Thursday, February 21, 2013

“Hey! Someone stole some credit card data!” Not the most useful of notices – do you reissue all your cards?
Developing….
It seems that every bank in the Bahamas has been notified of a breach at a foreign processor or acquiring bank. Most of the banks do not yet know how many of their customers’ card numbers are compromised, and while some banks have already started re-issuing cards, others are taking a wait-and-see approach. The foreign processor has not been named, but Visa and MasterCard reportedly notified banks last Friday.
[From the article:
Most banks responded by lowering the call-back threshold for customers to $500. In other words, if you spent more than that on the weekend, the bank would immediately verify your identity.
… According to a global research team from Websense Inc., a leader in Internet security, The Bahamas is ranked second among the top five countries in the world which host phishing sites.
… The report said that organizations face an average of 1,719 attacks for every 1,000 users.


Another “not thought through” example...
"Educause members and 7,000 university websites are being forced to change account passwords after a security breach involving the organization's .edu domain server. However, some initially hesitated to comply because the Educause notification email bore tell-tale markings of a phishing attempt. 'Given what is known about phishing and user behavior, this was bad form,' says Gene Spafford, a Purdue University computer science professor and security expert. 'For an education-oriented organization to do this is particularly troubling.'"


Rules alone do not good security make.
By Dissent, February 20, 2013 12:24 pm
Winston J. Maxwell writes:
An article published by specialist healthcare news website Actusoins has revealed data breaches at several French hospitals and clinics, demonstrating that such incidents can occur even in a highly regulated jurisdiction.
The journalist was researching another article and entered the name of a physician into Google. She was astonished to find, at the top of the results, a scanned copy of the doctor’s prescription for a PET scan for a cancer patient whose name was still on the prescription. The journalist continued her investigation and discovered numerous other data breaches, including:
  • lists of patients admitted to various services in different hospitals;
  • a list of disableed adults and children; and
  • patients’ test results.
Read more on InternationalLawOffice.com reg. required). It appears from the article that both Hopital Foch and Pôle de Santé du Plateau had web exposure breaches, as did other healthcare facilities who were not named because their patients’ data was still available on the Internet at the time of the article’s publication.


Is this the model we've been looking for?
State helps parents access dead child's Facebook content
Virginia has made it easier for parents and legal guardians to obtain Facebook content and other digital assets created by a child who has passed away.
This week, the Virginia General Assembly voted to adopt a new bill, HP 1752, that compels online account service providers such as Facebook to provide the guardian of a deceased minor with online assets within 30 days after receiving a written request.
The bill, which currently awaits the governor's signature, passed the state Senate on Monday before gaining approval in the House yesterday.


Could be the first slip on the slope...
A ruling by the Pennsylvania Supreme Court says the state constitution doesn’t give people a right to privacy when it comes to their home addresses, clarifying what has been a major point of dispute in the open records law.
Read more on WITF.


Does this also “Green light” my Ethical Hackers?
Ontario’s highest court has signalled that the right of police officers to look through someone’s phone depends on whether there’s a password.
The Court of Appeal for Ontario says it’s all right for police to have a cursory look through the phone upon arrest if it’s not password protected, but if it is, investigators should get a search warrant.
Read more on Global Ontario. The court’s reasoning is a bit of a head-scratcher, as they seem to be saying that if you password protect your cellphone, it’s functioning as a computer, which does have a (higher) expectation of privacy. So what happens to people who don’t password protect their laptops? Can the police search them on arrest by arguing that the failure to password protect means no expectation of privacy?
In any event, it’s always a good idea to password protect your devices if they contain anything you don’t want law enforcement or others to be able to easily access.


Like Scotch, it's an acquired taste...
Mosquito repellent Deet 'losing its effectiveness'
People living or travelling in areas plagued by mosquitoes are more at risk of bites after researchers found the insects are first deterred by Deet, but then later ignore it.
… Researchers from the London School of Hygiene and Tropical Medicine took a species of mosquito that spreads dengue and yellow fever and put it in a room with a human arm covered in Deet.
The first time the mosquitoes were tempted with the arm, they were putt off by the smell. However, the second time, researchers found the Deet was less effective.

No comments: