Monday, April 30, 2012

Columbia U. notifies faculty and proprietors that their SSN and bank account numbers were exposed on the Internet for two years
April 30, 2012 by admin
A reader kindly alerted me to the fact that Columbia University sent out breach notices last week. The letter, dated April 21, informed recipients that 3,000 current and former employees, as well as 500 sole proprietors had their names, addresses, Social Security numbers and bank account numbers exposed on the Internet. The names of the banks or the routing numbers were not included in the file.
According to the letter from Jeffrey F. Scott, Executive Vice President for Student and Administrative Services, the breach occurred when a programmer erroneously saved what was supposed to be an internal test file on a public server in January 2010. [Never test with real data. It does not contain the errors you are testing for. Bob] The file remained there until it was discovered because Google had indexed it. The university said it was informed of the breach on April 16 and took immediate steps to secure the file and remove it from Google’s index. The university’s logs indicate that the file was not accessed between January 2010 and March 10, 2012, when it was first indexed by Google. [See how valuable logs can be? Bob]
Columbia is offering affected individuals a two-year subscription to a credit monitoring service from Experian.
In a statement to, the university writes:
We deeply regret that this incident occurred and the imposition it has caused. We have arranged for affected individuals to receive a two-year subscription to a credit monitoring system to help ensure they are protected from the risk of identity theft.
Although an FAQ posted on Columbia’s web site says that this breach “appears to have been an isolated, unintentional incident,” it is at least the fourth time the university has had a breach involving exposure of personally identifiable information on the Internet. And it is not the first time data were available on the Internet for quite a while before being discovered:
  • In 2005, an Emergency Management Operations Team Contact List for the School of International and Public Affairs was exposed on the Internet. As a result, 98 individuals associated with SIPA had their names, phone numbers, emergency contact person and Social Security numbers exposed. Although the university believed it had fully corrected the problem, a copy of the list showed up on the Internet again in June 2006.
  • In June 2008, 5,000 students’ Social Security numbers were discovered on the Internet. They had been exposed since February 2007, when a student employee had uploaded a database of students’ housing information to a Google-hosted Web site.
  • In September 2010, NewYork-Presbyterian Hospital and Columbia University Medical Center disclosed that the names and clinical information of 6,800 patients were exposed on the Internet during the month of July because an employee’s computer was “inadvertently open” to the Internet. For 10 of those patients, Social Security numbers were included.
A fifth exposure incident, in which the Social Security numbers of some of 993 doctors at Columbia University’s faculty practice were exposed was not due to Columbia University’s error but to an error by United Healthcare.
Related: Breach FAQ

We have no reason to suspect you are cheating but we want to come onto your property and check anyway...
UK: Nottingham textile firm taking a stand against council camera car
April 30, 2012 by Dissent
Good one, but do they really have any legal leg to stand on? The council says they don’t:
A Nottingham business is refusing to let the city council’s camera car onto its premises to check it is obeying the conditions of the workplace parking levy.
The council has spent £93,000 on a car [A Toyota at Rolls prices Bob] that will record the number of vehicles parked in company car parks [because they couldn't find anyone who could count? Bob] to enforce the new parking tax.
But Lenton firm Nottingham Textile Group, which voiced strong opposition to the levy before it came into force at the beginning of the month, has questioned the legal rights of the council to record on private property.
The company’s chief operating officer Adrian Wright has written to the Government Office of Surveillance Commissioners and the Information Commissioner’s Office, to ask for clarification and guidance. He says until this is provided they will not allow the car on site.
Read more on This is Nottingham.
[From the article:
The company's chief operating officer Adrian Wright ... said: "It's the privacy aspect of it. When they've recorded the vehicles, what happens to that information?"
… The company has said it will only use ten of its 50 car parking spaces, which is the maximum number of spaces before businesses have to pay the levy.
"We've got cars strewn down the road," said Mr Wright. "A few are beached at the side of the kerb. It looks rather strange when we have an empty car park, but that's our choice because we feel we can spend that money in many better ways."

Surely not what the framers intended. Before you change how the system works, explain why it isn't doing the job...
"The USPTO is considering a rather interesting request straight from lobbyists via congress. That certain 'Economically Significant' patents should be kept secret during the process (PDF Warning) of being evaluated and granted. While this does occur at the moment on a very select few patents 'due to national security' for things like nuclear energy and the like — this would allow it to go much, much further. 'By statute, patent applications are published no earlier than 18 months after the filing date, but it takes an average of about three years for a patent application to be processed. This period of time between publication and patent award provides worldwide access to the information included in those applications. In some circumstances, this information allows competitors to design around U.S. technologies and seize markets before the U.S. inventor is able to raise financing and secure a market.'"

Might make good handouts, if we could get them printed neatly...
April 29, 2012
New on LLRX - A Technical Examination of SOPA and PIPA
Via - A Technical Examination of SOPA and PIPA - The Stop Online Piracy Act (SOPA) and Protect IP Act (PIPA) are the subject of this Infographic, by Spencer Belkofer, Lumin Consulting. See also his related Infographic on the Cyber Intelligence Sharing and Protection Act (CISPA).

Who, in their right mind, would want to impersonate a government official...
April 29, 2012
New E-Gov Site - Check & Register: Federal Social Media Accounts
Via "Do you have an official government social media account? Have you ever wondered if one you’re following is legit? GSA has built a federal social media registry — a government-wide solution that gives the public a way to verify whether a social media account is official. It also provides a place for agencies to register their accounts centrally so they don’t have to build a solution within each agency. This tool is now available for agencies to use on, so they can start entering and editing their data."

Interesting idea (changes often are) but who is teaching the employees/bosses how to use these new toys? The article merely suggests that “big things are happening” without real examples.
How Tablets Are Transforming Business Intelligence
… Jeff Cavins, CEO of Fuzebox, recently wrote in Business Insider that the explosive uptake of tablet computers is fueling the growth of what he called the new “iPad economy.” Cavins said: “The iPad is shifting the way businesses function, changing how executives interact and transforming the economics of today’s business operations.”
… Simple RSS readers are used to condense multiple streams of content from a variety of sources into single channels, granting users access to diverse content all in one place. Some applications have further simplified news aggregation by using innovative search technology that goes beyond the function of RSS readers to deliver richer streams of highly targeted information to business users – a critical asset to businesses large and small.

Here's one I clearly don't understand.
Barnes & Noble, Microsoft ink $300M deal on e-reading
The companies announced today that Microsoft has invested $300 million into a new Barnes & Noble subsidiary, known as Newco until the company can come up with a name. The $300 million investment will give Microsoft 17.6 percent equity stake in the firm. Barnes & Noble, which assumed a $1.7 billion valuation on the subsidiary, will retain 82.4 percent ownership.
Newco will combine Barnes & Noble's digital and College businesses, meaning the retailer's Nook operation and its Nook Study software for students and educators will be a part of the operation.
As part of this deal, Barnes & Noble will bundle its Nook digital bookstore with Windows 8 when it launches later this year. In addition, the companies have settled all of their patent litigation related to use of Android on the Nook tablet, and have formed a "royalty-bearing license under Microsoft's patents for its Nook e-reader and Tablet products."

Since most of my Math is online, this could help my students...
April 29, 2012
Infographic - The Eye-Opening Effects of Staring at Your Screen
The Eye-Opening Effects of Staring at Your Screen by JuJu Kim. "It’s no secret that we spend more than six hours a day on average staring at digital screens. But what’s lesser known is the toll it can take on our eyes. Read on for the ailments too much screen-staring can cause (turns out, “Computer Vision Syndrome” is a thing), then discover some tips to protect your peepers."

Finding, organizing and presenting online resources for each of my classes takes time. Tools like this might help...
There are literally hundreds of services out there that want to help you keep your bookmarks neat and tidy. The problem is, most of these are installed to your browser, and therefore, only work on that specific browser. Fav-Links is different, because it works with a web app and a Windows-based app, so it works regardless of what browser you are using.
Fav-Links offers a very elegant bookmark solution that is easy to use. Once you install the program, a small icon will appear on your screen. You simply click and drag the URL you want to add to the icon and it will add it to your bookmarks. You can add a custom screenshot to the bookmark, so it looks exactly as you want.

No comments: