Friday, August 03, 2012

Breach by thoughtless... This was not an unknown bug. This was, “We didn't follow procedure.” Or (worse) “We ain't got no procedure.”
Wisconsin Department of Revenue Inadvertently Posts Home Sellers’ Social Security Numbers Online
August 2, 2012 by admin
Janine Anderson reports:
Personal, confidential information from more than 110,000 people who sold homes in 2011 was hidden inside a Wisconsin Department of Revenue report used by real estate and appraisal organizations.
The DOR has ask those organizations to destroy and replace the report, which was posted online for download from April 5 to July 23. The department said that while the information was in the file, it was not visible when the report was opened. However, someone who opened the specific file would have had access to the information, the DOR said.
Read more on Greendale Patch.

OR: Hacking cases down, still a threat: by the numbers
August 2, 2012 by admin
Some interesting stats in a news report by Queenie Wong in the Statesman Journal:
Cybersecurity by the Numbers
Since 2009, state agencies have been required to report the number of suspicious information security incidents to the state’s Enterprise Security Office, which is part of the Department of Administrative Services. All incidents are not necessarily considered information breaches.
In 2009, state agencies reported 44 incidents. In 2010, that number increased to 49 incidents. In 2011, the number of reported incidents dropped to 21.
During the past three months, 60 percent of reported incidents involved malware or hacking, 30 percent involved lost documents or information breaches and 10 percent were attempted attacks that were not successful.
More than 855 million emails, about 73 percent, the state receives every year are spam or malicious software and blocked before delivery.
The state thwarts about 2.2 million network device attacks per year — or about 6,250 attacks per day.

It's called “Caving in” But even the 'clueless' part of a huge market is huge.
"BlackBerry maker Research in Motion's (RIM) four-year standoff with the Indian government over providing encryption keys for its secure corporate emails and popular messenger services is finally set to end. RIM recently demonstrated a solution that can intercept messages and emails exchanged between BlackBerry handsets, and make these encrypted communications available in a readable format to Indian security agencies. An amicable solution over the monitoring issue is important for the Canadian smartphone maker since India is one of the few bright spots for the company that has been battling falling sales in its primary markets of the US and Europe. In India, RIM has tripled its customer base close to 5 million over the last two years,"

The Privacy Foundation has been pondering this question for some time. Think the judge will get an honest answer?
Judge Skeptical of Facebook ‘Sponsored Stories’ Privacy Settlement
A San Francisco federal judge declined Thursday to approve a Facebook privacy settlement concerning the social networking site’s “Sponsored Stories” advertising program, saying he was concerned that the $10 million payout was not adequately explained, and might not be big enough.
The deal, which does little to bolster the privacy of Facebook’s approximately 150 million U.S.-based users, provides $10 million to the lawyers who sued the social-networking site and another $10 million to charity, in what is known as a cy pres award.
“Why shouldn’t the cy pres be $100 million?” U.S. District Judge Richard Seeborg asked attorneys on both sides.
He suggested he might order the parties to return to provide more information on how it reached that amount. He was concerned that Facebook said the deal might cost them $100 million in advertising revenues, but only $10 million is being paid out. And that doesn’t calculate the amount of damages for the 100 million Facebook users who have already appeared in Sponsored Stories, he said.
“I’m not suggesting there is anything wrong with $10 million,” he said. “My question is: Why is it $10 million?”

Was this a real 'plan' or just a 'want?'
EPIC Files Lawsuit for Details of ODNI Plan to Amass Data on Americans
August 2, 2012 by Dissent
EPIC has filed a Freedom of Information Act lawsuit against the Office of the Director of National Intelligence for details of the agency’s plan to gather personal data from across the federal government. The ODNI is the top intelligence agency in the United States, coordinating the activities of the CIA, the FBI, the DHS, and others. Under revised guidelines, the ODNI plans to obtain and integrate databases containing detailed personal information from across the federal government. The data will be kept for up to five years without the legal safeguards typically in place for personal data held by government agencies. EPIC’s lawsuit asks the agencies to disclose the procedures it has established to safeguard privacy rights. For more information see: EPIC: Open Government

In case “online” becomes unavailable.
And then you have sites, like TED, that use their own web video formats. Finding an effective video downloader for TED that helps you build and maintain an offline library of educational talks can be difficult. There are few tools available, and those that are available tend to be lacking in some way.
… TED is an excellent source of videos that are both educational and entertaining – something that you can’t really guarantee with other video sites.
And if you want to download TED videos for offline use, you’re in luck. Obin from Scenario Solution has released TED Downloader v3.0.

No comments: