This could be huge! I read it as a
requirement for banks to “adjust” their security based on current
hacker “trends” and the amounts at risk. Very interesting.
Bank
Agrees to Reimburse Hacking Victim $300K in Precedent-Setting Case
In a case watched closely by banks and
their commercial customers, a financial institution in Maine has
agreed to reimburse a construction company $345,000 that was lost to
hackers after a court ruled that the bank’s
security practices were “commercially unreasonable.” [What did
they base that decision on? Bob]
People’s United Bank has agreed to
pay Patco Construction Company all the money it lost to hackers in
2009, plus about $45,000 in interest, after intruders installed
malware on Patco’s computers and stole its banking credentials to
siphon money from its account.
Patco had argued that the bank’s
authentication system was inadequate and that it
failed to contact the customer after its automated system flagged the
transactions as suspicious. But the bank maintained that
it had done due diligence because it verified that the ID and
password used for the transactions were authentic.
The case raised important questions
about how much security banks and other financial institutions should
be reasonably required to provide commercial customers.
Small and medium-sized
businesses around the country have lost hundreds of millions of
dollars in recent years to similar thefts, known as
fraudulent ACH (Automated Clearing House) transfers, after their
computers were infected with malware that swiped their bank account
credentials. Some have been lucky to recover the money from banks
that valued their business, but others, like Patco, were told by
their banks that they were responsible for the loss.
Although the assets of customers with
personal bank accounts are protected under federal law, commercial
bank accounts are not. The only recourse such customers have when
their bank refuses to assume responsibility for stolen funds is to
try to pursue their money in state courts under the Uniform
Commercial Code.
People’s United Bank
agreed to the settlement only after an appellate court indicated that
the bank’s security system and practices had been inadequate under
the UCC.
“This case says to banks and to
commercial customers … that there are circumstances in which the
bank cannot shift the risk of loss back to the customer, and we’re
not going to assume that security procedures are commercially
reasonable just because the bank has a system that they say is state
of the art,” says attorney Dan Mitchell, who represented Patco.
Last year, a U.S. District Court in
Maine ruled that People’s United Bank wasn’t
responsible for the lost money, and granted the bank’s motions
for a summary dismissal of Patco’s complaint. A magistrate agreed
with the ruling saying in part that although the bank’s security
procedures “were not optimal,” it was comparable
to that offered by other banks. [Strange standard... Bob]
But judges with the First Circuit Court
of Appeals ruled
last July that the bank’s security system wasn’t “commercially
reasonable,” (.pdf) and advised the two parties to try to come
to a settlement, which they did about a week ago. Patco will not be
reimbursed attorneys fees in the settlement.
I would expect a very few frauds of
this type to remain undetected for long, but it looks like “Is no
my job, man.”
Total
Extent of Refund Fraud Using Stolen Identities is Unknown
GAO-13-132T, Nov 29, 2012
… IRS officials told us that the
agency does not systematically track characteristics of known
identity theft returns, including the type of return preparation
(e.g., paid preparer or software), whether the return is filed
electronically or on paper, or how the individual claimed a refund
(e.g., check, direct deposit, or debit card).
… As of September 30, 2012, IRS had
identified almost 642,000 incidents of identity theft that impacted
tax administration in 2012 alone, a large increase over prior years.
A taxpayer may have his or her tax refund delayed if an identity
thief files a fraudulent tax return seeking a refund using a
legitimate taxpayer's identity information.
They can be taught. Who knew? Still,
I don't see any real contrition or even much understanding of the
security failure, but it is a start.
S.C.
Gov. Nikki Haley takes blame for state’s data breach
November 29, 2012 by admin
I’ve been somewhat snarky about the
Governor’s past statements on the massive breach in the state’s
Dept. of Revenue agency, so I thought the least I can do is
acknowledge when she steps up to the plate. James Rosen reports:
South Carolina
Gov. Nikki Haley on Wednesday for the first time accepted personal
blame for a massive cyber-attack that stole the Social Security and
bank account numbers of millions of South Carolinians, saying she
should have done more [impossible to do less Bob] to
ensure the data’s security.
Read more on Star-Telegram.
An article my Ethical Hackers should
read. Written by a Hacker who thought he was Ethical... Perhaps we
can have him speak at a Privacy Foundation Seminar in 3-5 years...
Forget
Disclosure — Hackers Should Keep Security Holes to Themselves
By Andrew Auernheimer 11.29.12 5:30
PM
Editor’s
Note: The author of this opinion piece, aka “weev,” was
found guilty last week of computer intrusion for obtaining the
unprotected e-mail addresses of more than 100,000 iPad owners from
AT&T’s website, and passing them to a journalist. His
sentencing is set for February 25, 2013.
Right now there’s a hacker out there
somewhere producing a zero-day attack. When he’s done, his
“exploit” will enable whatever parties possess it to access
thousands — even millions — of computer systems.
But the critical moment isn’t
production — it’s distribution. What will the hacker do with his
exploit? Here’s what could happen next:
(Related) Another interesting legal
question...
"A
Tor Exit node owner is being prosecuted in Austria. As part of
the prosecution, all
of his electronics have been held by the authorities, including
over 20 computers, his
cell phone and hard disks. 'During interview with police later on
Wednesday, Weber said there was a "more friendly environment"
once investigators understood the Polish server that transmitted the
illegal images was used by Tor participants rather than by Weber
himself. But he said he still faces the possibility of serious
criminal penalties and the possibility of a precedent that Tor
operators can be held liable if he's convicted.' This brings up the
question: What backup plan, if any, should the
average nerd have for something like this?"
This can't be good...
"Amidst
the ongoing civil war, Syria
has gone off the Internet as of a few hours ago, with all the 84
IP block within the country unreachable from the outside. Renesys, a
research firm keeping tabs on the health of the Internet, reported at
about 5:25 ET that Syria's
Internet connectivity has been shut down. The internet traffic
from outside to Syrian IP addresses is going undelivered, and
anything coming from within the country is not reaching the Internet.
Akamai has tweeted that its
traffic data supports what Renesys has observed."
Reader trickstyhobbit adds a report
from Slate that the connection "appear[s] to have been knocked
off line by heavy fighting earlier this morning. They are also
reporting that the shutdown may have been intentional to aid in a
government operation."
Or you could register your readers
under a completely false name, such as one selected (entirely at
random) from the local Law School faculty.
Who’s
Tracking Your Reading Habits? An E-Book Buyer’s Guide to Privacy,
2012 Edition
November 30, 2012 by Dissent
Cindy Cohn and Parker Higgins write:
The holiday
shopping season is upon us, and once again e-book readers promise to
be a very popular gift. Last year’s holiday season saw ownership
of a dedicated e-reader device spike tonearly
1 in 5 Americans, and that number is poised to go even higher.
But if you’re in the market for an e-reader this year, or for
e-books to read on one that you already own, you might want to know
who’s keeping an eye on your searching, shopping, and reading
habits.
Read more on EFF.
(Locate your nearest defibrilator)
Based on this summary, I think I agree with the Ninth. The camera is
only recording what the agent saw with own eyes. It was not placed
during a black bag operation nor was it left in place for day or
months.
Ninth
Circuit Gives the A-OK For Warrantless Home Video Surveillance
November 29, 2012 by Dissent
Hanni Fakhoury writes:
Can law
enforcement enter your house and use a secret video camera to record
the intimate details inside? On Tuesday, the Ninth
Circuit Court of Appeals unfortunately answered that question
with “yes.”
U.S. Fish and
Wildlife agents suspected Ricky
Wahchumwah of selling bald and gold eagle feathers and pelts in
violation of federal law. Equipped with a small hidden video camera
on his clothes, a Wildlife agent went to Wahchumwah’s house and
feigned interest in buying feathers and pelts. Unsurprisingly, the
agent did not have a search warrant. Wahchumwah moved
to suppress the video as an unreasonable search under the Fourth
Amendment, but the trial court denied
his motion. On appeal before the Ninth Circuit, we filed an
amicus brief in support
of Wahchumwah. We highlighted the Supreme Court’s January 2012
decision in United
States v. Jones – which held that law enforcement’s
installation of a GPS device onto a car was a “search” under the
Fourth Amendment — and specifically focused on the concurring
opinions of Justices Alito and Sotomayor, who were worried about the
power of technology to eradicate privacy.
Read more on
EFF.
Perspective Doesn't this make you want
to run out and buy my book, “How Steve Jobs does it!” which takes
365 pages to conclude that I have no idea...
Report:
Apple Gets $1 Out of Every $25 Spent on Gadgets
JPMorgan Chase
took some heat a few months ago when analyst Michael Feroli predicted
that the release of Apple's iPhone 5 could add as much as half a
percentage point of fourth-quarter GDP growth in the United States,
all on its own.
New data presented Thursday by Markco
Media's CouponCodes4U.com suggests that if anything, Feroli might
have understated the macroeconomic impact of Apple sales on a still
sluggish recovery.
A recent survey of 1,901 U.S. consumers
conducted by the discount and deals site turned up a pretty
remarkable finding—over the past six months, $1 out of every $25
spent by CouponCodes4U users on tech products went to Apple.
“When the wascawe wabbits are
winning, WETWEET!” E. Fudd Esq.
How
to retweet without needing a lawyer
… Retweeting is so easy that many
people hardly think about what it means, and barely recognize that
what they're doing, quite literally, is republishing someone else's
thoughts.
Most of the time, that's a totally
benign action, but what if the original tweet was an attack on
someone? Or worse, a malicious and dishonest accusation?
I'm always looking for ways to inspire
my students. If I can talk Coors into doing something like this,
Golden Colorado will become the home of the finest minds in the
world!
"Niels Bohr is one of the
greatest scientists who ever lived and a favorite of his fellow Danes
when he lived in Copenhagen. Apparently, after he won the Nobel
Prize in 1922, the Carlsberg brewery gave him a gift – a house
located next to the brewery. And the best perk of the house? It
had a direct
pipeline to the brewery so that Bohr had free
beer on tap whenever he wanted."
Perhaps we'll let our Ethical Hackers
run with this one...
… The folks at CSEdWeek have put
together a great list of resources for putting on an event at your
school during the week of December 9th-15th. They’ve included
templates, online banner ads, talking points, and outreach ideas
(among other things) to help you get an event off the ground. So put
their hard work to work in your own school!
Worth a peek?
Thursday, November 29, 2012
Today, at the Christa
McAuliffe Technology Conference in Manchester, New Hampshire I
gave my Best of the Web presentation to a packed room. This
is my most requested presentation wherever I go. Today, I rolled out
my latest updates to the presentation. With the exception of seven
or eight items everything shared in the slides is something that I
used for the first time in 2012.
If I'm going to steal from
evaluate an online class, I might as well find one that works.
CourseTalk
Launches A Yelp For Open Online Courses And What This Means For
Higher Education
… Whether or not you’re long or
short on MOOCs, it’s clear that, in the near term at least, they’re
here to stay. However, as colleges, universities and more begin
toying with open online courses and an increasing number of students
and learners take to their virtual lecture halls, the signal-to-noise
ratio has the potential to get pretty unfavorable. It’s for this
very reason that Jesse Spaulding decided to launch CourseTalk.
… Today, CourseTalk is what you
might expect — an early stage Yelp for MOOCs — a place for
students to share their experiences with these courses and a way to
discover new courses they’d enjoy. Given that it’s still
nascent, the platform’s design is simple and its user experience is
straightforward: Visitors can use the general search bar which is
front and center, or peruse through “Top Rated,” “Popular”
and “Upcoming” verticals, or search by category, like Business,
Computer Science, etc.
Because it amuses me...
… The European Commission released
a statement this week about the EU’s strategy for
“rethinking
education.” Among the measures it suggests, an increase in the
use of technology and OER.
… Hacker
High School, which offers security and privacy lessons
for students, has just updated its content.
No comments:
Post a Comment