The
electronic equivalent of a “Paid” stamp?
Credit
Card Roulette: Payment Terminals Pwned in Vegas
At least three widely used credit and
debit card purchasing terminals in the U.S. and U.K. have
vulnerabilities that would allow attackers to install malware on them
and sniff card data and PINs.
The vulnerabilities can
also be used to make a fraudulent card transaction look like it’s
been accepted when it hasn’t been, printing out a receipt to fool a
salesclerk into thinking items have been successfully purchased.
Or an attacker can design a hack that
would invalidate the chip-and-PIN card system, a security feature
that is standard in Europe but only nascent in the U.S. It uses
cards embedded with a chip and requires cardholders to enter a PIN to
validate a transaction.
Most
managers recognize that logging makes it easy to determine who
accessed what, when. Do they fully consider the implications of
saving some money by turning off the logs?
Oops
x 2: lack of logs confounds thorough breach investigation
July 30, 2012 by admin
The Depository Trust and Clearing
Corporation realized that employee information – including SSN and
financial information – was improperly accessible to other
employees on its intranet. But its lack of adequate logging
procedures made it impossible for them to determine
who may have accessed the data, they
report to the New Hampshire Attorney General.
(Related)
Auditors look for changes in the volume of transactions as an
indication that something has started or stopped. Best Practice then
suggests you do something about it! Well done, mystery
processor!
When
security works: payroll processor prevent$ transactions
July 30, 2012 by admin
Neurocare, Inc. has been notifying some
employees after one of their systems was infected by malware and the
criminals acquired the firm’s login credentials to its payroll
processor account. The credentials were then used to re-route direct
deposits for some employees to other accounts.
The scheme was foiled because
Neurocare’s unnamed payment processor detected an unusual number
(17) of change requests and notified Neurocare promptly. The
processor was able to reverse any transactions before they went
through, so no money was lost. The IPs of the attackers
were provided to the firm by the processor.
Payment processors have gotten bad
press at times over their failures. It’s a shame
that Neurocare didn’t name this payment processor in their report
to the New Hampshire Attorney General’s Office so that they could
get some positive coverage. [Agreed Bob]
For your Security manager
Free
Android apps could hijack your phone
Those annoying
pop-up ads are back. This time, they're on your smartphone, and
they're badder than ever. Here's how you can avoid aggressive adware
on your mobile device.
For by Business Continuity students.
It could happen here...
"BBC reports that a massive
power breakdown has hit India for a second day running, leaving
more than half the country without power as the northern and
eastern grids have both collapsed. The breakdown has hit a large
swathe of the country including Delhi, Punjab, Haryana, Uttar
Pradesh, Himachal Pradesh and Rajasthan states in the north, and West
Bengal, Bihar, Orissa and Jharkhand in the east. Power cuts are a
common occurrence in Indian cities because of a fundamental shortage
of power and an aging grid. The chaos caused by such cuts has led to
protests and unrest on the streets but the collapse of an entire grid
is rare — the last time the northern grid failed was in 2001.
India's demand for electricity has soared in recent years as its
economy has grown but its power infrastructure has been unable to
meet the growing needs. In the weeks leading up to the failure,
extreme
heat had caused power use to reach record levels in New Delhi and
on July 30 a line feeding into the Agra-Bareilly transmission
section, the 400-kV Bina-Gwalior line, tripped, triggering the
collapse. The second grid collapse occurred on 31 July as the
Northern, Eastern and North-Eastern power grids of India
tripped/failed causing power blackout in 19 states across India. The
crisis was allegedly triggered after four states — Rajasthan,
Haryana, Punjab and UP — drew much more than their assigned share
of power."
Welcome to Behavioral Advertising, the
political version.
Dark
Money Political Groups Target Voters Based on Their Internet Habits
Lauren Berns was browsing Talking
Points Memo when he saw an ad with President Obama’s face. “Stop
the Reckless Spending,” the ad read, and in smaller print, Paid for
by Crossroads GPS. Berns was surprised. Why was Crossroads GPS, a
group that powerful Republican strategist Karl Rove helped
found,advertising on a liberal-leaning political website? Looking
closely at the ad, Berns saw a small blue triangle in
the upper-left hand corner. He knew what that meant: this
ad wasn’t being shown to every person who read that page. It was
being targeted to him in particular. Tax-exempt groups like
Crossroads GPS have become among the biggest players in this year’s
election. They’re often called “dark
money” groups, because they can raise accept unlimited amounts
of money and never
have to disclose their donors.
These groups are spending
massively on television spots attacking different candidates.
These ads are often highly publicized and get plenty of media
attention.
But these same dark money groups are
also quietly expanding their online advertising efforts, using
sophisticated targeting tactics to send their ads to specific kinds
of people.
Who they’re targeting, and what data
they’re using, is secret.
We
have these on tollways. “We know where you get on, we know where
you get off, that tells us how much you owe.” But, how long do
they keep that information? Who gets to see it? Could be the start
of an interesting dialog.
Automatic
License Plate Readers: A Threat To Americans’ Privacy
July 31, 2012 by Dissent
The ACLU’s
Nationwide Public Records Request
In July 2012,
American Civil Liberties Union affiliates in 38 states sent requests
to local police departments and state agencies that demand
information on how they use automatic license plate readers (ALPR) to
track and record Americans’ movements.
On the same day,
the ACLU and the ACLU of Massachusetts filed federal Freedom of
Information Act requests with the Departments of Justice, Homeland
Security, and Transportation to learn how the federal government
funds ALPR expansion nationwide and uses the technology itself.
Read more on ACLU’s
blog.
I
wonder if Colorado would be interested in following this model here?
I know just the guy to run it...
By Dissent,
July 30, 2012
From PRC, a new resource for California
residents:
Many people
consider their health information to be highly sensitive, deserving
the strongest protection under the law. Medical records often
contain not only personal health-related information – considered
by most to be strictly confidential — but also Social Security
numbers and dates of birth — the keys to identity theft.
Over the years,
the Privacy Rights Clearinghouse has heard from thousands of
individuals who feel their medical privacy rights have been violated.
There is a great deal of misunderstanding about medical privacy laws
and regulations. Most individuals think they have far more legal
protection than they actually have.
What are your
rights to medical privacy? As it turns out, that is not a simple
question to answer. Chances are, you’ve heard of HIPAA, the Health
Insurance Portability and Accountability Act. It is a
federal law that sets a national baseline standard for the privacy of
individually identifiable health information.
But HIPAA only
applies to health care providers that conduct certain transactions
electronically, health plans, and health care
clearinghouses. A great deal of personal medical information exists
that is not maintained by HIPAA “covered entities.” An example
would be personal medical information provided voluntarily when one
participates in an online chat forum for individuals with a specific
ailment.
Fortunately for
individuals who live in California, state law provides additional
medical privacy protections. Today, the PRC has launched a
microsite dedicated solely to medical privacy in California. It
is available
athttps://www.privacyrights.org/california-medical-privacy.
The Fact Sheets
posted on the microsite are:
- C1: Medical Privacy Basics for Californians
Topics: medical privacy terms and definitions, how HIPAA and California laws work together, California laws that protect medical privacy, and what information your medical records contain. - C2: How is Your Medical Information Used and Disclosed – With and Without Consent?
Topics: authorization requirements when using or disclosing your medical information, when medical information can be used or disclosed without your authorization or consent. - C3: Your Medical Information and Your Rights
Topics: your rights if your medical information is breached, your rights regarding the sale of your medical information, and your rights to prevent marketers from using your medical information. - C4: Your Prescriptions and Your Privacy
Topics: pharmacy benefit managers, prescription drug reports, prescription data mining, prescription drug monitoring programs, and tips for safeguarding your prescription information. - C5: Employment and Your Medical Privacy
Topics: drug tests, access to workers compensation records, protections for disabled job applicants and employees, employer-sponsored health plans, employer access to your medical information, and employee wellness and harm risk reduction programs. - C6: Health Information Exchange: Is Your Privacy Protected?
Topics: description of Health Information Exchange, benefits and risks, access guidelines, and consent for the electronic exchange of your medical information.
Over time, we will
expand the site to include additional Fact Sheets.
For information
about health privacy issues not specifically related to California,
read these guides on our website:
Do you have a
medical privacy question that our Fact Sheets don’t address? Use
our Online Complaint
Center to get a personalized response from our staff.
Recent
Developments — Both in the Courts and in Congress — on the Scope
of the Computer Fraud and Abuse Act
July 31, 2012 by admin
Orin Kerr writes:
I’ve blogged a
lot on the scope of the Computer Fraud and Abuse Act, and
specifically on whether using a computer in violation of a computer
use policy or Terms of Service is a federal crime. I’ve been
banging the drum urging
courts to adopt a narrow interpretations of the Act for a decade,
and the question has recently reached several courts of appeals. A
lot has been happening on this front recently, so I thought I would
bring readers up to speed. To follow this issue, you need to watch
all three branches. So let’s start with the pairing of
Judiciary/Executive, and then cover the pairing of
Legislature/Executive.
Read his commentary on The
Volokh Conspiracy.
The
future, now that Amazon has given up the fight (which they were never
going to win).
July 30, 2012
"Amazon"
Laws and Taxation of Internet Sales: Constitutional Analysis
CRS - "Amazon"
Laws and Taxation of Internet Sales: Constitutional Analysis,
Erika K. Lunder - Legislative Attorney; John R. Luckey - Legislative
Attorney, July 26, 2012
- "As more and more purchases are made over the Internet, states are looking for new ways to collect taxes on these sales. While there is a common misperception that states cannot tax Internet sales, the reality is that they may impose sales and use taxes on such transactions, even when the retailer is outside of the state. However, if the seller does not have a constitutionally sufficient connection (“nexus”) to the state, then the seller is under no enforceable obligation to collect a use tax. While the purchaser is still generally responsible for paying the use tax, the rate of compliance is low. Recent laws, often called “Amazon” laws in reference to the large Internet retailer, represent fresh attempts by the states to capture taxes on Internet sales. States enacting these laws have used two basic approaches. The first is to impose use tax collection responsibilities on retailers who compensate state residents for placing links on the state residents’ websites to the retailer’s website (i.e., online referrals or “click-throughs”). The other is to require remote sellers to provide sales and tax-related information to the state and/or the in-state customers. New York was the first state to enact click-through legislation, and Colorado was the first to pass a notification law. These laws have received significant publicity, in part due to questions about whether they impermissibly impose duties on remote sellers who do not have a sufficient nexus to the state."
Could this be the “baseline”
against which other plans are measured?
Republic
Wireless reopens $19 service, sells Motorola Defy XT
The heavily hyped
service, which promises an all-you-can-eat plan for just $19.99 a
month, is finally adding more customers again.
Tools & Techniques for tired
eyes...
Most of us spend hours reading on the
computer every day, but our computers probably aren’t optimized for
reading. The text on our monitors may not be sharp enough or may be
too small, especially if we have high-resolution monitors. Websites
usually aren’t optimized for reading long-form articles either –
they’re cluttered with too many navigation elements, flashing
advertisements, and often use text that’s too small.
These tips will help you read text more
comfortably everywhere on your Windows computer, from the text in all
your programs to articles in your web browser.
Resources: 'cause having your students
watch old movies is (sometimes) useful...
At the time of writing there are 3,207
items in the Prelinger Archives, all of which are open to being
remixed, sampled and used in any way you see fit.
… There are also collections of
films made from Prelinger footage, titled Prelinger
Mashups. If nothing more they serve as inspiration as to what
can be done with footage like this.
Tools
There are bazillions of websites. Find one you like and let these
services find the others...
Are you bored of the same old websites?
Do you not know what to look at next? Well if that’s the case,
then try out a neat web app called Websites Like, which recommends
other sites to you, based on a URL or a keyword that you type into
their search engine.
No comments:
Post a Comment