Wednesday, December 07, 2011


Here's another first. ATM hackers are clearly after information to convert to cash – perhaps this is the right move? I bet the banks hate it...
Update: Lucky urges some customers to close bank accounts as losses mount
December 6, 2011 by admin
Kevin McCallum reports:
Shoppers who used the self-checkout lines at 21 Lucky supermarkets in the Bay Area should cancel their accounts to protect their money, the company that owns the grocery chain announced Monday.
The warning does not yet include Lucky’s Supermarkets in the North Bay, but a store in Petaluma was under investigation as a possible site of theft.
Save Mart Supermarkets, owner of about 70 Lucky markets in Northern California, issued an alert saying it “strongly recommend(s)” that shoppers take the precautionary measure following reports of a security breach at the stores’ ATM/credit card readers.
Read more on Press Democrat.
Usually businesses advise customers to remain alert and monitor their accounts. For a chain to advise canceling accounts is a bit unusual. According to the report, ”On Monday, the company confirmed that 80 employees and customers so far were victims of thefts or attempted thefts from their accounts. Most occurred over the weekend, Rockwell said.”


So you hack into the system and send money to hundreds or thousands of accomplices? How big is this criminal organization?
MoneyGram Security Breach
December 6, 2011 by admin
Chester Robards reports:
A MoneyGram agent in the Bahamas may have lost hundreds of thousands of dollars this weekend as a result of its system being hacked, The Tribune understands.
Harvey Morris, managing director of MoneyGram, Omni Transfers, explained that the agent’s system was likely hacked by someone residing outside of the Bahamas. He said his own system was not directly affected, but did not know which agent’s system was.
[...]
He said this weekend was not the first time individuals have attempted to hack into their system. However, he explained that he was surprised that someone was successful.
“I’m a bit surprised to see that this has taken place,” said Mr Morris.
Read more on The Tribune.
[From the article:
Harvey Morris, managing director of MoneyGram, Omni Transfers, explained that the agent's system was likely hacked by someone residing outside of the Bahamas.
… However, he said the effect of the breach of security was that MoneyGram set a cap of $400 on wire transfers on all their local agents this weekend until the threat was secured.
"It's the first time I have seen MoneyGram implement such draconian measures," said Mr Morris.


Interesting. Read and despair?
By Dissent, December 6, 2011
Micky Tripathi, President and CEO of Massachusetts eHealth Collaborative provides yeoman service by dissecting a security breach they experienced earlier this year.
For my money, every entity dealing with patient data should read this piece. If you’ve been through it yourself, you’ll be nodding your heads in empathy, and if you haven’t, well, it may get you off the dime to do some things you’ve been intending to do all along – like encrypting data or remind employees about not leaving laptops in cars. It will also make it clear how complex it can be trying to sort what federal and state laws require – particularly if you’re a contractor or your contractor was the entity that had the breach.
Thanks so much to the reader who sent me the link!


Ta da! Could this have been avoided if there was disclosure?
8 companies hit with lawsuit over Carrier IQ software
December 6, 2011 by Dissent
Jaikumar Vijayan reports:
Apple is one of eight companies that have been named in another class-action lawsuit filed over the use of Carrier IQ software in mobile handsets.
The lawsuit was filed last Friday in U.S. District Court for the District of Delaware and accuses Carrier IQ, three wireless carriers, and four handset makers of violating the Federal Wiretap Act, the Stored Electronic Communications Act, and the Federal Computer Fraud and Abuse Act.
Read more on InfoWorld.
Update: And then there were 12 (lawsuits)


I like it! ...at least it is moving in the right direction.
Europe to crack down on privacy breaches with steep fines
December 6, 2011 by Dissent
Joseph Parish reports:
The European Commission is finalizing privacy protection rules where companies could be fined up to five percent of their global sales for mishandling the data of customers, suppliers, or employees. Because the law would apply to foreign companies with branches in Europe, it gives the EU significant power to regulate privacy worldwide. Under the proposed system, all companies with more than 250 employees would be required to have dedicated data protection staff, and businesses would have 24 hours to notify authorities of a security breach.
Read more on The Verge.


Is this the first set of guidelines from outside the advetising industry?
Ca: Privacy watchdog unveils new online ad guidelines
December 6, 2011 by Dissent
Sarah Schmidt reports:
Advertisers who track people’s online behaviour better watch their own back.
Jennifer Stoddart, Canada’s privacy watchdog, released new online advertising guidelines Tuesday spelling out what advertisers, websites and browser developers can — and can’t — do when it comes to tracking, profiling and targeting people.
Read more on Vancouver Sun.
Related:


Always interesting...
The PII Problem: Privacy and a New Concept of Personally Identifiable Information
December 6, 2011 by Dissent
Paul Schwartz and Daniel Solove have a new article available for download from SSRN. Here’s the abstract:
Personally identifiable information (PII) is one of the most central concepts in information privacy regulation. The scope of privacy laws typically turns on whether PII is involved. The basic assumption behind the applicable laws is that if PII is not involved, then there can be no privacy harm. At the same time, there is no uniform definition of PII in information privacy law. Moreover, computer science has shown that in many circumstances non-PII can be linked to individuals, and that de-identified data can be re-identified. PII and non-PII are thus not immutable categories, and there is a risk that information deemed non-PII at one time can be transformed into PII at a later juncture. Due to the malleable nature of what constitutes PII, some commentators have even suggested that PII be abandoned as the mechanism by which to define the boundaries of privacy law.
In this Article, we argue that although the current approaches to PII are flawed, the concept of PII should not be abandoned. We develop a new approach called “PII 2.0,” which accounts for PII’s malleability. Based upon a standard rather than a rule, PII 2.0 utilizes a continuum of risk of identification. PII 2.0 regulates information that relates to either an “identified” or “identifiable” individual, and it establishes different requirements for each category. To illustrate this theory, we use the example of regulating behavioral marketing to adults and children. We show how existing approaches to PII impede the effective regulation of behavioral marketing, and how PII 2.0 would resolve these problems.
You can download the paper here.
The PII Problem: Privacy and a New Concept of Personally Identifiable Information
Paul M. Schwartz University of California, Berkeley – School of Law
Daniel J. Solove George Washington University Law School


Apple wouldn't do that, would they?
EU opens antitrust probe of Apple, other e-book publishers
The European Union's antitrust watchdog is investigating whether Apple helped five major publishing houses illegally raise prices for e-books when it launched its iPad tablet and iBookstore in 2010.


Woolly Mammoth! Woolly Mammoth! The kurfuffle-du-jour? Start your protest now and avoid the rush. After all, if God wanted a Woolly Mammoth he would have made one! Oh, wait...
Woolly Mammoth to Be Cloned


Couple this with my Ethical Hacker generated list of Congressional cell phone numbers and schedule everything for 2-4 AM and I'm in!
"One of the great banes of election season is that any politician can shell out a few pennies per voter and phone-spam thousands of people who'd rather not hear a recorded pitch. But turnabout's fair play, and now a service called reverse robocall will deliver your recorded message to elected officials as often as you'd like for a nominal fee. If there's a representative you'd like to call repeatedly, check them out."

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)