Tuesday, May 01, 2012

A very small (relatively) breach that normally wouldn't get posted except for the time between the breach and someone noticing the breach. (If the breach predates disclosure laws, do they still have to report it?)
Vol State: Personal information found vulnerable for 14,000 students, faculty
April 30, 2012 by admin
About 14,000 students, former students and faculty at Volunteer State Community College in Gallatin had personal information placed on a web server that was not secure.
The files placed on the web included names and Social Security numbers, but university officials say there is no evidence that any of that information has been accessed [“We don't keep logs...” Bob] or used inappropriately. No credit card or financial information was included in the files.
Bruce Scism, interim president, said the university is notifying the affected students and faculty members as a precaution.
Read more on The Tennessean.
The college’s press release notes that the files had been accessible since 2008 and that “it’s possible that this data could have been accessed by unauthorized individuals on the web.”

Are we still allowing this? What happened to Best Practice contracts that required vendors to remove any such “security holes?”
Equipment Maker Caught Installing Backdoor Vows to Fix Following Public Pressure
After ignoring a serious security vulnerability in its product for at least a year, a Canadian company that makes equipment and software for critical industrial control systems announced quietly on Friday that it would eliminate a backdoor login account in its flagship operating system, following public disclosure and pressure.
RuggedCom, which was purchased recently by German-conglomerate Siemens, said in the next few weeks it would be releasing new versions of its RuggedCom firmware in order to remove the backdoor account in critical components used in power grids, railway and traffic control systems, as well as military systems.

Interesting article, but until everyone can carry the electronic equivalent of a Colt .45, I don't think it's wise.
'Stand Your Cyberground' Law: A Novel Proposal for Digital Security

Management: “Were too backlogged to worry about Security! You can ignore an applicant's Taliban past because we need him to secure our airports!”
TSA delays background checks for new hires
In a move that could affect security at airports around the nation, the Transportation Security Administration confirmed Wednesday it had such a backlog of background security checks, airport employers were allowed to hire any employee needed.
TSA officials said the background checks are delayed, but they are processing them as fast as they can. 
TSA also will complete background checks on accepted applicants at a later date.

It's hard to remain anonymous...
Engineer Doe” of Google StreetView payload data privacy breach unmasked
May 1, 2012 by Dissent
Steve Lohr and David Streitfeld of the New York Times put a name to “Engineer Doe” in the FCC investigation of the Google Street View investigation. “Doe” was the engineer who we now know wrote code to intentionally scoop up payload data from unsecured Wi-Fi networks. According to the less-redacted version of the FCC’s report (voluntarily released by Google after EPIC filed under FOI to obtain it), Doe did inform others of what he was doing, but Google claims that management did not read his communications.
A state investigator who spoke with the NYT identified the engineer as Marius Milner. Google had reportedly given his name to state investigators in December 2010.
The release of the report has raised new questions about Google’s public claims that this was all “accidental.” It has also raised questions as to why the FCC did not disclose to the public that they had found evidence of intentional data collection. In an OpEd yesterday, Chris Soghoian called on Congress to investigate the FCC for its failure to really inform the public of its findings.

Resource: Librarians for Privacy
May 1, 2012 by Dissent
Jay Stanley of the ACLU writes:
The American Library Association has created an excellent public education resource on the privacy issues facing our society – a web site called privacyrevolution.org.
Read more on ACLU. Today starts Choose Privacy Week. Find out more on privacyrevolution.org.

The best way to share knowledge? Does this work the same in the US?
April 30, 2012
Briefing Paper on Embedding Creative Commons Licences into Digital Resources
Briefing Paper on Embedding Creative Commons Licences into Digital Resources - Naomi Korn, Strategic Content Alliance IPR Consultant, March 2011
  • "Creative Commons licences (also referred to as CC licences) can facilitate the copying, reuse, distribution, and in some cases, the modification of the original owner’s creative work without needing to get permission each time from the rights holder. There are a number of different types of these licences. Across the UK’s public sector, CC licences are increasingly used to provide access to cultural heritage and teaching, learning and research outputs. Creative Commons licensed resources are also helpful for public sector bodies who wish to use third party resources which place the least restrictive licensing terms on the user. This short briefing paper accompanies further information on CC licences produced by the Strategic Content Alliance, available here demonstrates how the terms of CC licences can be embedded into a variety of resources, such as PowerPoint, images, Word docs, elearning resources, podcasts and other audio visual resources." {via Robin Good]

This could be amusing. How much value would a phone bring to Amazon? Would Skype cut the cost of their 800 number? (They do have one.)
Is a Smartphone in Amazon’s Hardware Future?
Amazon is killing it. Its tablet is selling like Android-powered hotcakes and recent financial filings show that its bank account just keeps on growing. The retailer-turned-hardware vendor is on a roll, which begs the question: What will Amazon’s hardware division do next?
For answers, we might look to Facebook, which along with Apple, Google, Amazon and Microsoft, has the potential to own an entire “stack” — in other words, a walled-off ecosystem in which consumers use a single company’s hardware, operating system and storefront to search online, buy apps and purchase digital media and even physical products.
Last week, yet another rumor surfaced that Facebook is getting closer to releasing its own branded smartphone, an obvious attempt at owning a stack component (hardware) that’s currently missing from its line-up. So is it any more outlandish to think that Amazon, too, would enter the smartphone game? After all, it’s already selling the world’s most successful Android tablet in the Kindle Fire.
“A smartphone would be a logical next step for Amazon,” ABI Research Analyst Aapo Markkanen told Wired via email.
… The Kindle Fire does a fine job of goosing digital download sales, but it’s not the device consumers carry all the time. ... So imagine, instead, a truly mobile hardware device that would provide dead-simple hooks into the Amazon buying experience, 24-7.

… I need to introduce you to AIBQ, otherwise known as the Comic Books Archive.
You’re going to want to head straight to the Catalog page and you’ll quickly see just how vast the collection is, currently with over 900 comics available for download.
… Clicking on an issue that is available will bring up a prompt to download a CBR file. Save that file to wherever you’d like. Now, we need a quality comic reader. That’s where ComicRack comes in.
… Oh and don’t forget to check out our free comics manual, Bam! Your Guide To Cool Online Comic Books by Lachlan Roy, which also features other comic sources and comic software.

No comments: