Tuesday, May 15, 2012

It's not always people who don't know any better...
California DOJ notifies those affected by a hack of a retired agent’s email accounts
May 15, 2012 by admin
Have I mentioned how valuable it is when states post breach notices online? A reader points me to a new addition to California’s security notices page from the DOJ’s Computer and Technology Crime High-Tech Response Team (C.A.T.C.H.). The incident they are reporting was a hack by those affiliated with Anonymous in 2011:
In November 2011, hackers affiliated with the group Anonymous accessed and released private email accounts belonging to a retired agent for the Department of Justice who was a member of the Computer and Technology Crime High-Tech Response Team (CATCH). CATCH is a multi-agency task force that was formed to apprehend and prosecute criminals who use technology to prey on the citizens of San Diego, Imperial Valley, and Riverside Counties. Some of emails that the hackers released included data that contained your personal information including, but not limited to, your name, address, date of birth, and Social Security number (SSN).
Others received a letter that began:
In November 2011, hackers affiliated with the group Anonymous accessed and released private email accounts belonging to a retired agent from the Department of Justice who was a member of the Computer and Technology Crime High-Tech Response Team (CATCH). CATCH is a multi-agency task force that was formed to apprehend and prosecute all criminals who use technology to prey on the citizens of San Diego, Imperial Valley, and Riverside Counties. Some of the emails the hackers released included closed identity theft case files that contained some of your personal information including, but not limited to, your name, financial account information or credit card number, and possibly your Social Security number.
The letter to those in the second group also contained the following statement:
In addition, although it appears that the identity theft case file in which your information was contained has been closed, you may want to confirm that your financial account has been closed. If it has not, we suggest that you immediately contact the financial institution and close your account. Tell them that your account may have been compromised, and ask that they report it as “closed at customer request.” If you want to open a new account, ask them to give you a PIN or password. This will help control access to the account.
No explanation was provided as to why there was such a delay between the incident and the notification letters to individuals. Did they delay because it took them time to figure out who had data exposed? Did they delay so that the disclosure would not interfere with any criminal investigation? If people’s accounts were exposed, I hope they contacted them all promptly by phone if not by letter.
Keep in mind that entities only have to file these breach reports with California if the breach affected more than 500 individuals.

The 'gift card' that keeps on giving. Another case of “further investigation” significantly increasing the scope of the breach.
Global Payments Breach Fueled Prepaid Card Fraud
… According to Fuller, Higgins said the fraudsters were coming to the stores to buy low-denomination Safeway branded prepaid cards, and then encoding debit card accounts issued by USB onto the magnetic stripe on the backs of the prepaid cards. The thieves then used those cards to purchase additional prepaid cards with much higher values, which were then used to buy electronics and other high-priced goods from other retailers.
Initial alerts about the breach from Visa and MasterCard stated that the breach at Global Payments compromised both Track 1 and Track 2 data from affected card accounts, meaning thieves could produce counterfeit versions of the cards and possibly commit other acts of identity theft against cardholders. Global Payments claims that only Track 2 data was taken, and that cardholder names, addresses and other data were not obtained by the criminals.
Yet, as USB’s story shows, the data on Track 2 alone was enough for the crooks to encode the card number and expiration date onto any cards equipped with a magnetic stripe. The cards could then be used at any merchant that accepts signature debit — transactions that do not require the cardholder to enter his or her PIN.
Visa and MasterCard each have revoked their certification of Global Payments as a compliant card processor. Global Payments said it is still investigating the cause and extent of the incident. The company maintains that fewer than 1.5 million card accounts were stolen, but some in the industry now believe more than 7 million card accounts may have been compromised. Meanwhile, the card associations keep broadening the window of time in which hackers likely had access to the processor’s network. Initially, Visa and MasterCard said the breach window at Global Payments was between January and February 2012, but in the latest round of alerts sent to banks affected by the breach, the card brands warned that the breach dates back to at least early June 2011.

Any techie-stalker knows this. You can use the cameras to find and follow anyone. Or, to remove your self from the picture – how do you think I appear to move like the wind?
Popular Surveillance Cameras Open to Hackers, Researcher Says
In a world where security cameras are nearly as ubiquitous as light fixtures, someone is always watching you.
But the watcher might not always be who you think it is.
Three of the most popular brands of closed-circuit surveillance cameras are sold with remote internet access enabled by default, and with weak password security — a classic recipe for security failure that could allow hackers to remotely tap into the video feeds, according to new research.
The cameras, used by banks, retailers, hotels, hospitals and corporations, are often configured insecurely — thanks to these manufacturer default settings, according to researcher Justin Cacak, senior security engineer at Gotham Digital Science. As a result, he says, attackers can seize control of the systems to view live footage, archived footage or control the direction and zoom of cameras that are adjustable.

We should have seen this one coming... Now my car can rat me out to billboards pointing to every donut shop in Denver.
OnStar Files Patents for Minority Report-Style Billboards
Two weeks ago, a patent filing by General Motors was uncovered that proposed using data collected from its OnStar service to tailor public advertisements to individual drivers.
Like the billboards Tom Cruise encountered in Minority Report, the OnStar-linked ads would be tailored to passing motorists based on personal information they’d shared with their telematics service. Perusing the patent’s text, nightmare scenarios flooded our thoughts. Kids in the backseat? Be prepared to see ads for Happy Meals and nearby amusement parks. Headed to the doctor’s office? A friendly reminder to schedule a colonoscopy, in flashing 40-foot letters.

Makes you think about sharing information at sea.
Pentagon Wants Web Apps to Stop Piracy, for Some Reason
The Navy’s far-out research wing thinks it’s found a way to cut down on the scourge of maritime piracy: apps. Commence the face-palming.
The Office of Naval Research announced on Monday that it’s awarding $1 million in grants to develop a suite of web applications to “analyze data and other information to combat pirates, drug smugglers, arms traffickers, illegal fishermen and other nefarious groups.”

Apparently there are a lot more “security events” than TSA reports.
May 14, 2012
TSA's Efforts To Identify and Track Security Breaches at Our Nation’s Airports
  • "Senator Frank Lautenberg requested an investigation into media reports focused on security breaches at Newark Liberty International Airport, including the contributing factors that led to the security breaches. He requested that we compare the incident rate of breaches at Newark to other airports in the region and comparable airports. He asked us to determine whether corrective action had been taken on the specific security incidents. We determined whether the Transportation Security Administration (TSA) at Newark had more security breaches than at other airports. We also determined whether TSA has an effective mechanism to use the information gathered from individual airports to identify measures that could be used to improve security nationwide."

Interesting concept. If you have a simple way to excerpt the text, infringement is easier to prove...
McGruber writes with news of a ruling in a copyright case brought against Georgia State by several publishers over the university's electronic reserve system:
"The Atlanta Journal Constitution is reporting that a federal judge has ruled in favor of Georgia State University on 69 of 74 copyright claims filed by Cambridge University Press, Oxford University Press, and SAGE Publications. In a 350-page ruling, Senior U.S. District Judge Orinda Evans found that 'fair use protected a Georgia State University professor's decision to allow students to access an excerpt online through the university's Electronic Reserves System.' While the 69 of the 74 claims were rejected, the judge also found that five violations did occur 'when the publisher lost money because a professor had provided free electronic access to selected chapters in textbooks.' SAGE Publications prevailed on four of these five claims, while Oxford University Press won the fifth claim. Cambridge University Press lost all its claims."
From Inside Higher Ed: "And the judge also rejected the publishers' ideas about how to regulate e-reserves — ideas that many academic librarians said would be unworkable. At the same time, however, the judge imposed a strict limit of 10 percent on the volume of a book that may be covered by fair use (a proportion that would cover much, but by no means all, of what was in e-reserves at Georgia State, and probably at many other colleges). And the judge ruled that publishers may have more claims against college and university e-reserves if the publishers offer convenient, reasonably priced systems for getting permission (at a price) to use book excerpts online. The lack of such systems today favored Georgia State, but librarians who were anxiously going through the decision were speculating that some publishers might be prompted now to create such systems, and to charge as much as the courts would permit."

(Related) If they can immunize ISPs, why not me?
"In Finland, the operator of an open WiFi access point was found not guilty for copyright infringement allegedly committed over said access point. The operation of such access points would have become legally risky were this decided otherwise. Appeal by the Finnish Anti-Piracy Center is still possible for this district court ruling."

How to be a Government Twit?
May 14, 2012
Working the Network: A Manager’s Guide for Using Twitter in Government
Working the Network: A Manager’s Guide for Using Twitter in Government, Ines Mergel - Maxwell School of Citizenship and Public Affairs, Syracuse University. May 14, 2012.
  • "As of this writing, the federal government operates over 1,000 Twitter feeds. Federal civilian agencies maintain over 360 Twitter feeds, while the Department of Defense hosts more than 650. In addition to its official English feed, the State Department produces Twitter feeds in Turkish, Farsi, Arabic, Spanish, and French. It is fair to say that the federal government is embracing Twitter as a tool for citizen engagement. But is government realizing the panoply of benefits that a comprehensive understanding of this tool promises? Beyond acting as a broadcasting channel—supplementing the website by promoting press releases or announcing new initiatives—Twitter can help agencies follow public conversations on issues relevant to their organizations."

The new legal specialty: e-State Planning?
The Social Media Will: An Expert Guide to Your Digital Afterlife

English teachers rejoice? Probably best to search several ways to get elusive results.
May 14, 2012
Google expands punctuation and symbols in search
Google Inside Search - "Punctuation and symbols in search - Generally, most punctuation and special characters are ignored in Google Search. However, we’re expanding our search capabilities to support some characters that modify search terms and help Google find exactly what you’re looking for. Here are some examples from the growing list of popular symbols that are supported.." [Search Engine Showdown]

This could be extremely handy!
Monday, May 14, 2012
The web is full of webinars, webcasts, and video lessons of all types. Searching the content of those videos can be difficult and time-consuming if you can't find the transcripts of those videos. That's a problem that can be addressed by using a tool that Stephen Ransom shared on Twitter this morning.
Talk Miner is a tool for searching the contents of webinars, webcasts, and video lectures. Talk Miner searches the slides, images, and text within videos to take you to the scenes that match your search query. Watch the video below to learn more about Talk Miner.

For my Intro students...
Hitch a ride through Google's cloud
Your Gmail box lives somewhere in the jumble of servers, cables, and hard drives known as the "cloud" but it often migrates in search of the ideal location.
Google today released an animation that answers the question: what happens when I press send on Gmail? The company created the interactive feature called The Story of Send to highlight the security and relatively low energy footprint of its data centers. The graphics repeat Google's estimate that its data centers use 50 percent less energy than a typical data center and 30 percent of their data center energy is supplied from renewable sources, including wind and solar.

Free is good, and eventually I'll move to Windows 7
Get Laplink PCmover Windows 7 Upgrade Assistant for free
Today only, in honor of its 29th birthday, Laplink is offering PCmover Windows 7 Upgrade Assistant absolutely free. It regularly sells for $29.95.
To get the software, click here, then click the little "Add to cart" box in the upper-right corner of the free-PCmover banner. Scroll down and click "Proceed to Cart." Follow the instructions on the following page.
… If you're an XP user, you can't do an in-place upgrade -- meaning Windows 7 effectively wipes your programs and data as part of the installation process. The same is true if you're moving from a 32-bit version of Vista to 64-bit Windows 7.
PCmover overcomes that limitation, packaging up all your programs and data and then restoring them after Windows 7 finishes installing.

No comments: