Friday, August 09, 2013

“Yes we follow Best Practices and encrypt your data, but we also follow Worst Practices and provide the decryption App on the same server.”
From the this-doesn’t-sound-good dept.:
Smartphone Experts discovered that the system used for customer payments for online shopping had been hacked. Although stored customer data were encrypted, Diana Kingree, the Senior Vice President of Commerce, noted that the hacker may have been able to use a decryption feature of the system to view customers’ names, addresses, credit or debit card number, CVV, and card expiration date. Why all that information was even stored on the system or for how long it was stored was not disclosed.
The breach was discovered by the Florida-based e-tailer on July 12, but the firm does not indicate how it learned of the breach or, more importantly, perhaps, when the breach actually occurred. California’s breach submission form requires entities to report the date of breach if known. Smartphone Experts did not provide that information, which may indicate that the forensic investigators have yet to determine when the breach actually began.
In their notification letter to customers dated August 6, Smartphone Experts does not offer customers any free credit monitoring service. Indeed, they say they are notifying customers “out of an abundance of caution.” Not only do I disagree that notification is ”an abundance of caution” for this situation, I think affected customers should have been offered some free credit monitoring services.


Note that there is no way to find the email that mentions “EvilGuys@Terrorists-R-Us.org” without reading ALL emails. We've always assumed they could ignore emails that didn't interest them. This could be a minor variation added to Googles email “search” looking for ways to target Ads. (Adding “Bad Behavior” to the Behavioral Advertising tool?)
Charlie Savage reports:
The National Security Agency is searching the contents of vast amounts of Americans’ email and text communications into and out of the country, hunting for people who mention information about foreigners under surveillance, according to intelligence officials.
The NSA is not just intercepting the communications of Americans who are in direct contact with foreigners targeted overseas, a practice that government officials have openly acknowledged. It is also casting a far wider net for people who cite information linked to those foreigners, such as a little-used email address, according to a senior intelligence official.
Read more of this NYT story on Pioneer Press.


Another failure in the land of 32 ounce sodas?
John Caher reports:
The Bloomberg administration has agreed under a settlement announced on Wednesday to purge a New York City Police Department database containing personal information on individuals who were stopped by authorities, and also agreed to pay $10,000 to the lead plaintiff in a putative class action.
Under the terms of the settlement, the city will within 90 days delete the names and addresses of all individuals who were stopped, questioned and/or frisked. It will also pay a settlement to the only plaintiff seeking damages, freelance journalist Daryl Khan. The other members of the class sought only injunctive relief.
Read more on The New York Times.


All this for a mere 91 Suspicious Activity Reports? Only a government could think this made sense.
National Network of Fusion Centers Final Report 2012
DHS Office of Intelligence and Analysis, 2012 National Network of Fusion Centers Final Report, Released July 15, 2013.
“Threats to the homeland are persistent and constantly evolving. Domestic and foreign terrorism and the expanding reach of transnational organized crime syndicates across cyberspace, international borders, and jurisdictional boundaries within the United States highlight the continued need to build and sustain effective intelligence and information sharing partnerships among the federal government; state, local, tribal, and territorial (SLTT) governments; and the private sector. These partnerships are the foundation of a robust and efficient homeland security intelligence enterprise that goes beyond shared access to information and intelligence to foster sustained collaboration in support of a common mission. This collaboration enables the fusion process and provides decision makers across all levels of government and within the private sector with the knowledge to make informed decisions to protect the homeland from a variety of threats and hazards. State and major urban area fusion centers (fusion centers) are the nexus of the homeland security intelligence enterprise at the state and local level. They serve as focal points for the receipt, analysis, gathering, sharing, and safeguarding of threat-related information between the federal government and SLTT and private sector partners. As such, fusion centers provide a state and local context that enhances the national threat picture and enables local officials to better protect their communities. They also provide critical information and subject matter expertise that allows the Intelligence Community (IC) to more effectively “connect the dots” to prevent and protect against threats to the homeland.”


What strategic (or even tactical) advantage did the government gain by leaking these emails?
From the no-surprise dept.:
The Justice Department has asked for a 30-day extension, until Sept. 4, to respond to her lawsuit against the government for violating her family’s privacy, rifling through her e-mails and leaking confidential information about her.
Read more on USA Today.
[From the article:
Kelley had been an unpaid social liaison to the military and had hosted parties for military officials, including Petraeus and Gen. John Allen, at her home on Tampa's Bayshore Boulevard. The headquarters of Central Command, which oversees military action in the Middle East, is a few miles away.
Petraeus' extramarital affair with his biographer, Paula Broadwell, was exposed after Kelley complained to the FBI about harassing e-mails she had received. Broadwell was behind them.
… That prompted then-Defense Secretary Leon Panetta to call for an investigation of Allen's relationship with Kelley to determine if there had been "professional misconduct" on his part. Allen and Kelley say there was nothing inappropriate about their relationship. The Pentagon inspector general agreed, although the Defense Department refuses to release its findings.
… Kelley and her husband, Scott, want an apology and unspecified damages for what they say were willful leaks by federal officials of false and damaging information about them. Those officials should have been protecting them and their privacy, they say in their lawsuit.


Violating the law is not enough? Should he have tried the “not what the contract promised” approach?
John D. Seiver and Ronald G. London write:
In Padilla v. DISH Network L.L.C., a former subscriber alleged DISH failed to destroy his personally identifiable information (PII) upon cancellation of service, and failed to continue sending annual privacy notices while retaining his PII. A Chicago federal district judge dismissed claims for damages under the satellite subscriber privacy provisions (identical to cable’s), holding that the subscriber was not “aggrieved” because indefinite PII retention caused no actual damage, despite being contrary to the statute.
Read more on Lexology.


For my Computer Science students...
– is a new cloud storage service that helps people upload all their files quickly and efficiently from anywhere. Upload any file and send a link to anyone – there’s no requirement for them to sign up and there’s nothing to install. If you sign up today, you will receive 100GB of cloud storage space free, with the option to upgrade to paid plans with more storage and features.


For my Website students...
– has free interactive online courses that teach the basics of web development and computer programming (HTML5, CSS3 and JavaScript), in a way that makes learning fun and effective. All levels are free for registered teachers – for students, level 1 is free while other levels are $5 per student. CA also has a 2-5 day camp that teaches 10-16 year olds the basics of computer programming.


Because I like lists...
Best of the Web for #TLC13
This morning at the Teaching & Learning Conference held on the campus of Gaston College I presented the best of the web 2013. The slides are embedded below.


Just because I'm a geek...
NASA's Massive Free E-Book Collection
Behold, the hundreds of free e-books about space history contained on this webpage.

No comments: