannford Bros following their 2007 breach is still alive:
An appeals court’s decision to permit negligence and contract putative class action litigation to proceed in a grocery store chain data breach because of the alleged damages incurred could signal a change in courts’ approach to this issue, says an expert.
[...]
Twenty-six separate suits were filed against Hannaford arising from the breach and were consolidated into one suit. Plaintiffs said they experienced more than 1,800 unauthorized charges to their accounts and suffered several categories of losses as a result of the breach.
“Plaintiffs’ claims for identify theft insurance and replacement card fees involve actual financial losses from credit and debit card misuse,” a three-judge appeals court panel said in its Oct. 20 ruling. “Under Maine contract law, these financial losses are recoverable as mitigation damages as long as they are reasonable,” the court ruled in partly affirming and partly reversing a lower court ruling.
Read more on BusinessInsurance.com


Is there a central repository of privacy laws and regulations Google would need to comply with in each country? (It doesn't pop up on the first few pages of a Google search) NOTE: The big audit firms would likely call on one another to conduct “independent” audits of their clients, so it is likely they each have this expertise.
FTC Gives Final Approval to Settlement with Google over Buzz Rollout
October 24, 2011 by Dissent
Following a public comment period, the Federal Trade Commission has accepted as final a settlement with Google, and authorized the staff to provide responses to the commenters of record. The settlement resolves charges that Google used deceptive tactics and violated its own privacy promises to consumers when it launched its social network, Google Buzz, in 2010. The agency alleged that the practices violate the FTC Act. The settlement bars the company from future privacy misrepresentations, requires it to implement a comprehensive privacy program, and calls for regular, independent privacy audits for the next 20 years.
The Commission vote approving the final settlement was 4-0. (FTC File No. 102-3136; the staff contact is Katherine Race Brin, Bureau of Consumer Protection, 202-326-2106; see press release dated March 30, 2011.)
Source: FTC


“It is illegal to be young and ignorant!” In “Ye Olde (Pre-Internet) Days” no one knew you were playing Doctor. Now teens have portable “x-ray machines” to better equip their examination rooms and they can send the images out for a “consultation.”
MI: Prosecutor to seek cell records in ‘sexting’ probe
October 25, 2011 by Dissent
Associated Press reports a story originally reported by WCSR in Michigan:
A prosecutor plans to subpoena cell phone records of students in Hillsdale and Branch counties as part of an investigation into widespread sharing of sexually explicit photos.
Assistant Hillsdale County Prosecutor Megan Stiverson told WCSR for a story Friday (http://bit.ly/oxUWS1 ) that the original “sexting” incident involved two female students at Hillsdale High School and a male student at Quincy High School.
She said at least a dozen others are involved with some students taking explicit photos of themselves and sending them with their cell phones.
[...]
Stiverson said sending a nude photo of a minor is a felony, even if the minor is sending it.
Is a subpoena the right requirement here, or should it be a warrant to search their cell phones? And are we (again) criminalizing youthful indiscretions?
The cases I mentioned earlier this week from Baltimore raise different issues – including uploading material to the Internet of people who neither knew they were being taped nor consented to it. In this case, if teens are voluntarily sharing nude photos of themselves, then however stupid or dangerous we think such behavior might be, do we really want this all handled as a criminal investigation? This is where we should try education. What have the schools in Michigan been doing to teach teens about privacy? [Or schools anywhere? Bob]


They should learn from Internet companies. “We'll give you a dollar a month. To receive more, sign up for our fun “fingerprinting & DNA” social network!”
Judge Orders Injunction On Florida’s Welfare Drug Testing Law
October 24, 2011 by Dissent
David Taintor reports:
A U.S. district judge on Monday ordered an injunction on a Florida law requiring welfare applicants to pass a drug test before receiving state benefits.
An ACLU lawsuit filed in September claimed the Florida law violates the Fourth Amendment by requiring welfare applicants to submit to a “suspicionless” drug test. The suit was filed on behalf of Luis Lebron, a 35-year-old Orlando resident and Navy veteran who applied for welfare benefits but refused to take the drug test.
Read more on TPMmuckraker.


Something to mention to all my students...
Privacy-protecting Facebook Disconnect app is downloaded 152,000 times
October 24, 2011 by Dissent
Rob Waugh reports:
Facebook’s reassurances about its privacy policies don’t seem to have calmed people’s fears of the internet giant – as users flock to shield their browsing histories from its all-seeing eye.
Facebook openly admits to tracking your use of other websites while you are logged in to the site. But the site’s attempts to reassure people that its use of their web browsing information is innocent don’t seem to have had the desired effect.
Facebook Disconnect – a browser extension which prevents Facebook ‘seeing’ which other sites you visit online – has been downloaded 152,000 times.
Read more on Daily Mail
So we know that there are at least 152,000 privacy-conscious people in the world. That’s nice. :)
[...until you remember that Facebook has over 700 million users. Bob]


If you saw this coming, where do you now stash your millions?
Swiss Banks Said Ready to Reveal Clients
… “The Swiss would like to get out of this by paying money, and they’ve done that with other countries,” said tax attorney H. David Rosenbloom of Caplin & Drysdale Chartered in Washington, who isn’t involved in the talks. “For the U.S., it’s not primarily a money question. It’s a matter of making sure the laws apply fairly among taxpayers.”
… UBS, which isn’t one of the 11 banks now under scrutiny, avoided prosecution in 2009 by paying $780 million, admitting it fostered tax evasion and handing over details on 250 secret accounts. It later disclosed another 4,450 accounts.


Because Infographics get the point across (usually)
INFOGRAPHIC : How SMS Messaging Is Changing The World


For my geeks
3 Websites To Help You Find The Best Software
Looking for software online has actually become easier these days. Do you want to see a comparison of all similar software for a specific task? There’s an app for that. Do you want to see all alternatives to a specific program? There’s an app for that too. You probably knew this from using the many rich repositories of software available on FileHippo, SourceForge, etc. However, there are other more recently developed applications with interesting approaches to listing software that might just help you find what you need quickly and painlessly.
CatchFree is a brilliant site that offers a very useful approach to software. You simply type the task you’re trying to accomplish on the site’s search bar, and you’ll be presented with software suitable for your specified task. What makes it stand out from other software repository sites is that it lists several products at once and displays in a nice comparison chart all the common features of the products so you’ll know exactly which ones can perform additional tasks or not.
AlternativeTo. You can use this site by first typing in the name of the software you’re trying to find an alternative for. After that, you’ll see a list of similar software sorted by user “likes”. You can filter by platform
… If you’re interested in more sites that can show you what other users prefer, check out the social network Wakoopa, Apps & Oranges, iusethis, FilePig, etc.
http://www.makeuseof.com/ There are plenty of resourceful lists on our site that will point you to some of the best applications and services for a variety of platforms.

No comments: