Sunday, December 04, 2011

Something new or unique? A small breach, but I can find no reason for state employees to cancel their insurance because of it.
Tennessee mailing error results in employees canceling insurance and scrambling to monitor their credit
December 3, 2011 by admin
AP reports:
The state of Tennessee is offering credit protection to nearly 2,000 employees who canceled their health or dental insurance after officials mailed out their personal information in October.
Each mailing included a certificate containing the information of the recipient and three other letters aimed at other members of the plan. State officials say 1,770 certificates were mailed to the wrong address.
Each included name, address, employee ID number, healthcare insurance coverage dates and Social Security number, which was not identified as such but appeared at the bottom of each certificate.
Read more from: Associated Press.
Last year, Tennessee disclosed that a mailing error had exposed 3,900 people’s information.
There doesn’t seem to be any other coverage online of this newer incident as of the time of this posting, so it’s not clear if this was a subcontractor’s breach or the state’s.


“You can't win, you can't breakeven and you can't get out of the game.”
Researchers Discover Leaks In Pre-Installed Android Apps
You may have heard about a recent surge in Android malware. Still, that malware comes in the form of apps. So long as you watch your permissions, you’re fine. Right?
Wrong. Every Android phone comes with some pre-installed apps, and some more than others.
All of the phones were found to have security issues due to pre-installed apps. The most serious of these flaws are capability leaks that allow third-party apps to exploit an interface or service in use by another app without making a permission request of its own. Researchers found it would be possible for malware to wipe out data, send SMS messages, and obtain geo-location data by exploiting pre-installed apps.
… Since these pre-installed apps often can’t be uninstalled by default, the only complete solution is to root your phone and install a custom ROM.

(Related) An alternative to cell phone companies who capture personal data – something all my Computer Security students should consider? Essentially this is the same “package” that FEMA would bring to a disaster area to ensure communications. Also the same “do it yourself” kit we're pushing to dissidents worldwide.
Miniaturized stealth submarines purpose-built for smuggling are an impressive example of how much technological ingenuity is poured into evading the edicts of contemporary drug prohibition. Even more impressive to me, though, is news of the communications network that was just shut down by Mexican authorities, which covered much of northern Mexico. The system is attributed to the Zetas drug cartel, and consisted of equipment in four Mexican border states. "The military confiscated more than 1,400 radios, 2,600 cell phones and computer equipment during the operation, as well as power supplies including solar panels, according the Defense Department," says the article. Too bad — a solar-powered, visually unobtrusive, encrypted cell network sounds like something I'd like to sign up for. NPR also has a story.


More on Prodigal...
Government-Funded Computer Program Raises Privacy Concerns
December 3, 2011 by Dissent
A new government-funded computer program that can scan 250 million digital communications a day has privacy advocates concerned that the government could soon be monitoring every email sent in the US.
The program PRODIGAL — the Proactive Discovery of Insider Threats Using Graph Analysis and Learning — is a newly revealed research project that can read approximately a quarter billion emails, texts, and instant messages a day.
“Every time someone logs on or off, sends an email or text, touches a file or plugs in a USB key, these records are collected within the organization,” David Bader, a professor at the Georgia Tech School of Computational Science and Engineering and a principal investigator on the project, told FOXNews.com.
Read more on MyFoxMemphis
[From the article:
Bader equated the PRODIGAL system to Raytheon SureView, an internal scanning system that looks for suspicious activity and alerts federal agencies about possible threats. Another system is the Einstein project, which was developed after 9/11 and scans government employees for key words and links suspicious activity to National Security Agency databases.
But the issue is not the scanning technology itself; it’s how the information is interpreted -- and whether it ultimately helps at all, Howard told FoxNews.com.
"Since there is no real data publicly available to substantiate that any of this technology is preventing terrorist attacks or strengthening our borders from within, [we can't] really say definitively that this technology is doing any good," he said.
The challenge, he said, is that criminals and terrorists often use multiple channels of communication, some encrypted -- and know how to avoid existing detection systems.


A bit over-dramatic, but some interesting ideas...
"NPR's Fresh Air this week had an interesting interview with Jeffrey Rosen, one of the authors of Constitution 3.0 , which addresses a number of issues to do with interpreting the US Constitution in the face of new technologies (both present and future). Many of the topics which he touches on come up on Slashdot a lot (including the GPS tracking cases). It's well worth listening to the program (link in the main page), of which the linked article is just a summary."


No comments: