Tuesday, April 10, 2012


One hack worth “hundreds of millions?” So, the utilities are rushing to put unsecured meters on every home and then expecting the FBI to go door to door and look for hackers? That sounds like really bad management (or really smart buck-passing)
"A series of hacks perpetrated against so-called 'smart meter' installations over the past several years may have cost a single U.S. electric utility hundreds of millions of dollars annually, the FBI said in cyber intelligence bulletin first revealed today. The law enforcement agency said this is the first known report of criminals compromising the hi-tech meters, and that it expects this type of fraud to spread across the country as more utilities deploy smart grid technology."
[From the article:
The FBI warns that insiders and individuals with only a moderate level of computer knowledge are likely able to compromise meters with low-cost tools and software readily available on the Internet.
… The FBI believes that miscreants hacked into the smart meters using an optical converter device — such as an infrared light — connected to a laptop that allows the smart meter to communicate with the computer. After making that connection, the thieves changed the settings for recording power consumption using software that can be downloaded from the Internet.
“The optical converter used in this scheme can be obtained on the Internet for about $400,” the alert reads. “The optical port on each meter is intended to allow technicians to diagnose problems in the field. This method does not require removal, alteration, or disassembly of the meter, and leaves the meter physically intact.” [Thanks FBI, my Ethical Hackers should be able to take it from here. Bob]
The bureau also said another method of attacking the meters involves placing a strong magnet on the devices, which causes it to stop measuring usage, while still providing electricity to the customer. [Anyone can use this technique! Bob]


Isn't it all just the cost of doing business in this industry?
"Back in 2007, Heartland had a security breach that resulted in a 130 million credit card details being lifted. A class action suit followed and many thought it would send a direct message to business to ensure proper security measures protecting their clients and customers. With the Heartland case now over and settlements paid out and divided up, the final breakdown is as follows: Class members: $1925 (11 cases out of 290 filed were 'valid'). Lawyers for the plaintiff class action: $606,192. Non-Profits: around $1,000,000 (The Court ruled a minimum of $1 million dollars in payouts). Heartland also paid its own lawyers around $2 million. Eric Goldman (Law Professor) has additional commentary on his Law Blog: 'The opinion indicates Heartland spent $1.5M to advertise the settlement. Thus, it appears they spent over $130,000 to generate each legitimate claim. Surprisingly, the court blithely treats the $1.5M expenditure as a cost of doing business, but I can't wrap my head around it. What an obscene waste of money! Add in the $270k spent on claims administration, and it appears that the parties spent $160k per legitimate claimant. The court isn't bothered by the $270k expenses either, even though that cost about $1k per tendered claim (remember, there were 290 total claims).'"


People who can't count shouldn't be in charge of data security!
Utah Dept. of Health hacked, over 500,000 700,000 affected and the number’s growing?
April 9, 2012 by admin
Marjorie Cortez provides an update on a breach that started out bad enough last week, and just got a lot worse:
Some 280,000 people had their Social Security numbers listed in state health data stolen from a computer server last week, state officials announced Monday, calling the data breach the largest in state history.
Another 500,000 victims had less sensitive personal information stolen, state health department and technology services officials said during a press conference at the State Office Building. “Less sensitive” information was described as names, dates of birth and addresses. Officials said there may be some overlap between the groups, and information is still being reviewed.
The victims are likely to be people who have visited a health care provider in the past four months. Many are children who are enrolled in Children’s Health Insurance Program or Medicaid, although adults are also victims, officials said.
Read more on Deseret News.


Subtle, but important: “Everyone should keep an eye on their grandma.” NOT “Everyone should keep an eye on grandma.”
Watching ‘Martha’: 50,000 affected by security camera privacy breach
April 9, 2012 by Dissent
Andrew Ramadge reports:
Thousands of people all over the world could be watching Martha* get ready for bed right now. But Martha isn’t an entertainer. She’s an elderly woman, and she almost certainly doesn’t know that the inside of her home is being broadcast on the web.
Martha – or more likely, one of her carers – was one of up to 50,000 people who bought and installed a security camera made by the US company TRENDnet before it was discovered that the live footage they captured could be watched by anyone with an internet connection, without even having to guess a password.
Since the flaw was discovered in January, some TRENDnet customers have taken steps to fix it. But many haven’t, and apparently remain unaware that the devices they installed to keep themselves safe could in fact be doing the exact opposite.
Read more on SMH


Why I have a few concerns about government run Health Care databases... In a well managed system, the code for “pregnant” would not be available “if sex = F”
Why Britain has 17,000 pregnant men
… Instead, researchers studying the data think [They don't know? Bob] they’re the result of something way more boring: medical coding errors. Mistakes in data entry are, admittedly, a much less exciting development than a rash of pregnant men. But it’s one that poses as much of a challenge to modern medicine as a would learning to understand male conception.
This research, published as a letter this week in the British Medical Journal, was meant to draw attention to how much data gets entered incorrectly in the country’s medical system. [Will more subtle errors kill you? Bob]


One of the hazards of having more data than any previous case? Is 25 billion bytes of data big enough to be a representative sample?
Megaupload: Feds Want to Destroy User Data to Hobble Defense
… “In essence, the government has taken what it wants from the scene of the alleged crime and is content that the remaining evidence, even if it is exculpatory or otherwise relevant to the defense, be destroyed,” defense attorney Paul Brinkman wrote (.pdf) the Virginia federal judge presiding over the case.
The court filing, lodged Friday, focuses on an unprecedented amount of data — 25 petabytes in all — that was seized by the government from Megaupload’s 1,100 servers in January. A hearing on the issue is scheduled for Friday before U.S. District Judge Liam O’Grady in Virginia.
The government has said it has copied “selected data” from the servers and said the 25 million gigabytes of data stored on hosting service Carpathia’s servers can be wiped out. Brinkman claims the government “cherry picked” relevant data “to support its theories of criminal misconduct.”
… According to Brinkman, the Megaupload data might show that Megaupload was not a criminal enterprise dedicated to infringing activity, but was a legitimate service with “substantial non-infringing uses.”


Was this a requirement of the DCMA or are we inventing new law here?
SolKeshNaranek tips a story at TorrentFreak about an ongoing copyright case that revolves around how much effort websites need to expend to block repeat infringers after responding to DMCA requests. In 2011, a judge ruled that a website embedding videos from third parties had correctly removed links to infringing videos after receiving a DMCA request, but failed to do anything to police users who had created these links multiple times. For this, the judge said, the website would be required to adopt a number of measures to prevent repeat infringement. Google and Facebook wrote an amicus brief opposing the ruling, as did Public Knowledge and the EFF. Now the MPAA has, unsurprisingly, come out in favor. They wrote, "Contrary to the assertions of myVidster and amici Google and Facebook, search engines and social networking sites are not the only businesses that desire certainty in a challenging online marketplace. MPAA member companies and other producers of creative works also need a predictable legal landscape in which to operate. ... Given the massive and often anonymous infringement on the internet, the ability of copyright holders to hold gateways like myVidster liable for secondary infringement is crucial in preventing piracy."


The arms race intensifies?
April 09, 2012
Microsoft Purchases Majority of AOL's Intellectual Property, Including Netscape Patents
Ben Kersey: "Microsoft and AOL ...signed a deal that would see MSFT pick up 800 of AOL’s patents for around $1 billion in cash. The deal is expected to close at the end of 2012, with Microsoft being able to leverage AOL’s remaining 300 patents under a non-exclusive license. As it turns out, there was an undisclosed term to the deal, and AllThingsD reports that Microsoft has picked up part of Netscape."
  • See also NYT: Microsoft's AOL Deal Intensifies Patent Wars, by Steve Lohr: "The lofty price Microsoft paid AOL for 800 patents - $1.3 million each - reflects the crucial role patents are playing in the business and legal strategies of technology companies."

(Related)
Facebook buying Instagram for $1 billion, won't cut off access to Twitter
[Anything is available for the right price... Bob]

(Related) ...and Pinterest is still “Invite only”
The only thing hotter than Instagram? Pinterest


Oh, look how they did it!
April 09, 2012
Library of Congress: Translation of National Legislation into English
The Law Library of Congress, Translation of National Legislation into English, March 2012 - Global Legal Research Center
  • Afghanistan, Argentina, Brazil, China, France, Germany, Greece, Israel, Italy, Japan, Lebanon, Mexico, and Russia International Organizations International Courts


Perspective Obviously, I can't see the benefit that a third grader can see... I still don't have one.
One-fifth of third-graders own cell phones
… According to a new study, 83 percent of middle schoolers, 39 percent of fifth-graders, and 20 percent of third-graders have a mobile device.
Stephanie Englander of Bridgewater University conducted the study (PDF) for the Massachusetts Aggression Reduction Center. Her research consisted of interviews with 20,766 Massachusetts students, in third through twelfth grades, with the goal of seeing whether readily available technology plays a role in cyberbullying.


Perspective (limited) Interesting experiment.
Iran expected to permanently cut off Internet by August
In a statement released last week, Reza Taghipour, the Iranian minister for Information and Communications Technology, announced it plans to establish a national intranet within five months in an effort to create a "clean Internet," according to an International Business Times report. " All Internet Service Providers (ISP) should only present National Internet by August," Taghipour said in the statement.


For my heavy Twitter using friends...
The first part of the infographic displays a graph of your tweets for each month, going back up to 3,200 tweets.
It is followed by a list of your 5 most retweeted posts and a list of your top 5 favorite followers based on the number of times they have mentioned you in their tweets. You can also click on the little arrow at the bottom of each list to view more entries. You cannot save the infographic as an image but you can tweet your results.


Every now and then it is amusing to sit back and read a fairy tale...
April 09, 2012
Chronicle of Higher Education - 2012 Faculty Salary Survey

No comments: